chore: 🤖 enable debug logging

ministryofjustice · Nov 22, 2024 · d6b400a · d6b400a
1 parent cd071e8
commit d6b400a
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 4 deletions.
diff --git a/configmap.tf b/configmap.tf
@@ -257,6 +257,24 @@ resource "kubernetes_config_map" "logrotate_config" {
           copytruncate
           maxage 1
       }
+
+      /var/log/debug/**/**/* {
+          hourly
+          rotate 0
+          missingok
+          maxage 1
+      }
+
+      /var/log/debug/*.log {
+          su root 82
+          hourly
+          rotate 2
+          missingok
+          compress
+          delaycompress
+          copytruncate
+          maxage 1
+      }
     EOT
   }
 

diff --git a/templates/modsecurity.conf b/templates/modsecurity.conf
@@ -214,8 +214,8 @@ SecDataDir /tmp/
 # The default debug log configuration is to duplicate the error, warning
 # and notice messages from the error log.
 #
-#SecDebugLog /opt/modsecurity/var/log/debug.log
-#SecDebugLogLevel 3
+SecDebugLog /var/log/debug/debug.log
+SecDebugLogLevel 0
 
 
 # -- Audit log configuration -------------------------------------------------
@@ -231,7 +231,7 @@ SecAuditLogRelevantStatus "^(?:5|4(?!04))"
 SecAuditLogParts AEFHKZ
 
 # Use a single file for logging. This is much easier to look at, but
-# assumes that you will use the audit log only ocassionally.
+# assumes that you will use the audit log only occasionally.
 #
 SecAuditLogType Concurrent
 

diff --git a/templates/values.yaml.tpl b/templates/values.yaml.tpl
@@ -58,6 +58,8 @@ controller:
   ## Additional volumeMounts to the controller main container.
     - name: logs-volume
       mountPath: /var/log/audit/
+    - name: logs-debug-volume
+      mountPath: /var/log/debug/
     - name: modsecurity-nginx-config
       mountPath: /etc/nginx/modsecurity/modsecurity.conf
       subPath: modsecurity.conf
@@ -75,10 +77,12 @@ controller:
   extraInitContainers:
     - name: init-file-permissions
       image: busybox
-      command: ["sh", "-c", "chmod -R 777 /var/log/audit"]
+      command: ["sh", "-c", "chmod -R 777 /var/log/audit /var/log/debug"]
       volumeMounts:
       - name: logs-volume
         mountPath: /var/log/audit
+      - name: logs-debug-volume
+        mountPath: /var/log/debug
 
   extraContainers:
     - name: flb-modsec-logs
@@ -92,6 +96,8 @@ controller:
         mountPath: /fluent-bit/scripts/
       - name: logs-volume
         mountPath: /var/log/audit/
+      - name: logs-debug-volume
+        mountPath: /var/log/debug/
       - name: varlog-pods
         mountPath: /var/log/pods/
       - name: varlog-containers
@@ -123,6 +129,8 @@ controller:
         mountPath: /home
       - name: logs-volume
         mountPath: /var/log/audit/
+      - name: logs-debug-volume
+        mountPath: /var/log/debug/
       resources:
         requests:
           cpu: "100m"