Merge pull request #60 from shuaiZend/main

创建 request-log2file 全量请求日志插件
main
有安科技 7 months ago committed by GitHub
commit dcb329542a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

@ -0,0 +1,135 @@
---
--- Generated by MC(https://www.magentochina.org/)
--- Created by Shua1.
--- DateTime: 2024/04/29 14:32
---
local log = require("waf.log")
local _M = {
version = 0.1,
name = "request-log2file"
}
--
local logQueue = {}
--
local function getCurrentDate()
return os.date("%Y-%m-%d")
end
--
local logFilePath = "/uuwaf/logs/access_log_" .. getCurrentDate() .. ".json"
-- ,IOPS
local LOG_THRESHOLD = 10
--
local requestCounter = 0
--
local function logToFile(filename, logs)
local file = io.open(filename, "a")
if not file then
ngx.log(ngx.ERR, "Failed to open log file: ", filename)
return
end
for _, info in ipairs(logs) do
local json_str = log.encodeJson(info)
file:write(json_str .. "\n")
end
file:close()
end
--
local function shouldLogRequest(waf)
-- POSTURI
if ngx.var.request_method == "POST" then
return true
end
--
local uri = ngx.var.uri
if uri:match("/[^/]*%.(js|css|jpg|jpeg|png|gif|svg|webp)$") then
return false
end
return true
end
--
local function logToMemory(info)
table.insert(logQueue, info)
--
logToFile(logFilePath, logQueue)
end
--
local function flushLogsToFile(premature, filename)
if not premature then
if #logQueue > 0 then
logToFile(filename, logQueue)
logQueue = {} --
end
end
end
-- Base64
local function truncateString(str, length)
if str and #str > length then
str = str:sub(1, length)
end
return ngx.encode_base64(str)
end
--
function _M.log_pre_filter(waf)
--
if shouldLogRequest(waf) then
local request_body_short = ""
local block_action = ""
local waf_rule_id = ""
if ngx.var.request_method == "POST" and waf.reqContentLength > 2 then
local body_data = (waf.form and waf.form["RAW"]) or ''
if body_data then
request_body_short = truncateString(body_data, 1000) -- request_body_short Base64
end
end
if waf.msg then
block_action = "uuWaf"
waf_rule_id = waf.rule_id
end
local info = {
["__time__"] = math.floor(ngx.var.msec),
["block_action"] = block_action,
["waf_rule_id"] = waf_rule_id,
["time"] = ngx.var.time_iso8601,
["real_client_ip"] = waf.ip,
["server_addr"] = ngx.var.server_addr,
["remote_addr"] = ngx.var.http_x_forwarded_for,
["scheme"] = ngx.var.scheme,
["request_method"] = ngx.var.request_method,
["request_uri"] = ngx.var.request_uri,
["request_length"] = ngx.var.request_length,
["uri"] = ngx.var.uri,
["request_time"] = ngx.var.request_time,
["body_bytes_sent"] = ngx.var.body_bytes_sent,
["request_body"] = request_body_short,
["bytes_sent"] = ngx.var.bytes_sent,
["status"] = ngx.var.status,
["upstream_time"] = ngx.var.upstream_response_time,
["upstream_host"] = ngx.var.upstream_addr,
["upstream_status"] = ngx.var.upstream_status,
["host"] = ngx.var.host,
["http_referer"] = ngx.var.http_referer,
["http_user_agent"] = ngx.var.http_user_agent,
["http_cookie"] = ngx.var.http_cookie
}
--
table.insert(logQueue, info)
--
requestCounter = requestCounter + 1
--
if requestCounter >= LOG_THRESHOLD then
logToFile(logFilePath, logQueue)
logQueue = {} --
requestCounter = 0 --
end
end
end
return _M
Loading…
Cancel
Save