Json support

[rickygm]

Hi wargio, just a clarification, is this json support that you added to be able to extract the log in this format? Do you have any example of how it would appear in the log?.

regards...

[wargio]

This is just to have the extended logs in json format which before we didn't have it.

Before the logs looked like this even with json logging enabled:

2022/12/22 20:43:32 [error] 1189874#0: *1 NAXSI_EXLOG: ip=127.0.0.1&server=localhost&rid=6c106441d5b5a24d14eff412f465d218&uri=%2Fa&id=1001&zone=ARGS&var_name=b&content=%22%5Cdasdasdasdadsa, client: 127.0.0.1, server: localhost, request: "GET /a?b="\dasdasdasdadsa HTTP/1.1", host: "localhost"

This is the new extended log in json format:

2022/12/22 20:36:35 [error] 1189262#0: *1 {"ip":"127.0.0.1","server":"localhost","rid":"a0333f697ff8f12b6a200a24117ff320","uri":"/a","id":1001,"zone":"ARGS","var_name":"b","content":"\"\\dasdasdasdadsa"}, client: 127.0.0.1, server: localhost, request: "GET /a?b="\dasdasdasdadsa HTTP/1.1", host: "localhost"

This is the normal log in json format (just for reference).

2022/12/22 20:36:35 [error] 1189262#0: *1 {"ip":"127.0.0.1","server":"localhost","uri":"/a","config":"block","rid":"a0333f697ff8f12b6a200a24117ff320","cscore0":"$SQL","score0":"8","cscore1":"$XSS","score1":"8","zone0":"ARGS","id0":"1001","var_name0":"b"}, client: 127.0.0.1, server: localhost, request: "GET /a?b="\dasdasdasdadsa HTTP/1.1", host: "localhost"

[wargio]

you can use the rid value to aggregate all the logs for each request

[rickygm]

I see a rid value in the log, but what exactly do you mean?

it would be interesting to have an api for log output.

I have a doubt, I am looking in the wiki how to activate the log in json format but I can't find it.

https://github.com/nbs-system/naxsi/wiki/json#json

[wargio]

The rid value is the request id, so for each request the server receives, a static rid is set, so each log with one rid should correspond to 1 request received and its associated data.

what do you mean? you just enable it via set $naxsi_json_log 1;

set $naxsi_json_log 1;
location / {
    SecRulesEnabled;
    DeniedUrl "/RequestDenied";
    CheckRule "$SQL >= 8" BLOCK;
    CheckRule "$RFI >= 8" BLOCK;
    CheckRule "$TRAVERSAL >= 4" BLOCK;
    CheckRule "$XSS >= 8" BLOCK;
    root $TEST_NGINX_SERVROOT/html/;
    index index.html index.htm;
}
location /RequestDenied {
     return 412;
    # return 412;
}

for extended logs you also have to add set $naxsi_extensive_log 1;

[rickygm]

my doubt was with the rid value, now I understand it better , it is always good to consider adding the wiki.

[wargio]

i actually have to rewrite it completely. there are tons of info that are missing even before i forked.

[rickygm]

ok I understand, if you are the only developer who has this project alive, you should add a paypal button - ko-fi.com , to help you.

[wargio]

i was and am the only one still developing this project. maybe in the future i will.

[rickygm]

ok my friend.

[selivan]

@wargio Thank you very much for working on this project after it was abandoned by nbs-systems.

This feature is undoucmented, I learned about it from this isue. ALL match zone is undocumented also, seen it in releases changelog.

Adding wiki pages on new features could be a good idea.

[wargio]

yeah. i never had the chance to finish rewriting the wiki.
I will try this weekend to write finish more chapters.

[selivan]

@wargio Github wiki is not convenient anyway. If I move naxsi wiki content to .md files in docs and comb it up a little - would you be interested in such PR? Later that may be used to generate documentation on readthedocs.org or something similar.

[wargio]

we could also do that. could be nice to have a github.io page for the project which is generated by the docs

[rickygm]

I think it would be a good option

[selivan]

@wargio I will try to get to it this weekend.

[selivan]

@wargio Here it goes: #94