[mod-security-users] Args logging
Brought to you by:
victorhora,
zimmerletw
From: Nick G. <nic...@gm...> - 2007-11-29 10:10:33
|
Although it has a small overlap with a previous discussion about binary data in log, this is a new request :-) I'll take an example: I have some requests blocked because of a rule on a header, on the protocol, on the URI, etc. I have the complete log, with complete body; sometimes, the body could be huge, like for source control programs. In this precise case, I am not at all interesting in having all arguments, as the problem is in a header (or the protocol, ...) If i want to adapt the log depending on this choice, I only see 2 ways: - set default to log body, and disable body logging for every request not based on args - set default to not log body, and enable body logging for every request based on args This leads to several problems: 1. It's a lot of work when you have a lot of rules 2. We have to change core rules 3. It's impossible for a rule combining args with headers or URI Unless there is a way I did not find, wouldn't it be interesting to have an option to only log an argument if it triggers the rule ? The syntax could be either a directive like "LogOnlyRelevantBody", or in "auditLogParts". Nick |