Open
Description
The modsecurity documentation says I should be able to get audit logs in JSON format with SecAuditLogFormat json.
Is this supposed to work with proxy-wasm? I still get logs in the native format when this option is set. Also, How do I get the logs to print the request headers and bodies? I have SecAuditLogParts ABIJDEFHZ but it seems to emit very limited logs like the following:
[2024-02-16 03:59:46.363][29][warning][wasm] [source/extensions/common/wasm/context.cc:1151] wasm log coraza-waf-filter coraza-waf coraza-filter-vm-id: [client "127.0.0.1"] Coraza: Warning. Host header is a numeric IP address [file "@owasp_crs/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "2203"] [id "920350"] [rev ""] [msg "Host header is a numeric IP address"] [data "127.0.0.1:5102"] [severity "warning"] [ver "OWASP_CRS/4.0.0-rc2"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "127.0.0.1"] [uri "/hello"] [unique_id "aRgeEOhlzYsdFohxxpc"]
Just checking if there's anything super obvious I am missing. If it's supposed to work, I can dig deeper.
Metadata
Metadata
Assignees
Labels
No labels