no logs into nginx error log

[ManuelRighi]

Hello,
I have Ubuntu 16.04.4 LTS, nginx 1.12.2, modsecurity 3.0.2, modsecurity-nginx v1.0.0.

All blocked transactions are not logs into nginx error log, only in the auditlog (if SecAuditEngine are enabled).

Can you help me to understand because blocked transaction aren't logged into nginx error log file ?

Thanks
Manuel

[csanders-git]

I'm actually able to reproduce this using https://hub.docker.com/r/owasp/modsecurity/ v3-ubuntu-nginx tag

[victorhora]

Thanks for the report folks.

I've confirmed this behaviour on the current version of ModSecurity-nginx. This is related with the log level in Nginx. I'm checking if this was due any change on the connector or Nginx itself.

For now, by changing the log level from the default of "error" to "warn" on the error_log should show the logs as expected.

[victorhora]

Folks, the current investigation on this one suggests that it is not really an issue/bug with libModSecurity or the connector, but rather a behaviour change.

This issue has been addressed at #116 but there's a decision to be made before merging into master as if it makes sense from technical perspective or if users that wish to see disruptive actions on the error_log should simply change the log level.

[victorhora]

As such I'm closing this one. Please follow up on #116. Thanks!

[csanders-git]

for the record I needed to go not to warn but to info log level.

[csanders-git]

In fact, at info log level only the rule itself that blocked is being reported ... AKA the anomaly scoring rule so i'd say this is still an issue @victorhora