diff --git a/examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h b/examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h index 50d6b352..418d07a4 100644 --- a/examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h +++ b/examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h @@ -235,6 +235,10 @@ end: modsecurity::RuleMessage::computeHighlight(ruleMessage, ruleMessage->m_buf); highlightToText(h); + std::cout << "Highlight JSON:" << std::endl; + std::cout << ruleMessage->m_highlightJSON << std::endl; + std::cout << "Request:" << std::endl; + std::cout << ruleMessage->m_buf; std::cout << std::endl; } diff --git a/headers/modsecurity/modsecurity.h b/headers/modsecurity/modsecurity.h index a5380c52..82ef925a 100644 --- a/headers/modsecurity/modsecurity.h +++ b/headers/modsecurity/modsecurity.h @@ -262,7 +262,7 @@ extern "C" { * Notice that the highlight can be calculate post-analisys. Calculate it * during the analisys may delay the analisys process. * - */ + */ IncludeFullHighlightLogProperty = 4, }; diff --git a/headers/modsecurity/rule_message.h b/headers/modsecurity/rule_message.h index 888897f3..d3ec2cb9 100644 --- a/headers/modsecurity/rule_message.h +++ b/headers/modsecurity/rule_message.h @@ -119,6 +119,7 @@ class RuleMessage { std::list m_tags; RuleMessageHighlight m_highlight; + std::string m_highlightJSON; }; diff --git a/modsecurity.conf-recommended b/modsecurity.conf-recommended index 8ad9b102..4609705d 100644 --- a/modsecurity.conf-recommended +++ b/modsecurity.conf-recommended @@ -174,7 +174,7 @@ SecDataDir /tmp/ # trigger a server error (determined by a 5xx or 4xx, excluding 404, # level response status codes). # -SecAuditEngine RelevantOnly +SecAuditEngine Off SecAuditLogRelevantStatus "^(?:5|4(?!04))" # Log everything we know about a transaction. diff --git a/src/modsecurity.cc b/src/modsecurity.cc index 46c70700..79fa6adc 100644 --- a/src/modsecurity.cc +++ b/src/modsecurity.cc @@ -189,6 +189,8 @@ void ModSecurity::serverLog(void *data, std::shared_ptr rm) { if (m_logProperties & RuleMessageLogProperty) { const void *a = static_cast(rm.get()); if (m_logProperties & IncludeFullHighlightLogProperty) { + processContentOffset(rm->m_buf.c_str(), rm->m_buf.size(), + rm->m_reference.c_str(), &rm->m_highlightJSON, NULL); m_logCb(data, a); return; } diff --git a/src/rule_message.cc b/src/rule_message.cc index 42761787..2fa7eddc 100644 --- a/src/rule_message.cc +++ b/src/rule_message.cc @@ -144,7 +144,10 @@ std::string RuleMessage::log(const RuleMessage *rm) { return msg; } - +/* + * Depricated. Do not use. Should be removed before merge. + * + */ RuleMessageHighlight RuleMessage::computeHighlight(const RuleMessage *rm, const std::string buf) { RuleMessageHighlight ret;