Enable support for AuditLogFormat (JSON/Native) #1583
Conversation
|
With this branch audit logging doesn't work to me too, neither with serial logging type, neither with concurrent/parallel. |
zimmerle
modified the milestones:
v3.0.0 - OWASP CRS Compatible,
v3.0.0 feature complete
|
I also added SecAuditLogFormat JSON and logging doesn't work too. I used branch v3/dev/json_auditlog. Can you please tell me how can I trace the problem? I tried to see something with strace, but found nothing. |
|
Sorry for my 3 post, but I found the reason. It's the bug in nginx connector for custom 403 page. owasp-modsecurity/ModSecurity-nginx#55. If I comment the custom 403 page block in nginx logging works perfectly, but only in Serial mode, not in concurrent mode. Will it be fixed as I see that there isn't solution. |
|
Merged! Thanks ;) |
|
@zimmerle so should I recompile now again with the master branch to solve the issue or I didn't understand you? |
|
Hi @intelbg, @victorhora's pull request was about adding the support for SecAuditLogFormat. With this patch it is possible for the user to choose between JSON and Regular/Old format. Independent of SecAuditLogType. Before @victorhora's patch, the format was set according to the type. Notice that this patch may not be related to the issue that you are facing, therefore I am merging this as it adds a new functionality on top of ModSecurity v3. I've tested the patch and it seems to be working as expected. |
|
@zimmerle thank you about your reply! I understand. Did you tested it with concurrent type of logging because with it didn't work for me. I hope that the other problem I reported will be solved too, because they are dependent. |
|
In addition, the problem with concurrent logging was my mistake. It works. Remains the problem with custom 403 page only. |
Should solve issues: #1493 and #1453.
Also should help at #1559, #1551, #1547, #1484, #1483 and #1395.