Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add interface in libModSecurity for reopening log files #1968

Open
victorhora opened this issue Nov 28, 2018 · 1 comment · May be fixed by #2304
Open

Add interface in libModSecurity for reopening log files #1968

victorhora opened this issue Nov 28, 2018 · 1 comment · May be fixed by #2304
Assignees
@zimmerle @victorhora
Labels
3.x Related to ModSecurity version 3.x new feature This is a new feature RIP - libmodsecurity RIP - Type - Feature
Projects
v3.1.1
Milestone
v3.1.0

Comments

@victorhora
Copy link
Contributor

This is related with feature request owasp-modsecurity/ModSecurity-nginx#121

Modsecurity should reopen audit log on these two signals for proper logrotate operation.

As noted at owasp-modsecurity/ModSecurity-nginx#121 (comment), we could leverage a similar approach as described at https://forum.nginx.org/read.php?29,247488,247500#msg-247500 (i.e. use standard nginx API to open some stub-file with ngx_conf_open_file(), add required handler, and use it for detecting USR1 and HUP signals from master process)

But it seems like libModSecurity currently does not have a nice interface to initiate audit/debug log files reopening by connector's request.

There's a PoC on how we could accomplish that on the connector at owasp-modsecurity/ModSecurity-nginx#121 (comment) as a starting point.
@victorhora victorhora added this to the v3.0.4 milestone Nov 28, 2018
@victorhora victorhora mentioned this issue Nov 28, 2018
Open
@zimmerle zimmerle added this to To do in v3.0.4 via automation Nov 30, 2018
@zimmerle zimmerle added new feature This is a new feature and removed TBF by libmodsec enhancement labels Nov 30, 2018
@zimmerle zimmerle added this to To do in v3.1.0 via automation Oct 15, 2019
@zimmerle zimmerle removed this from To do in v3.0.4 Oct 15, 2019
@zimmerle zimmerle added this to To do in v3.1.1 via automation Oct 16, 2019
@zimmerle zimmerle removed this from To do in v3.1.0 Oct 16, 2019
@brandonpayton brandonpayton linked a pull request May 1, 2020 that will close this issue
Open
@remort
Copy link

remort commented Oct 4, 2022

Any news up on that?

@airween airween mentioned this issue Jan 30, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zimmerle zimmerle

@victorhora victorhora

Labels
3.x Related to ModSecurity version 3.x new feature This is a new feature RIP - libmodsecurity RIP - Type - Feature
Projects
v3.1.1
  
To do
Milestone
v3.1.0
Development

Successfully merging a pull request may close this issue.

Support reopening audit logs brandonpayton/ModSecurity
3 participants
@zimmerle @remort @victorhora