Description
Hello :)
I want to do HTTPS Morning with Nginx + libmodsecurity + Suricata
However, the project is not proceeding because it is not supported in several parts.
Are you planning to update on the following features? (Q1, Q2)
Information
Nginx(1.11.13)
libModSecurity(ver.3)
Q1 Nginx libmodsecurity json log format
- SecAuditLogType SecAuditLogType JSON ---> Not support
- SecAuditLogStorageDir ---> Response Data Not Inserted (Bug)
{"transaction":{"client_ip":"172.26.137.77","time_stamp":"Thu Aug 31 10:29:25 2017","server_id":"2fa238b0000b474b935dcd3ee0934488d43a2429","client_port":63734,"host_ip":"172.26.137.77","host_port":80,"id":"150414296527.369192","request":{"method":"POST","http_version":1.1,"uri":"/","body":"Document.write(ddd","headers":{"Host":"10.195.26.228","User-Agent":"curl/7.54.0","Accept":"/","Content-Length":"18","Content-Type":"application/x-www-form-urlencoded"}},"response":{"http_code":405,"headers":{"Server":"nginx/1.11.13","Date":"Thu, 31 Aug 2017 01:29:25 GMT","Content-Length":"174","Content-Type":"text/html","Connection":"keep-alive"}}}}
Q2 Nginx libmodsecurity Send a log without generating a file
- SecAuditLog "|/usr/bin/socat -b 5301072 - UDP-SENDTO:10.195.25.3:8888
nginx: [emerg] "modsecurity_rules_file" directive Rules error. File: /usr/local/nginx/conf/modsecurity.conf. Line: 21. Column: 71. Invalid input: SecAuditLog "|/usr/bin/socat -b 5301072 - UDP-SENDTO:10.195.25.3:8888" in /usr/local/nginx/conf/nginx.conf:40
nginx: [emerg] "modsecurity_rules_file" directive Rules error. File: /usr/local/nginx/conf/modsecurity.conf. Line: 21. Column: 71. Invalid input: SecAuditLog "|/usr/bin/socat -b 5301072 - UDP-SENDTO:10.195.25.3:8888" in /usr/local/nginx/conf/nginx.conf:40
- Can I create a single file when using SecAuditLogStorageDir? (Client)