github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-15 23:55:03 +03:00
Code Issues Packages Projects Releases Wiki Activity

Adds section "H" to serial audit log

Browse Source
This commit is contained in:
Felipe Zimmerle 2016-12-16 00:06:48 -03:00
parent 2d29740ca4
commit 317808fe54
No known key found for this signature in database
GPG Key ID: E6DFB08CE8B11277
3 changed files with 26 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
headers/modsecurity/rule_message.h
View File

@ -52,7 +52,8 @@ class RuleMessage {
std::string errorLog(Transaction *trans); std::string errorLog(Transaction *trans);
std::string disruptiveErrorLog(Transaction *trans, std::string log2); std::string disruptiveErrorLog(Transaction *trans, std::string log2);
std::string noClientErrorLog(Transaction *trans);
std::string errorLogTail(Transaction *trans);
std::string m_match; std::string m_match;
std::string m_ruleFile; std::string m_ruleFile;

25
src/rule_message.cc
View File

@ -53,11 +53,11 @@ std::string RuleMessage::disruptiveErrorLog(Transaction *trans,
return modsecurity::utils::string::toHexIfNeeded(msg); return modsecurity::utils::string::toHexIfNeeded(msg);
} }
std::string RuleMessage::errorLog(Transaction *trans) {
std::string RuleMessage::noClientErrorLog(Transaction *trans) {
std::string msg; std::string msg;
msg.append("[client " + std::string(trans->m_clientIpAddress) + "]"); msg.append("ModSecurity: Warning. ");
msg.append(" ModSecurity: Warning. ");
msg.append(m_match); msg.append(m_match);
msg.append(" [file \"" + std::string(m_ruleFile) + "\"]"); msg.append(" [file \"" + std::string(m_ruleFile) + "\"]");
msg.append(" [line \"" + std::to_string(m_ruleLine) + "\"]"); msg.append(" [line \"" + std::to_string(m_ruleLine) + "\"]");
@ -73,7 +73,14 @@ std::string RuleMessage::errorLog(Transaction *trans) {
for (auto &a : m_tags) { for (auto &a : m_tags) {
msg.append(" [tag \"" + a + "\"]"); msg.append(" [tag \"" + a + "\"]");
} }
msg.append(" [hostname \"" + std::string(trans->m_serverIpAddress) \
return modsecurity::utils::string::toHexIfNeeded(msg);
}
std::string RuleMessage::errorLogTail(Transaction *trans) {
std::string msg;
msg.append("[hostname \"" + std::string(trans->m_serverIpAddress) \
+ "\"]"); + "\"]");
msg.append(" [uri \"" + trans->m_uri_no_query_string_decoded + "\"]"); msg.append(" [uri \"" + trans->m_uri_no_query_string_decoded + "\"]");
msg.append(" [unique_id \"" + trans->m_id + "\"]"); msg.append(" [unique_id \"" + trans->m_id + "\"]");
@ -81,4 +88,14 @@ std::string RuleMessage::errorLog(Transaction *trans) {
return modsecurity::utils::string::toHexIfNeeded(msg); return modsecurity::utils::string::toHexIfNeeded(msg);
} }
std::string RuleMessage::errorLog(Transaction *trans) {
std::string msg;
msg.append("[client " + std::string(trans->m_clientIpAddress) + "] ");
msg.append(noClientErrorLog(trans));
msg.append(" " + errorLogTail(trans));
return msg;
}
} // namespace modsecurity } // namespace modsecurity

3
src/transaction.cc
View File

@ -1436,6 +1436,9 @@ std::string Transaction::toOldAuditLogFormat(int parts,
} }
if (parts & audit_log::AuditLog::HAuditLogPart) { if (parts & audit_log::AuditLog::HAuditLogPart) {
audit_log << "--" << trailer << "-" << "H--" << std::endl; audit_log << "--" << trailer << "-" << "H--" << std::endl;
for (auto a : m_rulesMessages) {
audit_log << a.noClientErrorLog(this) << std::endl;
}
audit_log << std::endl; audit_log << std::endl;
/** TODO: write audit_log H part. */ /** TODO: write audit_log H part. */
} }