WAF - Open S. - Coraza
Posté : dim. avr. 12, 2026 3:50 pm
Commande Log
l’essentiel : tail -n 20 /var/log/caddy/coraza-audit.log | jq '.transaction | {date: .timestamp, ip: .client_ip, uri: .request.uri, blocked: .is_interrupted, ruleset: .producer.rulesets}'
blocages : grep '"is_interrupted":true' /var/log/caddy/coraza-audit.log | jq '.transaction | {date: .timestamp, ip: .client_ip, uri: .request.uri, blocked: .is_interrupted}'
Regles : grep '"is_interrupted":true' /var/log/caddy/coraza-audit.log | jq '{date: .transaction.timestamp, ip: .transaction.client_ip, uri: .transaction.request.uri, message: .messages[0].error_message}'
l’essentiel : tail -n 20 /var/log/caddy/coraza-audit.log | jq '.transaction | {date: .timestamp, ip: .client_ip, uri: .request.uri, blocked: .is_interrupted, ruleset: .producer.rulesets}'
blocages : grep '"is_interrupted":true' /var/log/caddy/coraza-audit.log | jq '.transaction | {date: .timestamp, ip: .client_ip, uri: .request.uri, blocked: .is_interrupted}'
Regles : grep '"is_interrupted":true' /var/log/caddy/coraza-audit.log | jq '{date: .transaction.timestamp, ip: .transaction.client_ip, uri: .transaction.request.uri, message: .messages[0].error_message}'