Re: [Mod-security-developers] Finding triggered RuleIds
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [Mod-security-developers] Finding triggered RuleIds
|
From: Jai H. <jai...@mu...> - 2019-03-22 20:16:32
|
A 'SecLogAllRule' such as Ervin suggests would work well. Ideally, the log message would contain all of the information currently contained in the ruleMessage. I may have found a workaround for this. Will send another email with the details. On Fri, Mar 22, 2019 at 3:10 PM Ervin Hegedüs <ai...@gm...> wrote: > hi, > > On Fri, Mar 22, 2019 at 12:49:18PM +0000, Felipe Costa wrote: > > Hi Jai, > > > > For the current public supported connectors, the rule id altogether with > logging text is enough. There is no data structure except for char pointer > that point towards the logging string [for the logging attached to the > disruptive events]. Is my understanding that it may be useful for your > application, to have an specific field that held to rule id (may other > information regarding the rule as well). Having that in mind, we can change > the API the make it more useful to your application. Sorry for the > inconvenience. Lets discuss out-of-band the specific characteristics of > your use case, so we can make the API suits you better. > > I can imagine that there should be a new configuration directive, > which allows to log every triggered rule, not just when it > intervents. > > The default value should be disable to do this, but if the > end-user wants to see that, then it can be use that. > > eg. > > SecLogAllRule 0|1 > > > > a. > > > > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > |
