diff --git a/headers/modsecurity/rule.h b/headers/modsecurity/rule.h index b585e099..55214d01 100644 --- a/headers/modsecurity/rule.h +++ b/headers/modsecurity/rule.h @@ -104,6 +104,7 @@ class RuleMessage { m_ver(rule->m_ver), m_maturity(rule->m_maturity), m_rule(rule), + m_saveMessage(false), m_match(std::string("")) { } @@ -119,9 +120,43 @@ class RuleMessage { m_ver(rule->m_ver), m_maturity(rule->m_maturity), m_rule(rule), + m_saveMessage(false), m_match(std::string("")) { } + + std::string errorLog(Transaction *trans) { + std::string msg; + + msg.append("[client " + std::string(trans->m_clientIpAddress) + "]"); + msg.append(" ModSecurity: Warning."); + msg.append(" Matched \"" + m_match + "\""); + if (trans->m_collections.resolveFirst("MATCHED_VAR_NAME")) { + msg.append(" at " + + *trans->m_collections.resolveFirst("MATCHED_VAR_NAME")); + } + msg.append(" [file \"" + std::string(m_ruleFile) + "\"]"); + msg.append(" [line \"" + std::to_string(m_ruleLine) + "\"]"); + msg.append(" [id \"" + std::to_string(m_ruleId) + "\"]"); + msg.append(" [rev \"" + m_rev + "\"]"); + msg.append(" [msg \"" + m_message + "\"]"); + msg.append(" [data \"" + m_data + "\"]"); + msg.append(" [severity \"" + + std::to_string(m_severity) + "\"]"); + msg.append(" [ver \"" + m_ver + "\"]"); + msg.append(" [maturity \"" + std::to_string(m_maturity) + "\"]"); + msg.append(" [accuracy \"" + std::to_string(m_accuracy) + "\"]"); + for (auto &a : m_tags) { + msg.append(" [tag \"" + a + "\"]"); + } + msg.append(" [hostname \"" + std::string(trans->m_serverIpAddress) \ + + "\"]"); + msg.append(" [uri \"" + std::string(trans->m_uri) + "\"]"); + msg.append(" [unique_id \"" + trans->m_id + "\"]"); + + return msg; + } + std::string m_match; std::string m_ruleFile; int m_ruleLine; @@ -137,6 +172,7 @@ class RuleMessage { std::list m_tags; Rule *m_rule; + bool m_saveMessage; }; diff --git a/src/Makefile.am b/src/Makefile.am index 671e3644..6b9e9389 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -102,6 +102,7 @@ ACTIONS = \ actions/ctl_request_body_processor_xml.cc \ actions/init_col.cc \ actions/deny.cc \ + actions/log.cc \ actions/log_data.cc \ actions/maturity.cc \ actions/msg.cc \ diff --git a/src/actions/action.cc b/src/actions/action.cc index 07124e45..38bfaeb7 100644 --- a/src/actions/action.cc +++ b/src/actions/action.cc @@ -31,6 +31,7 @@ #include "actions/severity.h" #include "actions/capture.h" #include "actions/pass.h" +#include "actions/log.h" @@ -89,6 +90,9 @@ Action *Action::instantiate(const std::string& name) { if (name == "deny") { return new Deny(name); } + if (name == "log") { + return new Log(name); + } return new Action(name); } diff --git a/src/actions/log.cc b/src/actions/log.cc index 897c7836..90df07a7 100644 --- a/src/actions/log.cc +++ b/src/actions/log.cc @@ -18,16 +18,19 @@ #include #include +#include "actions/action.h" #include "modsecurity/transaction.h" +#include "src/utils.h" +#include "operators/operator.h" + namespace modsecurity { namespace actions { -bool Log::evaluate(Rule *rule, Transaction *transaction) { - transaction->m_toBeSavedInAuditlogs = true; - /* FIXME: transaction->serverLog("Something...."); */ +bool Log::evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm) { transaction->debug(9, "Saving transaction to logs"); + rm->m_saveMessage = true; return true; } diff --git a/src/actions/log.h b/src/actions/log.h index cc526030..e111543e 100644 --- a/src/actions/log.h +++ b/src/actions/log.h @@ -32,7 +32,8 @@ class Log : public Action { explicit Log(std::string action) : Action(action, RunTimeOnlyIfMatchKind) { } - bool evaluate(Rule *rule, Transaction *transaction) override; + bool evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm) + override; }; } // namespace actions diff --git a/src/rule.cc b/src/rule.cc index ec6d1152..e24837aa 100644 --- a/src/rule.cc +++ b/src/rule.cc @@ -282,6 +282,7 @@ bool Rule::evaluate(Transaction *trasn) { } ruleMessage = new modsecurity::RuleMessage(this, m_log_message); + #ifndef NO_LOGS std::string eparam = MacroExpansion::expand(this->op->param, trasn); @@ -533,6 +534,10 @@ bool Rule::evaluate(Transaction *trasn) { } } + if (ruleMessage->m_saveMessage == true) { + trasn->serverLog(ruleMessage->errorLog(trasn)); + } + if ((!m_log_message.empty() || !m_log_data.empty()) && !ruleMessage->m_match.empty()) { ruleMessage->m_data = m_log_data;