Update logstash-modsecurity.conf

bitsofinfo · bitsofinfo · commit a243ba38b08d · 2014-05-02T11:32:11.000-06:00
diff --git a/logstash-modsecurity.conf b/logstash-modsecurity.conf
@@ -85,7 +85,7 @@ filter {
   #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
   ruby {
-    code => "if !event['message'].nil?; modSecSectionData = event['message'].split(/(--[a-fA-F0-9]{8}-[A-Z]--)/); modSecSectionData.shift;  for i in 0..(modSecSectionData.length-1); sectionName = modSecSectionData.shift; if sectionName.nil?; break; end; sectionData = modSecSectionData.shift; if sectionName.include? '-A--'; sectionName = 'rawSectionA'; elsif sectionName.include? '-B--'; sectionName = 'rawSectionB'; elsif sectionName.include? '-C--'; sectionName = 'rawSectionC'; elsif sectionName.include? '-D--'; sectionName = 'rawSectionD'; elsif sectionName.include? '-E--'; sectionName = 'rawSectionE'; elsif sectionName.include? '-F--'; sectionName = 'rawSectionF'; elsif sectionName.include? '-G--'; sectionName = 'rawSectionG'; elsif sectionName.include? '-H--'; sectionName = 'rawSectionH'; elsif sectionName.include? '-I--'; sectionName = 'rawSectionI'; elsif sectionName.include? '-J--'; sectionName = 'rawSectionJ'; elsif sectionName.include? '-K--'; sectionName = 'rawSectionK'; else; sectionName = ''; end;if !sectionName.nil? and sectionName != '' and sectionName != 'null' and sectionName != ' '; sectionName = sectionName.strip; sectionData = sectionData.strip; if !sectionName.nil? and sectionName != '' and sectionName != 'null' and sectionName != ' '; event.to_hash.merge!(sectionName => sectionData); end; end; end; end"
+    code => "if !event['message'].nil?; modSecSectionData = event['message'].split(/(--[a-fA-F0-9]{8}-[A-Z]--)/); modSecSectionData.shift;  for i in 0..(modSecSectionData.length-1); sectionName = modSecSectionData.shift; if sectionName.nil?; break; end; sectionData = modSecSectionData.shift; if sectionName.include? '-A--'; sectionName = 'rawSectionA'; elsif sectionName.include? '-B--'; sectionName = 'rawSectionB'; elsif sectionName.include? '-C--'; sectionName = 'rawSectionC'; elsif sectionName.include? '-D--'; sectionName = 'rawSectionD'; elsif sectionName.include? '-E--'; sectionName = 'rawSectionE'; elsif sectionName.include? '-F--'; sectionName = 'rawSectionF'; elsif sectionName.include? '-G--'; sectionName = 'rawSectionG'; elsif sectionName.include? '-H--'; sectionName = 'rawSectionH'; elsif sectionName.include? '-I--'; sectionName = 'rawSectionI'; elsif sectionName.include? '-J--'; sectionName = 'rawSectionJ'; elsif sectionName.include? '-K--'; sectionName = 'rawSectionK'; else; sectionName = ''; end;if !sectionName.nil? and sectionName != '' and sectionName != 'null' and sectionName != ' '; sectionName = sectionName.strip; if !sectionData.nil?; sectionData = sectionData.strip; end; if !sectionName.nil? and sectionName != '' and sectionName != 'null' and sectionName != ' '; event.to_hash.merge!(sectionName => sectionData); end; end; end; end"
   }
 
 

Original file line number	Diff line number	Diff line change
`@@ -85,7 +85,7 @@ filter {`
`85`	`85`	`#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
`86`	`86`
`87`	`87`	`ruby {`
`88`		- code => "if !event['message'].nil?; modSecSectionData = event['message'].split(/(--[a-fA-F0-9]{8}-[A-Z]--)/); modSecSectionData.shift; for i in 0..(modSecSectionData.length-1); sectionName = modSecSectionData.shift; if sectionName.nil?; break; end; sectionData = modSecSectionData.shift; if sectionName.include? '-A--'; sectionName = 'rawSectionA'; elsif sectionName.include? '-B--'; sectionName = 'rawSectionB'; elsif sectionName.include? '-C--'; sectionName = 'rawSectionC'; elsif sectionName.include? '-D--'; sectionName = 'rawSectionD'; elsif sectionName.include? '-E--'; sectionName = 'rawSectionE'; elsif sectionName.include? '-F--'; sectionName = 'rawSectionF'; elsif sectionName.include? '-G--'; sectionName = 'rawSectionG'; elsif sectionName.include? '-H--'; sectionName = 'rawSectionH'; elsif sectionName.include? '-I--'; sectionName = 'rawSectionI'; elsif sectionName.include? '-J--'; sectionName = 'rawSectionJ'; elsif sectionName.include? '-K--'; sectionName = 'rawSectionK'; else; sectionName = ''; end;if !sectionName.nil? and sectionName != '' and sectionName != 'null' and sectionName != ' '; sectionName = sectionName.strip; sectionData = sectionData.strip; if !sectionName.nil? and sectionName != '' and sectionName != 'null' and sectionName != ' '; event.to_hash.merge!(sectionName => sectionData); end; end; end; end"
	`88`	+ code => "if !event['message'].nil?; modSecSectionData = event['message'].split(/(--[a-fA-F0-9]{8}-[A-Z]--)/); modSecSectionData.shift; for i in 0..(modSecSectionData.length-1); sectionName = modSecSectionData.shift; if sectionName.nil?; break; end; sectionData = modSecSectionData.shift; if sectionName.include? '-A--'; sectionName = 'rawSectionA'; elsif sectionName.include? '-B--'; sectionName = 'rawSectionB'; elsif sectionName.include? '-C--'; sectionName = 'rawSectionC'; elsif sectionName.include? '-D--'; sectionName = 'rawSectionD'; elsif sectionName.include? '-E--'; sectionName = 'rawSectionE'; elsif sectionName.include? '-F--'; sectionName = 'rawSectionF'; elsif sectionName.include? '-G--'; sectionName = 'rawSectionG'; elsif sectionName.include? '-H--'; sectionName = 'rawSectionH'; elsif sectionName.include? '-I--'; sectionName = 'rawSectionI'; elsif sectionName.include? '-J--'; sectionName = 'rawSectionJ'; elsif sectionName.include? '-K--'; sectionName = 'rawSectionK'; else; sectionName = ''; end;if !sectionName.nil? and sectionName != '' and sectionName != 'null' and sectionName != ' '; sectionName = sectionName.strip; if !sectionData.nil?; sectionData = sectionData.strip; end; if !sectionName.nil? and sectionName != '' and sectionName != 'null' and sectionName != ' '; event.to_hash.merge!(sectionName => sectionData); end; end; end; end"
`89`	`89`	`}`
`90`	`90`
`91`	`91`