Adds support to SecAuditLogParts

src/assay.cc

@@ -695,6 +695,7 @@ std::string Assay::to_json(int parts) {
     std::string ts = ascTime(&timeStamp).c_str();
     std::string uniqueId = UniqueId::uniqueId();
 
+    parts = 0;
     g = yajl_gen_alloc(NULL);
     if (g == NULL) {
       return "";
@@ -709,6 +710,7 @@ std::string Assay::to_json(int parts) {
         strlen("transaction"));
 
     yajl_gen_map_open(g);
+    /* Part: A (header mandatory) */
     LOGFY_ADD("client_ip", this->m_clientIpAddress);
     LOGFY_ADD("time_stamp", ts.c_str());
     LOGFY_ADD("server_id", uniqueId.c_str());
@@ -725,27 +727,33 @@ std::string Assay::to_json(int parts) {
     LOGFY_ADD("protocol", m_protocol);
     LOGFY_ADD_INT("http_version", m_httpVersion);
     LOGFY_ADD("uri", this->m_uri);
-    LOGFY_ADD("body", this->m_requestBody.str().c_str());
 
-    /* request headers */
+    if (parts & AuditLog::CAuditLogPart) {
-    yajl_gen_string(g, reinterpret_cast<const unsigned char*>("headers"),
+        LOGFY_ADD("body", this->m_requestBody.str().c_str());
-        strlen("headers"));
+    }
-    yajl_gen_map_open(g);
+
-
+    /* request headers */
-    for (auto h : this->m_variables_strings) {
+    if (parts & AuditLog::BAuditLogPart) {
-        std::string filter = "REQUEST_HEADERS:";
+        yajl_gen_string(g, reinterpret_cast<const unsigned char*>("headers"),
-        std::string a = h.first;
+            strlen("headers"));
-        std::string b = h.second;
+        yajl_gen_map_open(g);
-
+
-        if (a.compare(0, filter.length(), filter) == 0) {
+        for (auto h : this->m_variables_strings) {
-            if (a.length() > filter.length()) {
+            std::string filter = "REQUEST_HEADERS:";
-                LOGFY_ADD(a.c_str() + filter.length(), b.c_str());
+            std::string a = h.first;
-            }
+            std::string b = h.second;
-        }
+
+            if (a.compare(0, filter.length(), filter) == 0) {
+                if (a.length() > filter.length()) {
+                    LOGFY_ADD(a.c_str() + filter.length(), b.c_str());
+                }
+            }
+        }
+
+        /* end: request headers */
+        yajl_gen_map_close(g);
     }
 
-    /* end: request headers */
-    yajl_gen_map_close(g);
     /* end: request */
     yajl_gen_map_close(g);
 
@@ -754,61 +762,66 @@ std::string Assay::to_json(int parts) {
         strlen("response"));
     yajl_gen_map_open(g);
 
-    LOGFY_ADD("body", this->m_responseBody.str().c_str());
+    if (parts & AuditLog::GAuditLogPart) {
+        LOGFY_ADD("body", this->m_responseBody.str().c_str());
+    }
     LOGFY_ADD_NUM("http_code", httpCodeReturned);
 
     /* response headers */
-    yajl_gen_string(g, reinterpret_cast<const unsigned char*>("headers"),
+    if (parts & AuditLog::FAuditLogPart) {
-        strlen("headers"));
+        yajl_gen_string(g, reinterpret_cast<const unsigned char*>("headers"),
-    yajl_gen_map_open(g);
+            strlen("headers"));
+        yajl_gen_map_open(g);
 
-    for (auto h : this->m_variables_strings) {
+        for (auto h : this->m_variables_strings) {
-        std::string filter = "RESPONSE_HEADERS:";
+            std::string filter = "RESPONSE_HEADERS:";
-        std::string a = h.first;
+            std::string a = h.first;
-        std::string b = h.second;
+            std::string b = h.second;
 
-        if (a.compare(0, filter.length(), filter) == 0) {
+            if (a.compare(0, filter.length(), filter) == 0) {
-            if (a.length() > filter.length()) {
+                if (a.length() > filter.length()) {
-                LOGFY_ADD(a.c_str() + filter.length(), b.c_str());
+                    LOGFY_ADD(a.c_str() + filter.length(), b.c_str());
+                }
             }
         }
+        /* end: response headers */
+        yajl_gen_map_close(g);
     }
-    /* end: response headers */
-    yajl_gen_map_close(g);
     /* end: response */
     yajl_gen_map_close(g);
 
