Apache LOGLEVEL or ACCESSLOG does not seem to have an effect

[igoooor]

Hello there,

I set my LOGLEVEL to error but I still see access logs in the container stdout. Did I misunderstood the purpose of LOGLEVEL? If so, is there a way to disable apache access logs?

Thanks!

[fzipi]

To disable apache access logs, you can set ACCESSLOG=/dev/null I guess. See https://github.com/coreruleset/modsecurity-docker#apache-env-variables from the base container. The crs container is sending the errorlog to stderr

[igoooor]

Good hint indeed, but weirdly enough I could not make that work. I'm checking this path a bit more

[igoooor]

So far I was not able to stop accesslogs from showing up. Anyone managed to do so?

[fzipi]

Ok, I think it was hiding in plain sight, but enough to be ignored. Short answer: you can't do it right now. This is because, while the base container will use the ACCESSLOG you provide, it also uses the directive TransferLog, and sends it unconditionally to stdout :/

I'm creating an issue in the base container to track this. Thanks for the report!

[igoooor]

Thank you for your support!

[fzipi]

Even after doing this:

      ACCESSLOG: "/dev/null"
      ERRORLOG: "/dev/null"
      METRICSLOG: "/dev/null"
      PERFLOG: "/dev/null combined"

I'm still getting access logs 😠 ! So I think this comes from the upstream httpd container. 😄

[fzipi]

And here is the place: https://github.com/docker-library/httpd/blob/f3b7fd9c8ef59d1ad46c8b2a27df3e02d822834f/2.4/Dockerfile#L205-L212.

We will need to do a similar change.

[igoooor]

I see the PR on the base container image is merged, so I guess it will soon make its way to the docker image?

[theseion]

It should... @fzipi?

[fzipi]

We have a weekly build, so it should be there already 🤔.

Can you try it?

[fzipi]

@igoooor Were you able to test this? Is it working now?

[igoooor]

sorry for my late reply I was away. Yes it seems to be working now with the latest docker build :)