ModSecurity icon indicating copy to clipboard operation
ModSecurity copied to clipboard
verified publisher icon owasp-modsecurity

Add interface in libModSecurity for reopening log files

Open victorhora opened this issue 7 years ago • 3 comments

This is related with feature request https://github.com/SpiderLabs/ModSecurity-nginx/issues/121

Modsecurity should reopen audit log on these two signals for proper logrotate operation.

As noted at https://github.com/SpiderLabs/ModSecurity-nginx/issues/121#issuecomment-420619429, we could leverage a similar approach as described at https://forum.nginx.org/read.php?29,247488,247500#msg-247500 (i.e. use standard nginx API to open some stub-file with ngx_conf_open_file(), add required handler, and use it for detecting USR1 and HUP signals from master process)

But it seems like libModSecurity currently does not have a nice interface to initiate audit/debug log files reopening by connector's request.

There's a PoC on how we could accomplish that on the connector at https://github.com/SpiderLabs/ModSecurity-nginx/issues/121#issuecomment-442416602 as a starting point.

victorhora avatar Nov 28 '18 21:11 victorhora

Any news up on that?

remort avatar Oct 04 '22 11:10 remort

Any news?

baptiste-fourmont avatar Dec 03 '24 10:12 baptiste-fourmont

Hi @baptiste-fourmont,

Any news?

Unfortunately not. If you have any idea how can we solve this, feel free to open a PR. But I try to keep this on the table...

airween avatar Dec 03 '24 14:12 airween