search

klaubert / waf-fle

WAF-FLE, ModSecurity Console
http://waf-fle.org
GNU General Public License v2.0
142 stars 74 forks source link

Logwatch like summaries #23

Open SQLearn opened 10 years ago

SQLearn commented 10 years ago

I was wondering if it would be possible to implement logwatch like reporting in waf-fle. I would find it great if a report was sent by email daily containing a summary of the daily events. Waf-fle is great but requires someone to log in regularly. Some of the features I would like to see are:

  1. The summary to be sent by email to specific email addresses(configurable).
  2. The summary to contain the info that is gathered in the home page of waf-fle
  3. The summary to be configurable
  4. User contributed summaries. Maybe we can write summaries, (SQL, PHP) and contribute them to the community. This way each user can have the reports he wants without bothering the developer.

I believe it is not easy to have normal logwatch scripts from the server mod_security is running, because logs are not stored in a single file. I think setting SecAuditLogType Concurrent in mod_security is a requirement for waf-fle so extracting summaries is not easy from the server. Apart from that, in waf-fle it is easy to have summaries from multiple sensors that could be very important.

Do you think you could implement this feature or at least create the API for us to write our own summaries (even in PHP)? Would it be easy for me to implement it without modifying you core code?

Thanks in advance Panagiotis

sakalajuraj commented 10 years ago

I think better way to do this is doing custom queries to the waf-fle database via script you can create for yourself.

klaubert commented 10 years ago

Hi,

I have both report and alert in my road map, what include some ideas that you mention. But I don't know when I will start this. While is possible to query database (actually is the only way now), I think that will be better to make an automated and standard way to this, but I have some other features to deal first.

Keep waf-fling,

Klaubert Em 31/07/2014 06:35, "SQLearn" notifications@github.com escreveu:

I was wondering if it would be possible to implement logwatch like reporting in waf-fle. I would find it great if a report was sent by email daily containing a summary of the daily events. Waf-fle is great but requires someone to log in regularly. Some of the features I would like to see are:

  1. The summary to be sent by email to specific email addresses(configurable).
  2. The summary to contain the info that is gathered in the home page of waf-fle
  3. The summary to be configurable
  4. User contributed summaries. Maybe we can write summaries, (SQL, PHP) and contribute them to the community. This way each user can have the reports he wants without bothering the developer.

I believe it is not easy to have normal logwatch scripts from the server mod_security is running, because logs are not stored in a single file. I think setting SecAuditLogType Concurrent in mod_security is a requirement for waf-fle so extracting summaries is not easy from the server. Apart from that, in waf-fle it is easy to have summaries from multiple sensors that could be very important.

Do you think you could implement this feature or at least create the API for us to write our own summaries (even in PHP)? Would it be easy for me to implement it without modifying you core code?

Thanks in advance Panagiotis

Reply to this email directly or view it on GitHub https://github.com/klaubert/waf-fle/issues/23.