github-actions[bot]
commented
4 years ago This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days
Open jeremyjpj0916 opened 4 years ago
github-actions[bot]
commented
4 years ago This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days
zimmerle
commented
4 years ago Hi @jeremyjpj0916,
We have had discussions about those being INFO/ERROR/NOTICE in the past. We have had code changes about that as well. The biggest concern in the past was the correctness of the logging info inside Nginx, not the verbosity. In terms of it being too many massages, is not something that you can treat withing the rules?
jeremyjpj0916
commented
4 years ago for me the reason i care about log level is very specifically openresty provides a lib to help pull various log messages by status, and in our code I need it to be of an error type for other code to pick up on it, so imo flexibility is always good, especially around various application log levels.
github-actions[bot]
commented
4 years ago This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days
jeremyjpj0916
commented
4 years ago Bad bot.
Would like this to be a environment variable we can set:
https://github.com/SpiderLabs/ModSecurity-nginx/blob/master/src/ngx_http_modsecurity_log.c#L33
NGX_LOG_INFOis nice and appropriate likely for warning messages generally speaking. But info in many NGX deployments is too noisy regarding other things, so it would be nice if this was default to INFO but I could pick ERROR or DEBUG or NOTICE etc. Right now I drop in a patch file and run this line as:Because that is the log level I want WAF detection information to run on for my use case.