Skip to content

Commit

Permalink
chore: 🤖 enable debug logging
Browse files Browse the repository at this point in the history
  • Loading branch information
@jaskaransarkaria
jaskaransarkaria committed Nov 22, 2024
1 parent cd071e8 commit e577650
Show file tree
Hide file tree
Showing 3 changed files with 59 additions and 4 deletions.
47 changes: 47 additions & 0 deletions configmap.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,21 @@ resource "kubernetes_config_map" "fluent-bit-config" {
Storage.type filesystem
Storage.pause_on_chunks_overlimit True
[INPUT]
Name tail
Alias modsec_nginx_ingress_debug
Tag cp-ingress-modsec-debug.*
Path /var/log/debug/**/**/*
Parser docker
Refresh_Interval 5
Buffer_Max_Size 5MB
Buffer_Chunk_Size 1M
Offset_Key pause_position_modsec-debug
DB cp-ingress-modsec-debug.db
DB.locking true
Storage.type filesystem
Storage.pause_on_chunks_overlimit True
[INPUT]
Name tail
Alias modsec_nginx_ingress_stdout
Expand Down Expand Up @@ -94,6 +109,20 @@ resource "kubernetes_config_map" "fluent-bit-config" {
Reserve_Data On
Preserve_Key On
[FILTER]
Name lua
Match cp-ingress-modsec-debug.*
script /fluent-bit/scripts/cb_extract_tag_value.lua
call cb_extract_tag_value
[FILTER]
Name parser
Parser generic-json
Match cp-ingress-modsec-debug.*
Key_Name log
Reserve_Data On
Preserve_Key On
[OUTPUT]
Name opensearch
Alias modsec_nginx_ingress_audit
Expand Down Expand Up @@ -257,6 +286,24 @@ resource "kubernetes_config_map" "logrotate_config" {
copytruncate
maxage 1
}
/var/log/debug/**/**/* {
hourly
rotate 0
missingok
maxage 1
}
/var/log/debug/*.log {
su root 82
hourly
rotate 2
missingok
compress
delaycompress
copytruncate
maxage 1
}
EOT
}

Expand Down
6 changes: 3 additions & 3 deletions templates/modsecurity.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -214,8 +214,8 @@ SecDataDir /tmp/
# The default debug log configuration is to duplicate the error, warning
# and notice messages from the error log.
#
#SecDebugLog /opt/modsecurity/var/log/debug.log
#SecDebugLogLevel 3
SecDebugLog /var/log/debug/debug.log
SecDebugLogLevel 0


# -- Audit log configuration -------------------------------------------------
Expand All @@ -231,7 +231,7 @@ SecAuditLogRelevantStatus "^(?:5|4(?!04))"
SecAuditLogParts AEFHKZ

# Use a single file for logging. This is much easier to look at, but
# assumes that you will use the audit log only ocassionally.
# assumes that you will use the audit log only occasionally.
#
SecAuditLogType Concurrent

Expand Down
10 changes: 9 additions & 1 deletion templates/values.yaml.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,8 @@ controller:
## Additional volumeMounts to the controller main container.
- name: logs-volume
mountPath: /var/log/audit/
- name: logs-debug-volume
mountPath: /var/log/debug/
- name: modsecurity-nginx-config
mountPath: /etc/nginx/modsecurity/modsecurity.conf
subPath: modsecurity.conf
Expand All @@ -75,10 +77,12 @@ controller:
extraInitContainers:
- name: init-file-permissions
image: busybox
command: ["sh", "-c", "chmod -R 777 /var/log/audit"]
command: ["sh", "-c", "chmod -R 777 /var/log/audit /var/log/debug"]
volumeMounts:
- name: logs-volume
mountPath: /var/log/audit
- name: logs-debug-volume
mountPath: /var/log/debug

extraContainers:
- name: flb-modsec-logs
Expand All @@ -92,6 +96,8 @@ controller:
mountPath: /fluent-bit/scripts/
- name: logs-volume
mountPath: /var/log/audit/
- name: logs-debug-volume
mountPath: /var/log/debug/
- name: varlog-pods
mountPath: /var/log/pods/
- name: varlog-containers
Expand Down Expand Up @@ -123,6 +129,8 @@ controller:
mountPath: /home
- name: logs-volume
mountPath: /var/log/audit/
- name: logs-debug-volume
mountPath: /var/log/debug/
resources:
requests:
cpu: "100m"
Expand Down

0 comments on commit e577650

Please sign in to comment.