Open svenauhagen opened 1 year ago
albertogrimana
commented
1 year ago Hi
I have this configuration in docker-compose.yml to send logs to a external syslog server and work with any problems If you run syslog in same machine simply not config syslog-address
logging: driver: syslog options: syslog-address: "udp://xxx.xxx.xxx.xxx:514" tag: "corazawaf"
svenauhagen
commented
1 year ago Hi,
sorry I should have been more precise, I am using the debian package with systemd. In general systemd is abstracting away stdout and stderr already to be a socket which can not be used with coraza-spoa anymore. So I am looking for a way to configure the syslog within the coraza config.
albertogrimana
commented
1 year ago Maybe yo can try this
https://www.loggly.com/ultimate-guide/centralizing-with-syslog/
svenauhagen
commented
1 year ago It does not work because under systemd you can not use stdout in coraza-spoa as well. It only gives the error message that there is no such file to open. Systemd abstracts away stdout ans coraza-spoa does not seem to be able to handle that. I can only log to a file at the moment.
bzed
commented
9 months ago @svenauhagen the "security" configs in https://github.com/corazawaf/coraza-spoa/blob/main/contrib/coraza-spoa.service are a bit crazy. I could only guess which line it is, but just remove all the private/protected/.... stuff until writing to stdout works.
My guess is PrivateDevices=true, buts thats a guess only.
bzed
commented
9 months ago Looking at the chrony.service file in debian is probably a good start for a sane implamentation of that systemd service.
svenauhagen
commented
6 months ago fixed by PR105
Hi,
I am trying to log to syslog but there seems to be no way to do that. RSyslog is running directly on my server so it only needs to reference the unix socket that is open to the syslog server.
Any hints on how this can be done?
Best and thanks Sven