diff --git a/examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h b/examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h index 13d1c47e..22f03332 100644 --- a/examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h +++ b/examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h @@ -237,6 +237,10 @@ end: modsecurity::RuleMessage::computeHighlight(ruleMessage, ruleMessage->m_buf); highlightToText(h); + std::cout << "Highlight JSON:" << std::endl; + std::cout << ruleMessage->m_highlightJSON << std::endl; + std::cout << "Request:" << std::endl; + std::cout << ruleMessage->m_buf; std::cout << std::endl; } diff --git a/headers/modsecurity/modsecurity.h b/headers/modsecurity/modsecurity.h index d39b601b..047133e5 100644 --- a/headers/modsecurity/modsecurity.h +++ b/headers/modsecurity/modsecurity.h @@ -262,7 +262,7 @@ extern "C" { * Notice that the highlight can be calculate post-analisys. Calculate it * during the analisys may delay the analisys process. * - */ + */ IncludeFullHighlightLogProperty = 4, }; diff --git a/headers/modsecurity/rule_message.h b/headers/modsecurity/rule_message.h index 8a8c60c6..e6de7618 100644 --- a/headers/modsecurity/rule_message.h +++ b/headers/modsecurity/rule_message.h @@ -151,6 +151,7 @@ class RuleMessage { std::list m_tags; RuleMessageHighlight m_highlight; + std::string m_highlightJSON; }; diff --git a/modsecurity.conf-recommended b/modsecurity.conf-recommended index 8ad9b102..4609705d 100644 --- a/modsecurity.conf-recommended +++ b/modsecurity.conf-recommended @@ -174,7 +174,7 @@ SecDataDir /tmp/ # trigger a server error (determined by a 5xx or 4xx, excluding 404, # level response status codes). # -SecAuditEngine RelevantOnly +SecAuditEngine Off SecAuditLogRelevantStatus "^(?:5|4(?!04))" # Log everything we know about a transaction. diff --git a/src/modsecurity.cc b/src/modsecurity.cc index d58b6075..cd96a31a 100644 --- a/src/modsecurity.cc +++ b/src/modsecurity.cc @@ -197,6 +197,8 @@ void ModSecurity::serverLog(void *data, std::shared_ptr rm) { if (m_logProperties & RuleMessageLogProperty) { const void *a = static_cast(rm.get()); if (m_logProperties & IncludeFullHighlightLogProperty) { + processContentOffset(rm->m_buf.c_str(), rm->m_buf.size(), + rm->m_reference.c_str(), &rm->m_highlightJSON, NULL); m_logCb(data, a); return; } diff --git a/src/rule_message.cc b/src/rule_message.cc index 8dfaede2..dcd544a0 100644 --- a/src/rule_message.cc +++ b/src/rule_message.cc @@ -93,7 +93,10 @@ std::string RuleMessage::log(const RuleMessage *rm, int props, int code) { return modsecurity::utils::string::toHexIfNeeded(msg); } - +/* + * Depricated. Do not use. Should be removed before merge. + * + */ RuleMessageHighlight RuleMessage::computeHighlight(const RuleMessage *rm, const std::string buf) { RuleMessageHighlight ret;