Open svenauhagen opened 1 year ago
Hi
I have this configuration in docker-compose.yml to send logs to a external syslog server and work with any problems If you run syslog in same machine simply not config syslog-address
logging: driver: syslog options: syslog-address: "udp://xxx.xxx.xxx.xxx:514" tag: "corazawaf"
Hi,
sorry I should have been more precise, I am using the debian package with systemd. In general systemd is abstracting away stdout and stderr already to be a socket which can not be used with coraza-spoa anymore. So I am looking for a way to configure the syslog within the coraza config.
Maybe yo can try this
https://www.loggly.com/ultimate-guide/centralizing-with-syslog/
It does not work because under systemd you can not use stdout in coraza-spoa as well. It only gives the error message that there is no such file to open. Systemd abstracts away stdout ans coraza-spoa does not seem to be able to handle that. I can only log to a file at the moment.
@svenauhagen the "security" configs in https://github.com/corazawaf/coraza-spoa/blob/main/contrib/coraza-spoa.service are a bit crazy. I could only guess which line it is, but just remove all the private/protected/.... stuff until writing to stdout works.
My guess is PrivateDevices=true
, buts thats a guess only.
Looking at the chrony.service file in debian is probably a good start for a sane implamentation of that systemd service.
fixed by PR105
Hi,
I am trying to log to syslog but there seems to be no way to do that. RSyslog is running directly on my server so it only needs to reference the unix socket that is open to the syslog server.
Any hints on how this can be done?
Best and thanks Sven