From fc622c27dfbe9b2181ba12df8e0ecace7d872e99 Mon Sep 17 00:00:00 2001
From: Felipe Zimmerle <fcosta@trustwave.com>
Date: Fri, 3 Jul 2015 15:21:38 -0300
Subject: [PATCH] Checks if an assay is relevant to be saved as an auditlog

---
 src/assay.cc     |  3 +++
 src/audit_log.cc | 18 ++++++++++++++++++
 2 files changed, 21 insertions(+)

diff --git a/src/assay.cc b/src/assay.cc
index 0ad49e88..9f01e570 100644
--- a/src/assay.cc
+++ b/src/assay.cc
@@ -592,6 +592,9 @@ int Assay::processLogging() {
     debug(4, "Starting phase LOGGING. (SecRules 5)");
     this->m_rules->evaluate(ModSecurity::LoggingPhase, this);
 
+    /* If relevant, save this assay information at the audit_logs */
+    this->m_rules->audit_log->saveIfRelevant(this);
+
     return 0;
 }
 
diff --git a/src/audit_log.cc b/src/audit_log.cc
index 68805da2..b2ce496d 100644
--- a/src/audit_log.cc
+++ b/src/audit_log.cc
@@ -136,6 +136,24 @@ bool AuditLog::isRelevant(int status) {
 
 
 bool AuditLog::saveIfRelevant(Assay *assay) {
+    if (this->isRelevant(assay->http_code_returned) == false &&
+        assay->save_in_auditlog == false) {
+        return true;
+    }
+
+    /**
+     * Even if it is relevant, if it is marked not to be save,
+     * we won't save it.
+     *
+     */
+    if (assay->do_not_save_in_auditlog == true) {
+        return true;
+    }
+
+    std::string log = logfy(assay);
+
+    m_writer->write(log);
+
     return true;
 }