ModSecurity icon indicating copy to clipboard operation
ModSecurity copied to clipboard
verified publisher icon owasp-modsecurity

Updated Code from PR #2304

Open akama-aka opened this issue 11 months ago • 3 comments

What this PR implements:

Implements the ability to reopen audit log files to ensure compatibility with Linux log rotation (logrotate).

Details:

This pull request introduces the functionality that allows ModSecurity to reopen its audit log files. This is necessary so that Linux-based log rotation tools such as logrotate can safely rotate, compress or archive the log files without having to restart ModSecurity.

Sources and methodology:

The code in this PR is largely based on the work of @brandonpayton in the previous pull request https://github.com/owasp-modsecurity/ModSecurity/pull/2304. The changes made here focus on fixing build bugs that were encountered when integrating the original code into the current ModSecurity release. These adjustments were developed with the help of AI models.

Reason:

Support for log rotation is an important feature for the practical use of ModSecurity, especially in production environments. Since the original pull request has stagnated and this feature is relevant for my own needs and those of other users, I decided to try again with AI support, even though this may not be the preferred approach. My own C/C++ skills are limited (or almost non-existent), but the need for this feature motivated me to take this step.

references

Base PR

akama-aka avatar May 06 '25 06:05 akama-aka

Hi @akama-aka,

many thanks for this pull request, and special welcome to your first contribution!

I added some questions above, please review them.

And one more question - you wrote:

Implements the ability to reopen audit log files to ensure compatibility with Linux log rotation

Could you try this patch on Windows? I think the result is almost the same, but I'm curios how Windows handles the reopen() method. Do you have any idea how can we add a test case to check this method?

Cc: @eduar-hte (regarding to Windows).

And finally: I saw you added a "C" API function. I assume that will be used in Nginx to reopen audit.log files, right? Do you mind to add that feature to Nginx connector if we merge this?

airween avatar May 06 '25 20:05 airween

Hi @akama-aka,

many thanks for this pull request, and special welcome to your first contribution!

I added some questions above, please review them.

And one more question - you wrote:

Implements the ability to reopen audit log files to ensure compatibility with Linux log rotation

Could you try this patch on Windows? I think the result is almost the same, but I'm curios how Windows handles the reopen() method. Do you have any idea how can we add a test case to check this method?

Cc: @eduar-hte (regarding to Windows).

And finally: I saw you added a "C" API function. I assume that will be used in Nginx to reopen audit.log files, right? Do you mind to add that feature to Nginx connector if we merge this?

Thank you for your comment to this draft pr. I'll try to learn C/C++ more to understand more of it and try to fix those things up ^^

akama-aka avatar May 06 '25 20:05 akama-aka

Quality Gate Passed Quality Gate passed

Issues
4 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

sonarqubecloud[bot] avatar Jun 02 '25 09:06 sonarqubecloud[bot]