0ct0pu5/crowdsec
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

imp logging

Browse source
This commit is contained in:
bui 2023-07-11 09:29:17 +02:00
parent 8baeb70998
commit a6ba0e869c
1 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
pkg/acquisition/modules/waf/utils.go
View file

@ -44,7 +44,11 @@ func RuleMatchToEvent(rule corazatypes.MatchedRule, tx corazatypes.Transaction,
//def needs fixing
evt.Stage = "s00-raw"
evt.Process = true
log.Infof("SOURCE IP: %+v", rule)
log.WithFields(log.Fields{
"module": "waf",
"source": rule.ClientIPAddress(),
"id": rule.Rule().ID(),
}).Infof("%s", rule.Message())
//we build a big-ass object that is going to be marshaled in line.raw and unmarshaled later.
//why ? because it's more consistent with the other data-sources etc. and it provides users with flexibility to alter our parsers
CorazaEvent := map[string]interface{}{