Implement default NGINX logging
-
Currently logging in NGINX is set to combined2. This requires tools that rely on log parsers to have new log parsers developed to work with Combined2 format. Currently Crowdsec and Wazuh/ossec have troubles with combined2 format due to parsing issues. By simply changing the nginx conf log format section to default as referenced in this thread https://forum.cloudron.io/topic/6077/nginx-logs-format?_=1639325942653, both Wazuh/ossec agents can properly parse nginx logs and provide protection against malicious actors. Likewise, crowdsec will function and be able to provide blocking actions based on malicious activity observed in the nginx logs. Without this change, new parsers would have to be written for Wazuh/ossec, and crowdsec.
-
Currently logging in NGINX is set to combined2. This requires tools that rely on log parsers to have new log parsers developed to work with Combined2 format. Currently Crowdsec and Wazuh/ossec have troubles with combined2 format due to parsing issues. By simply changing the nginx conf log format section to default as referenced in this thread https://forum.cloudron.io/topic/6077/nginx-logs-format?_=1639325942653, both Wazuh/ossec agents can properly parse nginx logs and provide protection against malicious actors. Likewise, crowdsec will function and be able to provide blocking actions based on malicious activity observed in the nginx logs. Without this change, new parsers would have to be written for Wazuh/ossec, and crowdsec.
@mastadamus thanks so much for investigating. I have removed it for next release (7.1) - https://git.cloudron.io/cloudron/box/-/commit/6492c9b71f80120413ff4ae7eefa2f03dc96ea0f
-
S Sydney referenced this topic on
-
S Sydney referenced this topic on
