Re: [Mod-security-developers] Finding triggered RuleIds
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [Mod-security-developers] Finding triggered RuleIds
|
From: Ervin H. <ai...@gm...> - 2019-03-22 20:10:33
|
hi, On Fri, Mar 22, 2019 at 12:49:18PM +0000, Felipe Costa wrote: > Hi Jai, > > For the current public supported connectors, the rule id altogether with logging text is enough. There is no data structure except for char pointer that point towards the logging string [for the logging attached to the disruptive events]. Is my understanding that it may be useful for your application, to have an specific field that held to rule id (may other information regarding the rule as well). Having that in mind, we can change the API the make it more useful to your application. Sorry for the inconvenience. Lets discuss out-of-band the specific characteristics of your use case, so we can make the API suits you better. I can imagine that there should be a new configuration directive, which allows to log every triggered rule, not just when it intervents. The default value should be disable to do this, but if the end-user wants to see that, then it can be use that. eg. SecLogAllRule 0|1 a. |
