Log to Syslog

[svenauhagen]

Hi,

I am trying to log to syslog but there seems to be no way to do that.
RSyslog is running directly on my server so it only needs to reference the unix socket that is open to the syslog server.

Any hints on how this can be done?

Best and thanks
Sven

[albertogrimana]

Hi

I have this configuration in docker-compose.yml to send logs to a external syslog server and work with any problems
If you run syslog in same machine simply not config syslog-address

logging:
driver: syslog
options:
syslog-address: "udp://xxx.xxx.xxx.xxx:514"
tag: "corazawaf"

[svenauhagen]

Hi,

sorry I should have been more precise, I am using the debian package with systemd.
In general systemd is abstracting away stdout and stderr already to be a socket which can not be used with coraza-spoa anymore.
So I am looking for a way to configure the syslog within the coraza config.

[albertogrimana]

Maybe yo can try this

https://www.loggly.com/ultimate-guide/centralizing-with-syslog/

[svenauhagen]

It does not work because under systemd you can not use stdout in coraza-spoa as well.
It only gives the error message that there is no such file to open.
Systemd abstracts away stdout ans coraza-spoa does not seem to be able to handle that.
I can only log to a file at the moment.

[bzed]

@svenauhagen the "security" configs in https://github.com/corazawaf/coraza-spoa/blob/main/contrib/coraza-spoa.service are a bit crazy. I could only guess which line it is, but just remove all the private/protected/.... stuff until writing to stdout works.

My guess is PrivateDevices=true, buts thats a guess only.

[bzed]

Looking at the chrony.service file in debian is probably a good start for a sane implamentation of that systemd service.

[svenauhagen]

fixed by PR105