     /* producer */
-    yajl_gen_string(g, reinterpret_cast<const unsigned char*>("producer"),
+    if (parts & AuditLog::HAuditLogPart) {
-        strlen("producer"));
+        yajl_gen_string(g, reinterpret_cast<const unsigned char*>("producer"),
-    yajl_gen_map_open(g);
+            strlen("producer"));
+        yajl_gen_map_open(g);
 
-    /* producer > libmodsecurity */
+        /* producer > libmodsecurity */
-    LOGFY_ADD("modsecurity", ModSecurity::whoAmI().c_str());
+        LOGFY_ADD("modsecurity", ModSecurity::whoAmI().c_str());
 
-    /* producer > connector */
+        /* producer > connector */
-    LOGFY_ADD("connector", m_ms->getConnectorInformation().c_str());
+        LOGFY_ADD("connector", m_ms->getConnectorInformation().c_str());
 
-    /* producer > engine state */
+        /* producer > engine state */
-    LOGFY_ADD("secrules_engine",
+        LOGFY_ADD("secrules_engine",
-        Rules::ruleEngineStateString(m_rules->secRuleEngine));
+            Rules::ruleEngineStateString(m_rules->secRuleEngine));
 
-    /* producer > components */
+        /* producer > components */
-    yajl_gen_string(g,
-        reinterpret_cast<const unsigned char*>("components"),
-        strlen("components"));
-
-    yajl_gen_array_open(g);
-    for (auto a : m_rules->components) {
         yajl_gen_string(g,
-            reinterpret_cast<const unsigned char*>
+            reinterpret_cast<const unsigned char*>("components"),
-                (a.c_str()), a.length());
+            strlen("components"));
+
+        yajl_gen_array_open(g);
+        for (auto a : m_rules->components) {
+            yajl_gen_string(g,
+                reinterpret_cast<const unsigned char*>
+                    (a.c_str()), a.length());
+        }
+        yajl_gen_array_close(g);
+
+        /* end: producer */
+        yajl_gen_map_close(g);
     }
-    yajl_gen_array_close(g);
-
-    /* end: producer */
-    yajl_gen_map_close(g);
-
     /* end: transaction */
     yajl_gen_map_close(g);
 

src/audit_log.cc

@@ -148,7 +148,7 @@ bool AuditLog::saveIfRelevant(Assay *assay) {
         return true;
     }
 
-    m_writer->write(assay);
+    m_writer->write(assay, m_parts);
 
     return true;
 }

src/audit_log_writer.cc

@@ -33,7 +33,7 @@ std::string AuditLogWriter::file_name(const std::string& unique_id) {
  * Temporary print the log into the std::cout to debug purposes.
  *
  */
-bool AuditLogWriter::write(Assay *assay) {
+bool AuditLogWriter::write(Assay *assay, int parts) {
     std::cout << assay->to_json(0) << std::endl;
     return true;
 }

src/audit_log_writer.h

@@ -36,7 +36,7 @@ class AuditLogWriter {
 
     virtual bool close() { return true; }
     virtual bool init() { return true; }
-    virtual bool write(Assay *assay);
+    virtual bool write(Assay *assay, int parts);
 
     std::string file_name(const std::string& unique_id);
 

src/audit_log_writer_parallel.cc

@@ -74,10 +74,10 @@ bool AuditLogWriterParallel::close() {
 }
 
 
-bool AuditLogWriterParallel::write(Assay *assay) {
+bool AuditLogWriterParallel::write(Assay *assay, int parts) {
     FILE *fp;
     int fd;
-    std::string log = assay->to_json(0);
+    std::string log = assay->to_json(parts);
     std::string fileName = logFilePath(&assay->timeStamp,
         YearMonthDayDirectory | YearMonthDayAndTimeDirectory
         | YearMonthDayAndTimeFileName);

src/audit_log_writer_parallel.h

@@ -33,7 +33,7 @@ class AuditLogWriterParallel : public AuditLogWriter {
 
     bool init() override;
     bool close() override;
-    bool write(Assay *assay) override;
+    bool write(Assay *assay, int parts) override;
 
     /**
      *

src/audit_log_writer_serial.cc

@@ -30,7 +30,7 @@ bool AuditLogWriterSerial::close() {
 }
 
 
-bool AuditLogWriterSerial::write(Assay *assay) {
+bool AuditLogWriterSerial::write(Assay *assay, int parts) {
     return true;
 }
 

src/audit_log_writer_serial.h

@@ -37,7 +37,7 @@ class AuditLogWriterSerial : public AuditLogWriter {
 
     bool init() override;
     bool close() override;
-    bool write(Assay *assay) override;
+    bool write(Assay *assay, int parts) override;
 };
 
 }  // namespace ModSecurity