Changes the saving selection for the audit logs

2025-09-29 19:24:29 +03:00 · 2016-12-20 09:23:57 -03:00
parent 10cdf8fed9
commit bbb61d560c
9 changed files with 28 additions and 46 deletions
--- a/src/audit_log/audit_log.cc
+++ b/src/audit_log/audit_log.cc
@@ -21,6 +21,7 @@

 #include <fstream>

+#include "modsecurity/rule_message.h"
 #include "src/audit_log/writer/https.h"
 #include "src/audit_log/writer/parallel.h"
 #include "src/audit_log/writer/serial.h"
@@ -244,6 +245,7 @@ bool AuditLog::isRelevant(int status) {
        return false;
    }

+
    if (sstatus.empty()) {
        return true;
    }
@@ -259,13 +261,21 @@ bool AuditLog::saveIfRelevant(Transaction *transaction) {


 bool AuditLog::saveIfRelevant(Transaction *transaction, int parts) {
+    bool saveAnyway = false;
    if (m_status == OffAuditLogStatus || m_status == NotSetLogStatus) {
        return true;
    }

+    for (RuleMessage &i : transaction->m_rulesMessages) {
+        if (i.m_noAuditLog == false) {
+            saveAnyway = true;
+            break;
+        }
+    }
+
    if ((m_status == RelevantOnlyAuditLogStatus
-        && this->isRelevant(transaction->m_httpCodeReturned) == false
-        && transaction->m_toBeSavedInAuditlogs == false)) {
+        && this->isRelevant(transaction->m_httpCodeReturned) == false)
+        && saveAnyway == false) {
        transaction->debug(5, "Return code `" +
            std::to_string(transaction->m_httpCodeReturned) + "'" \
            " is not interesting to audit logs, relevant code(s): `" +
@@ -274,17 +284,6 @@ bool AuditLog::saveIfRelevant(Transaction *transaction, int parts) {
        return false;
    }

-    /**
-     * Even if it is relevant, if it is marked not to be save,
-     * we won't save it.
-     *
-     */
-    if (transaction->m_toNotBeSavedInAuditLogs == true) {
-        transaction->debug(5, "This request was marked to not " \
-            "be saved in the audit logs.");
-        return false;
-    }
-
    if (parts == -1) {
        parts = m_parts;
    }