Comments (9)
jptosso
commented on June 5, 2024
Although I don't see any problem adding a json output to MatchedRules, I do see a problem adding additional configuration to connectors. Logs are already too complicated for users, we have error, audit and debug, now we would add error log configurations
IMHO it's better if each user parses the coraza lot as it is, then he can transform it into json
from coraza-spoa.
xonvanetta
commented on June 5, 2024
I don't quite understand connectors in this context but I assume it apps that use coraza as a library.
Would it be the right place to add a json formatter here based on a config flag? Don't know if this also is considered a connector or is there a better place to put json logging on the application side.
from coraza-spoa.
jcchavezs
commented on June 5, 2024
+1 to custom serializers, -1 to adding log level to the config. As of now you can configure that in the seclang config, supporting log config somewhere else will be problematic and cumbersome as you need to define a priority that users need to be aware of and still that does not clarify anything.
from coraza-spoa.
devasmith
commented on June 5, 2024
+1 to custom serializers, -1 to adding log level to the config. As of now you can configure that in the seclang config, supporting log config somewhere else will be problematic and cumbersome as you need to define a priority that users need to be aware of and still that does not clarify anything.
Can you give any example configurating this via seclang? Is it something we would have to define here?
from coraza-spoa.
jcchavezs
commented on June 5, 2024
On Thu, Sep 7, 2023 at 9:02 AM Anders Smith ***@***.***> wrote:
+1 to custom serializers, -1 to adding log level to the config. As of now
you can configure that in the seclang config, supporting log config
somewhere else will be problematic and cumbersome as you need to define a
priority that users need to be aware of and still that does not clarify
anything.
Can you give any example configurating this via seclang? Is it something
we would have to define here
<https://github.com/corazawaf/coraza/blob/main/coraza.conf-recommended>?
—
Reply to this email directly, view it on GitHub
<#91 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAXOYAXIGHFMQLKRNLLSFNTXZFWPPANCNFSM6AAAAAA4NXHEYQ>
.
You are receiving this because you commented.Message ID:
***@***.***>
from coraza-spoa.
devasmith
commented on June 5, 2024
check https://coraza.io/docs/seclang/directives/#secdebuglog
…
I don't really get it. How can we use this? Is this a replacement for the logging at https://github.com/corazawaf/coraza-spoa/blob/main/config.yaml.default#L29-L32?
from coraza-spoa.
zc-devs
commented on June 5, 2024
I don't quite understand connectors in this context but I assume it apps that use coraza as a library.
Yup, you're right.
Is this a replacement for the logging at https://github.com/corazawaf/coraza-spoa/blob/main/config.yaml.default#L29-L32?
Of course, no :)
Should be something like that on coraza's side for Debug and Error logs, I think.
@devasmith, while your hack works for Coraza's error log, I would like to attract attention to Connector's logs as well as other libraries.
from coraza-spoa.
devasmith
commented on June 5, 2024
I just noticed this change: https://github.com/corazawaf/coraza-spoa/pull/90/files#diff-d0effb22dac9e11bf39bf7ede9c5a9802da85a46a39fe39fe2c81fec1a3ddda6R22-R23
This is what I was after and it seems to be implemented in that draft.
from coraza-spoa.
zc-devs
commented on June 5, 2024
Oh, OK. I guess I won't say anything about #90. Wish you luck 🤝
from coraza-spoa.
Related Issues (20)
- Systemd service failed
- SPOE deprecated in haproxy 3.1 HOT 2
- Add unit tests for internal package
- Adds readme/command to run a example application HOT 1
- Panic on empty Application name
- Adds support for FTW
- Drop logger, logLevel and use coraza's
- Argument version and headers not found HOT 11
- Use github.com/corazawaf/coraza/v3/http/e2e for E2E tests
- coraza-spoa always returns "-" on verdict %[var(txn.coraza.fail) instead of "1" as per documentation HOT 5
- Garbarge in client and hostname fields in Coraza's log
- MYSQL Injection Not Detected HOT 5
- Log to Syslog HOT 7
- Multiple domains - backend HOT 3
- Error sample_app, error: Key not found HOT 1
- Fetch methods for app parameter HOT 4
- Runtime error checking header user-agent HOT 1
- Listen "server" on .sock
- Excessive memory and CPU usage HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from coraza-spoa.