Json support
rickygm opened this issue · comments
Hi wargio, just a clarification, is this json support that you added to be able to extract the log in this format? Do you have any example of how it would appear in the log?.
regards...
This is just to have the extended logs in json format which before we didn't have it.
Before the logs looked like this even with json logging enabled:
2022/12/22 20:43:32 [error] 1189874#0: *1 NAXSI_EXLOG: ip=127.0.0.1&server=localhost&rid=6c106441d5b5a24d14eff412f465d218&uri=%2Fa&id=1001&zone=ARGS&var_name=b&content=%22%5Cdasdasdasdadsa, client: 127.0.0.1, server: localhost, request: "GET /a?b="\dasdasdasdadsa HTTP/1.1", host: "localhost"
This is the new extended log in json format:
2022/12/22 20:36:35 [error] 1189262#0: *1 {"ip":"127.0.0.1","server":"localhost","rid":"a0333f697ff8f12b6a200a24117ff320","uri":"/a","id":1001,"zone":"ARGS","var_name":"b","content":"\"\\dasdasdasdadsa"}, client: 127.0.0.1, server: localhost, request: "GET /a?b="\dasdasdasdadsa HTTP/1.1", host: "localhost"
This is the normal log in json format (just for reference).
2022/12/22 20:36:35 [error] 1189262#0: *1 {"ip":"127.0.0.1","server":"localhost","uri":"/a","config":"block","rid":"a0333f697ff8f12b6a200a24117ff320","cscore0":"$SQL","score0":"8","cscore1":"$XSS","score1":"8","zone0":"ARGS","id0":"1001","var_name0":"b"}, client: 127.0.0.1, server: localhost, request: "GET /a?b="\dasdasdasdadsa HTTP/1.1", host: "localhost"
you can use the rid value to aggregate all the logs for each request
I see a rid value in the log, but what exactly do you mean?
it would be interesting to have an api for log output.
I have a doubt, I am looking in the wiki how to activate the log in json format but I can't find it.
The rid value is the request id, so for each request the server receives, a static rid is set, so each log with one rid should correspond to 1 request received and its associated data.
what do you mean? you just enable it via set $naxsi_json_log 1;
set $naxsi_json_log 1;
location / {
SecRulesEnabled;
DeniedUrl "/RequestDenied";
CheckRule "$SQL >= 8" BLOCK;
CheckRule "$RFI >= 8" BLOCK;
CheckRule "$TRAVERSAL >= 4" BLOCK;
CheckRule "$XSS >= 8" BLOCK;
root $TEST_NGINX_SERVROOT/html/;
index index.html index.htm;
}
location /RequestDenied {
return 412;
# return 412;
}
for extended logs you also have to add set $naxsi_extensive_log 1;
my doubt was with the rid value, now I understand it better , it is always good to consider adding the wiki.
i actually have to rewrite it completely. there are tons of info that are missing even before i forked.
ok I understand, if you are the only developer who has this project alive, you should add a paypal button - ko-fi.com , to help you.
i was and am the only one still developing this project. maybe in the future i will.
ok my friend.
@wargio Thank you very much for working on this project after it was abandoned by nbs-systems.
This feature is undoucmented, I learned about it from this isue. ALL match zone is undocumented also, seen it in releases changelog.
Adding wiki pages on new features could be a good idea.
yeah. i never had the chance to finish rewriting the wiki.
I will try this weekend to write finish more chapters.
@wargio Github wiki is not convenient anyway. If I move naxsi wiki content to .md files in docs and comb it up a little - would you be interested in such PR? Later that may be used to generate documentation on readthedocs.org or something similar.
we could also do that. could be nice to have a github.io page for the project which is generated by the docs
I think it would be a good option
@wargio I will try to get to it this weekend.