Connect the dots with observability #711
Comments
|
This issue is stale because it has been open for 30 days with no activity. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Right now there is no trivial way of connecting audit logs or debug logs (properly coraza logs) with the underlying requests or their consequent proxy logs (e.g. envoy logs). transaction ID is one identifier associated with the WAF transaction (aka the request in the server) and is local to the server request processing.
Allow the auditlogs to include extra information based on variables (e.g. REQUEST_HEADERS:X-Request-ID) is probably the easiest approach and does not need to happen in seclang necessarily but in the config of the WAF. A new auditlogpart
Xwould be needed to include all these extra fields. Whenever you want to correlated a request with a transaction, look for the request ID in the audit logs.Note: currently audit logs support printing the request headers but doing that for the sake of a single header is not only overkill but also a security concern as there is no redaction of potential sensitive information or PII.
Related corazawaf/coraza-proxy-wasm#166
The text was updated successfully, but these errors were encountered: