Adds "matched" line to the audit logs

headers/modsecurity/rule.h

@@ -102,6 +102,7 @@ class RuleMessage {
         m_ver = rule->m_ver;
         m_maturity = rule->m_maturity;
         m_rule = rule;
+        m_match = std::string("");
     };
     RuleMessage(Rule *rule, std::string message) {
         m_ruleFile = rule->m_fileName;
@@ -115,6 +116,7 @@ class RuleMessage {
         m_ver = rule->m_ver;
         m_maturity = rule->m_maturity;
         m_rule = rule;
+        m_match = std::string("");
     };
 
     std::string m_match;

src/rule.cc

@@ -391,6 +391,10 @@ bool Rule::evaluate(Transaction *trasn) {
             if (ret) {
                 bool containsDisruptive = false;
                 bool chainResult = false;
+
+                ruleMessage->m_match = "Operator `" + this->op->op +
+                    "' with parameter `" + this->op->param + "' against" \
+                    " variable `" + v->m_key + "' (Value: `" + value + "' )";
 #ifndef NO_LOGS
                 trasn->debug(4, "Rule returned 1.");
 #endif

src/transaction.cc

@@ -1542,6 +1542,7 @@ std::string Transaction::toJSON(int parts) {
                 reinterpret_cast<const unsigned char*>("producer"),
                 strlen("producer"));
             yajl_gen_map_open(g);
+            LOGFY_ADD("match", a->m_match.c_str());
             LOGFY_ADD("ruleId", std::to_string(a->m_ruleId).c_str());
             LOGFY_ADD("file", a->m_ruleFile.c_str());
             LOGFY_ADD("lineNumber", std::to_string(a->m_ruleLine).c_str());