Skip to content

Create directory for audit log#402

Open
hnakamur wants to merge 5 commits intocoreruleset:mainfrom
hnakamur:add_log_directory
Open

Create directory for audit log#402
hnakamur wants to merge 5 commits intocoreruleset:mainfrom
hnakamur:add_log_directory

Conversation

@hnakamur
Copy link

@hnakamur hnakamur commented Jan 16, 2026
edited
Loading

@fzipi
Copy link
Member

fzipi commented Feb 5, 2026

Hey @hnakamur ! Is there something specific you are fixing? Can you add something in the description?

@hnakamur
Copy link
Author

hnakamur commented Feb 5, 2026

@fzipi Thank you for your comment! I added an explanation to the description.

@fzipi
Copy link
Member

fzipi commented Feb 27, 2026

Sorry for the delay. What I see in this diff, for example, is that you are still using the file modsec_audit.log.

Is that what you wanted, or still need the directory?

@hnakamur
Copy link
Author

hnakamur commented Feb 27, 2026

Thank you for taking a time to review my diffs.
What I want is creating the audit log file in the docker compose volume so that go-ftw can look at it.

The audit filename:

@fzipi
Copy link
Member

fzipi commented Mar 1, 2026

@hnakamur As we are not using those directories, maybe it makes sense for you to also add a VOLUME /var/log/modsecurity/audit directive in this PR?

@hnakamur
Copy link
Author

hnakamur commented Mar 2, 2026

I think we don't need to add a VOLUME /var/log/modsecurity/audit in Dockerfiles in this repository.
Users can add a volume as needed without modifying Dockerfiles in this repository just like I do in docker-compose.yml at #402 (comment)

The log directory is needed to be created in Dockerfiles in this repository. So I opened this pull request.

@theseion
Copy link
Contributor

theseion commented Mar 2, 2026

I don't think we need the audit directory. /var/log/modsecurity should be enough, then you can specify the file path as SecAuditLog /var/log/modsecurity/audit.log.

@hnakamur
Copy link
Author

hnakamur commented Mar 2, 2026

Currently the MODSEC_AUDIT_STORAGE_DIR environment variable is set to /var/log/modsecurity/audit/ in Dockerfiles, for example:

modsecurity-crs-docker/nginx/Dockerfile

Line 157 in 443b9e3

MODSEC_AUDIT_STORAGE_DIR=/var/log/modsecurity/audit/ \

Is it OK to change these to /var/log/modsecurity too?
If yes, I am fine to use /var/log/modsecurity as the log directory.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@hnakamur @fzipi @theseion