From a2ffb3615984dae60962074df04a3c469b70ffcf Mon Sep 17 00:00:00 2001 From: Felipe Zimmerle Date: Fri, 12 Feb 2016 13:28:43 -0300 Subject: [PATCH] Adds "matched" line to the audit logs --- headers/modsecurity/rule.h | 2 ++ src/rule.cc | 4 ++++ src/transaction.cc | 1 + 3 files changed, 7 insertions(+) diff --git a/headers/modsecurity/rule.h b/headers/modsecurity/rule.h index db5520e8..644e4f43 100644 --- a/headers/modsecurity/rule.h +++ b/headers/modsecurity/rule.h @@ -102,6 +102,7 @@ class RuleMessage { m_ver = rule->m_ver; m_maturity = rule->m_maturity; m_rule = rule; + m_match = std::string(""); }; RuleMessage(Rule *rule, std::string message) { m_ruleFile = rule->m_fileName; @@ -115,6 +116,7 @@ class RuleMessage { m_ver = rule->m_ver; m_maturity = rule->m_maturity; m_rule = rule; + m_match = std::string(""); }; std::string m_match; diff --git a/src/rule.cc b/src/rule.cc index 9ab160d4..4ad68cf2 100644 --- a/src/rule.cc +++ b/src/rule.cc @@ -391,6 +391,10 @@ bool Rule::evaluate(Transaction *trasn) { if (ret) { bool containsDisruptive = false; bool chainResult = false; + + ruleMessage->m_match = "Operator `" + this->op->op + + "' with parameter `" + this->op->param + "' against" \ + " variable `" + v->m_key + "' (Value: `" + value + "' )"; #ifndef NO_LOGS trasn->debug(4, "Rule returned 1."); #endif diff --git a/src/transaction.cc b/src/transaction.cc index 2f39b58f..4b0799f8 100644 --- a/src/transaction.cc +++ b/src/transaction.cc @@ -1542,6 +1542,7 @@ std::string Transaction::toJSON(int parts) { reinterpret_cast("producer"), strlen("producer")); yajl_gen_map_open(g); + LOGFY_ADD("match", a->m_match.c_str()); LOGFY_ADD("ruleId", std::to_string(a->m_ruleId).c_str()); LOGFY_ADD("file", a->m_ruleFile.c_str()); LOGFY_ADD("lineNumber", std::to_string(a->m_ruleLine).c_str());