Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding ModSecurity parameter for audit log format. #2583

Open
wants to merge 3 commits into
base: main
Choose a base branch
from

Conversation

Tamerz
Copy link
Contributor

@Tamerz Tamerz commented Nov 28, 2024

Summary

Adds a parameter to set the audit log format to JSON

https://github.com/owasp-modsecurity/ModSecurity/wiki/Reference-Manual-(v2.x)#user-content-SecAuditLogFormat

Additional Context

Since as of the current version of ModSecurity, this can only have two values Native and JSON, and Native is default, I decided only add the line if someone specifically sets the value to JSON. This means it shouldn't touch any existing config, especially on versions where this parameter may not exist.

Checklist

  • 🟢 Spec tests.
  • 🟢 Acceptance tests.
  • Manually verified. (For example puppet apply)

@Tamerz Tamerz requested review from bastelfreak, ekohl, smortex and a team as code owners November 28, 2024 10:44
Copy link
Collaborator

@smortex smortex left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM but see inline comment for some doc improvements. Thank!

@@ -36,6 +36,7 @@

$modsec_audit_log_parts = 'ABIJDEFHZ'
$modsec_audit_log_type = 'Serial'
$modsec_audit_log_format = 'Native'
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't put the default value in params.pp

@@ -143,6 +146,7 @@
String $audit_log_relevant_status = '^(?:5|4(?!04))',
String $audit_log_parts = $apache::params::modsec_audit_log_parts,
String $audit_log_type = $apache::params::modsec_audit_log_type,
Enum['Native', 'JSON'] $audit_log_format = $apache::params::modsec_audit_log_format,
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Put the default value here instead.

That way, the default value is correctly documented in the generated documentation.

@@ -32,6 +32,9 @@
#
# @param audit_log_type
# Defines the type of audit logging mechanism to be used.
#
# @param audit_log_format
# Defines what format the logs should be written in. Accepts `Native` and `JSON`.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No need to list accepted values, as the documentation include the data type (and the default value).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants