Description
As per documentation, these are the valid values for debug levels (0 to 9, excluding 6-8):
https://www.feistyduck.com/library/modsecurity-handbook-free/online/ch04-logging.html
| Debug log level | Description |
|---|---|
| 0 | No logging |
| 1 | Errors (e.g., fatal processing errors, blocked transactions) |
| 2 | Warnings (e.g., nonblocking rule matches) |
| 3 | Notices (e.g., nonfatal processing errors) |
| 4 | Handling of transactions and performance |
| 5 | Detailed syntax of the rules |
| 6–8 | Not used |
| 9 | Detailed information about transactions (e.g., variable expansion and setting of variables) |
Working confirmed numbers(does output logs):
0,9,5,4
Not Working numbers:
1
Unsure best way to cause these so skipped them for now: 2,3
Audit log logic helps supplement the 1 use case generally(will also be raising a separate issue on that) but I still think it would be right and proper for level 1 to log errors in debug if documentation presents it like that(and maybe for audit vs debug log cross comparison for extra analysis).
Log level 4 supposedly helps with getting performance numbers too but In reviewing logs I see no logging to indicate performance of evaluated rules. Might it be that NGINX integration is not as feature complete as integrations with other webservers in v3?
Version: Master branch right now of the ngx connector + libmodsec 3.0.4