JSON added to recommended, SecAuditLog for default Serial writer

corazawaf · Jul 8, 2024 · 9cb6fd0 · 9cb6fd0
1 parent 42923fd
commit 9cb6fd0
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 6 deletions.
diff --git a/example/envoy/envoy-config.yaml b/example/envoy/envoy-config.yaml
@@ -60,6 +60,8 @@ static_resources:
                                     "SecDefaultAction \"phase:3,log,auditlog,pass\"",
                                     "SecDefaultAction \"phase:4,log,auditlog,pass\"",
                                     "SecDefaultAction \"phase:5,log,auditlog,pass\"",
+                                    "SecAuditLog /dev/stdout",
+                                    "SecAuditLogFormat JSON",
                                     "SecDebugLogLevel 3",
                                     "Include @owasp_crs/*.conf",
                                     "SecRule REQUEST_URI \"@streq /admin\" \"id:101,phase:1,t:lowercase,deny\" \nSecRule REQUEST_BODY \"@rx maliciouspayload\" \"id:102,phase:2,t:lowercase,deny\" \nSecRule RESPONSE_HEADERS::status \"@rx 406\" \"id:103,phase:3,t:lowercase,deny\" \nSecRule RESPONSE_BODY \"@contains responsebodycode\" \"id:104,phase:4,t:lowercase,deny\""

diff --git a/internal/auditlog/serial_writer.go b/internal/auditlog/serial_writer.go
@@ -13,10 +13,10 @@ import (
 
 // Coraza does not come with a built-in audit log writer for Wasm
 // See https://github.com/corazawaf/coraza/blob/main/internal/auditlog/init_tinygo.go
-// This function registers a new audit log writer for Wasm named "wasmserial" that prints
-// audit logs to the proxy-wasm log as info messages.
+// This function overrides the default "Serial" audit log writer in order to print audit logs
+// to the proxy-wasm log as info messages.
 func RegisterWasmSerialWriter() {
-	plugins.RegisterAuditLogWriter("wasmserial", func() plugintypes.AuditLogWriter {
+	plugins.RegisterAuditLogWriter("serialNotUsed", func() plugintypes.AuditLogWriter {
 		return &wasmSerial{}
 	})
 }

diff --git a/wasmplugin/rules/coraza-demo.conf b/wasmplugin/rules/coraza-demo.conf
@@ -230,7 +230,9 @@ SecAuditLogParts ABIJDEFHZ
 # Use a single file for logging. This is much easier to look at, but
 # assumes that you will use the audit log only occasionally.
 #
-SecAuditLogType WasmSerial
+SecAuditLogType Serial
+SecAuditLog /dev/stdout
+SecAuditLogFormat JSON
 
 
 # -- Miscellaneous -----------------------------------------------------------

diff --git a/wasmplugin/rules/coraza.conf-recommended.conf b/wasmplugin/rules/coraza.conf-recommended.conf
@@ -229,8 +229,9 @@ SecAuditLogParts ABIJDEFHZ
 # Use a single file for logging. This is much easier to look at, but
 # assumes that you will use the audit log only occasionally.
 #
-SecAuditLogType WasmSerial
-
+SecAuditLogType Serial
+SecAuditLog /dev/stdout
+SecAuditLogFormat JSON
 
 # -- Miscellaneous -----------------------------------------------------------