owasp-modsecurity/ModSecurity-nginx

Modsecurity STDOUT Logging

AlyRagab opened this issue · 0 comments

AlyRagab commented

Currently i am running with Nginx Ingress Controller in kubernetes and Modsecurity enabled with the below Ingress Snippet, And what is intended by these configs are :

  • Detecting Only
  • Logging everything as STDOUT instead of a local file in the POD
  • Logging as JSON

Config:

    SecRuleEngine DetectionOnly
    SecAuditEngine RelevantOnly
    SecAuditLogParts AB
    SecAction "id:900110, phase:1, nolog, pass, t:none, setvar:tx.inbound_anomaly_score_threshold=100, setvar:tx.outbound_anomaly_score_threshold=100"
    Include /etc/nginx/owasp-modsecurity-crs/nginx-modsecurity.conf
    SecAuditLog /dev/stdout
    SecDebugLog /dev/stdout
    SecAuditLogType Serial
    SecAuditLogFormat JSON

The problem Statement:

  • It keeps logging in a local file instead of STDOUT ( /var/log/modsec_audit.log )
  • There is no any log indicating an issue in the configurations

Resources Versions:

  • nginx version: nginx/1.21.6
  • ModSecurity-nginx-1.0.3