events logs not being captured & help in activating additonal ruleset #327
Description
Hi
I have lua-resty-waf setup but event logs are not being captured in the given file location.
nginx.conf
user www-data;
worker_processes auto;
pid /run/openresty.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
access_log /var/log/openresty/access.log;
error_log /var/log/openresty/error.log;
gzip on;
gzip_disable "msie6";
include ../sites/*;
init_by_lua_block {
require "resty.core"
local lua_resty_waf = require "resty.waf"
lua_resty_waf.init()
local lua_resty_waf = require "resty.waf"
-- this translates and calculates a ruleset called 'ruleset_name'
local ok, errs = pcall(function()
lua_resty_waf.load_secrules("/usr/local/openresty/lua-resty-waf/rules/26_Apps_WordPress.conf")
end)
-- errs is an array-like table
if errs then
for i = 1, #errs do
ngx.log(ngx.ERR, errs[i])
end
end
lua_resty_waf.init()
}
}
########################################################################
my default.conf
server {
# Listen on port 80.
listen 80 default_server;
listen [::]:80 default_server;
# The document root.
root /usr/local/openresty/nginx/html/default;
# Add index.php if you are using PHP.
index index.html index.htm;
# The server name, which isn't relevant in this case, because we only have one.
server_name _;
# When we try to access this site...
location / {
try_files $uri $uri/ =404;
}
location /example {
default_type 'text/plain';
content_by_lua_block {
ngx.say('Hello, Sammy!')
}
access_by_lua_block {
local lua_resty_waf = require "resty.waf"
local waf = lua_resty_waf:new()
waf:set_option("debug", true)
waf:set_option("info", "true")
waf:set_option("mode", "ACTIVE")
waf:set_option("add_ruleset", "26_Apps_WordPress.conf")
waf:set_option("event_log_ngx_vars", "host")
waf:set_option("event_log_ngx_vars", "request_id")
waf:set_option("event_log_ngx_vars", "server_port")
waf:set_option("event_log_request_arguments", true)
waf:set_option("allow_unknown_content_types", true)
waf:set_option("event_log_target", "file")
waf:set_option("event_log_target_path", "/var/log/waf/eve.log")
waf:set_option("process_multipart_body", true)
waf:set_option("res_body_max_size", 1024 * 1024 * 2)
waf:set_option("req_tid_header", false)
waf:set_option("res_tid_header", false)
waf:set_option("res_body_mime_types", { "text/plain", "text/html", "text/json", "application/json", "text/php", "text/plain", "text/x-php", "application/php", "application/x-php", "application/x-httpd-php", "application/x-httpd-php-source" })
waf:exec()
}
header_filter_by_lua_block {
local lua_resty_waf = require "resty.waf"
local waf = lua_resty_waf:new()
waf:exec()
}
body_filter_by_lua_block {
local lua_resty_waf = require "resty.waf"
local waf = lua_resty_waf:new()
waf:exec()
}
log_by_lua_block {
local lua_resty_waf = require "resty.waf"
local waf = lua_resty_waf:new()
waf:exec()
waf:write_log_events()
}
}
# Redirect server error pages to the static page /50x.html.
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/local/openresty/nginx/html;
}
}