view mod_rawdebug/mod_rawdebug.lua @ 5748:dfbced5e54b9

mod_audit_auth: Ignore FAST authentication events by default FAST is more like a cookie that allows linking new connections to a previous (e.g. password) authentication. Since we assume that FAST tokens are secure (not user generated) and not shareable, it reduces a lot of noise by filtering out uninteresting authentication events.
author Matthew Wild <mwild1@gmail.com>
date Fri, 01 Dec 2023 11:34:52 +0000
parents c5c583fae25d
children
line wrap: on
line source

module:set_global();

local tostring = tostring;
local filters = require "util.filters";

local function log_send(t, session)
	if t and t ~= "" and t ~= " " then
		session.log("debug", "SEND(%d): %s", #t, tostring(t));
	end
	return t;
end

local function log_recv(t, session)
	if t and t ~= "" and t ~= " " then
		session.log("debug", "RECV(%d): %s", #t, tostring(t));
	end
	return t;
end

local function init_raw_logging(session)
	filters.add_filter(session, "bytes/in",  log_recv, -10000);
	filters.add_filter(session, "bytes/out", log_send,  10000);
end

filters.add_filter_hook(init_raw_logging);

function module.unload() -- luacheck: ignore
	filters.remove_filter_hook(init_raw_logging);
end