chore: 🤖 enable debug logging

configmap.tf

@@ -39,6 +39,21 @@ resource "kubernetes_config_map" "fluent-bit-config" {
         Storage.type                      filesystem
         Storage.pause_on_chunks_overlimit True
 
+    [INPUT]
+        Name                              tail
+        Alias                             modsec_nginx_ingress_debug
+        Tag                               cp-ingress-modsec-debug.*
+        Path                              /var/log/debug/**/**/*
+        Parser                            docker
+        Refresh_Interval                  5
+        Buffer_Max_Size                   5MB
+        Buffer_Chunk_Size                 1M
+        Offset_Key                        pause_position_modsec-debug
+        DB                                cp-ingress-modsec-debug.db
+        DB.locking                        true
+        Storage.type                      filesystem
+        Storage.pause_on_chunks_overlimit True
+
     [INPUT]
         Name                              tail
         Alias                             modsec_nginx_ingress_stdout
@@ -94,6 +109,20 @@ resource "kubernetes_config_map" "fluent-bit-config" {
         Reserve_Data                      On
         Preserve_Key                      On
 
+    [FILTER]
+        Name                              lua
+        Match                             cp-ingress-modsec-debug.*
+        script                            /fluent-bit/scripts/cb_extract_tag_value.lua
+        call                              cb_extract_tag_value
+
+    [FILTER]
+        Name                              parser
+        Parser                            generic-json
+        Match                             cp-ingress-modsec-debug.*
+        Key_Name                          log
+        Reserve_Data                      On
+        Preserve_Key                      On
+
     [OUTPUT]
         Name                      opensearch
         Alias                     modsec_nginx_ingress_audit
@@ -257,6 +286,24 @@ resource "kubernetes_config_map" "logrotate_config" {
           copytruncate
           maxage 1
       }
+
+      /var/log/debug/**/**/* {
+          hourly
+          rotate 0
+          missingok
+          maxage 1
+      }
+
+      /var/log/debug/*.log {
+          su root 82
+          hourly
+          rotate 2
+          missingok
+          compress
+          delaycompress
+          copytruncate
+          maxage 1
+      }
     EOT
   }
 

templates/modsecurity.conf

@@ -214,8 +214,8 @@ SecDataDir /tmp/
 # The default debug log configuration is to duplicate the error, warning
 # and notice messages from the error log.
 #
-#SecDebugLog /opt/modsecurity/var/log/debug.log
-#SecDebugLogLevel 3
+SecDebugLog /var/log/debug/debug.log
+SecDebugLogLevel 0
 
 
 # -- Audit log configuration -------------------------------------------------
@@ -231,7 +231,7 @@ SecAuditLogRelevantStatus "^(?:5|4(?!04))"
 SecAuditLogParts AEFHKZ
 
 # Use a single file for logging. This is much easier to look at, but
-# assumes that you will use the audit log only ocassionally.
+# assumes that you will use the audit log only occasionally.
 #
 SecAuditLogType Concurrent
 

templates/values.yaml.tpl

@@ -58,6 +58,8 @@ controller:
   ## Additional volumeMounts to the controller main container.
     - name: logs-volume
       mountPath: /var/log/audit/
+    - name: logs-debug-volume
+      mountPath: /var/log/debug/
     - name: modsecurity-nginx-config
       mountPath: /etc/nginx/modsecurity/modsecurity.conf
       subPath: modsecurity.conf
@@ -75,10 +77,12 @@ controller:
   extraInitContainers:
     - name: init-file-permissions
       image: busybox
-      command: ["sh", "-c", "chmod -R 777 /var/log/audit"]
+      command: ["sh", "-c", "chmod -R 777 /var/log/audit /var/log/debug"]
       volumeMounts:
       - name: logs-volume
         mountPath: /var/log/audit
+      - name: logs-debug-volume
+        mountPath: /var/log/debug
 
   extraContainers:
     - name: flb-modsec-logs
@@ -92,6 +96,8 @@ controller:
         mountPath: /fluent-bit/scripts/
       - name: logs-volume
         mountPath: /var/log/audit/
+      - name: logs-debug-volume
+        mountPath: /var/log/debug/
       - name: varlog-pods
         mountPath: /var/log/pods/
       - name: varlog-containers
@@ -123,6 +129,8 @@ controller:
         mountPath: /home
       - name: logs-volume
         mountPath: /var/log/audit/
+      - name: logs-debug-volume
+        mountPath: /var/log/debug/
       resources:
         requests:
           cpu: "100m"