From 317808fe5488a17ef12464d6847bd43cc14ab4a7 Mon Sep 17 00:00:00 2001
From: Felipe Zimmerle <felipe@zimmerle.org>
Date: Fri, 16 Dec 2016 00:06:48 -0300
Subject: [PATCH] Adds section "H" to serial audit log

---
 headers/modsecurity/rule_message.h |  3 ++-
 src/rule_message.cc                | 25 +++++++++++++++++++++----
 src/transaction.cc                 |  3 +++
 3 files changed, 26 insertions(+), 5 deletions(-)

diff --git a/headers/modsecurity/rule_message.h b/headers/modsecurity/rule_message.h
index 3af3e327..62e0d81a 100644
--- a/headers/modsecurity/rule_message.h
+++ b/headers/modsecurity/rule_message.h
@@ -52,7 +52,8 @@ class RuleMessage {
 
     std::string errorLog(Transaction *trans);
     std::string disruptiveErrorLog(Transaction *trans, std::string log2);
-
+    std::string noClientErrorLog(Transaction *trans);
+    std::string errorLogTail(Transaction *trans);
 
     std::string m_match;
     std::string m_ruleFile;
diff --git a/src/rule_message.cc b/src/rule_message.cc
index 7be8ea47..78b3c05c 100644
--- a/src/rule_message.cc
+++ b/src/rule_message.cc
@@ -53,11 +53,11 @@ std::string RuleMessage::disruptiveErrorLog(Transaction *trans,
     return modsecurity::utils::string::toHexIfNeeded(msg);
 }
 
-std::string RuleMessage::errorLog(Transaction *trans) {
+
+std::string RuleMessage::noClientErrorLog(Transaction *trans) {
     std::string msg;
 
-    msg.append("[client " + std::string(trans->m_clientIpAddress) + "]");
-    msg.append(" ModSecurity: Warning. ");
+    msg.append("ModSecurity: Warning. ");
     msg.append(m_match);
     msg.append(" [file \"" + std::string(m_ruleFile) + "\"]");
     msg.append(" [line \"" + std::to_string(m_ruleLine) + "\"]");
@@ -73,7 +73,14 @@ std::string RuleMessage::errorLog(Transaction *trans) {
     for (auto &a : m_tags) {
         msg.append(" [tag \"" + a + "\"]");
     }
-    msg.append(" [hostname \"" + std::string(trans->m_serverIpAddress) \
+
+    return modsecurity::utils::string::toHexIfNeeded(msg);
+}
+
+std::string RuleMessage::errorLogTail(Transaction *trans) {
+    std::string msg;
+
+    msg.append("[hostname \"" + std::string(trans->m_serverIpAddress) \
         + "\"]");
     msg.append(" [uri \"" + trans->m_uri_no_query_string_decoded + "\"]");
     msg.append(" [unique_id \"" + trans->m_id + "\"]");
@@ -81,4 +88,14 @@ std::string RuleMessage::errorLog(Transaction *trans) {
     return modsecurity::utils::string::toHexIfNeeded(msg);
 }
 
+std::string RuleMessage::errorLog(Transaction *trans) {
+    std::string msg;
+
+    msg.append("[client " + std::string(trans->m_clientIpAddress) + "] ");
+    msg.append(noClientErrorLog(trans));
+    msg.append(" " + errorLogTail(trans));
+
+    return msg;
+}
+
 }  // namespace modsecurity
diff --git a/src/transaction.cc b/src/transaction.cc
index 8e0625f4..277c8b52 100644
--- a/src/transaction.cc
+++ b/src/transaction.cc
@@ -1436,6 +1436,9 @@ std::string Transaction::toOldAuditLogFormat(int parts,
     }
     if (parts & audit_log::AuditLog::HAuditLogPart) {
         audit_log << "--" << trailer << "-" << "H--" << std::endl;
+        for (auto a : m_rulesMessages) {
+            audit_log << a.noClientErrorLog(this) << std::endl;
+        }
         audit_log << std::endl;
         /** TODO: write audit_log H part. */
     }