d469e39da7
Services: - ja4sentinel: TLS/JA4 fingerprint capture daemon (Go, libpcap) - logcorrelator: JA4 log correlation engine (Go, ClickHouse) - mod_reqin_log: Apache module (C, JSON request logging) - bot_detector: ML bot detection pipeline (Python) - dashboard: FastAPI/Streamlit analytics UI (Python) Shared libraries: - shared/go/ja4common: logger, config, shutdown, ipfilter (Go module) - shared/python/ja4_common: ClickHouseClient, ClickHouseSettings (Python package) - shared/clickhouse/: canonical SQL migrations (10 files) Build & packaging: - Unified 3-stage Dockerfile.package for Go RPMs (el8/el9/el10) - go.work workspace linking sentinel, correlator, ja4common - Makefile with test-all, build-all, rpm-* targets Fixes applied: - go.work: 1.21 → 1.24.6 (required by sentinel) - correlator Dockerfiles: golang:1.21 → golang:1.24 - replace directives in go.mod for ja4common local path - pyproject.toml: setuptools.backends → setuptools.build_meta - Removed static libpcap linking (unavailable on Rocky 9) - Fixed data races in output/writers_test.go (sync.Mutex + atomic.Int32) - Rewrote corrupted test files (logger_test.go × 2) Test coverage: - correlator: 67.1% total (unixsocket 80.5%, config 91.7%, app 83.3%, multi 87.7%, stdout 100%) - sentinel: all 10 packages pass (api, capture, config, fingerprint, ipfilter, logging, output, tlsparse) Documentation: - README.md + docs/ (architecture, development, 5 services, shared libs, DB schema & migrations) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
41 lines
1.6 KiB
Plaintext
41 lines
1.6 KiB
Plaintext
# mod_reqin_log example configuration
|
|
# Load this configuration in your Apache httpd.conf or a separate included file
|
|
|
|
# Load the module (adjust path as needed)
|
|
LoadModule reqin_log_module modules/mod_reqin_log.so
|
|
|
|
# Enable mod_reqin_log
|
|
JsonSockLogEnabled On
|
|
|
|
# Unix domain socket path for JSON log output
|
|
# Important: if JsonSockLogEnabled is On and this directive is missing/empty,
|
|
# Apache startup fails due to strict configuration validation.
|
|
JsonSockLogSocket "/var/run/logcorrelator/http.socket"
|
|
|
|
# HTTP headers to include in the JSON log
|
|
# Warning: Be careful not to log sensitive headers like Authorization, Cookie, etc.
|
|
JsonSockLogHeaders X-Request-Id X-Trace-Id User-Agent Referer X-Forwarded-For \
|
|
Sec-CH-UA Sec-CH-UA-Mobile Sec-CH-UA-Platform \
|
|
Sec-Fetch-Dest Sec-Fetch-Mode Sec-Fetch-Site \
|
|
Accept Accept-Language Accept-Encoding Content-Type
|
|
|
|
# Maximum number of headers to log (from the configured list)
|
|
JsonSockLogMaxHeaders 25
|
|
|
|
# Maximum length of each header value (longer values are truncated)
|
|
JsonSockLogMaxHeaderValueLen 256
|
|
|
|
# Minimum delay between reconnect attempts to the Unix socket (seconds)
|
|
JsonSockLogReconnectInterval 10
|
|
|
|
# Minimum delay between error messages to Apache error_log (seconds)
|
|
JsonSockLogErrorReportInterval 10
|
|
|
|
# Log level for module messages: DEBUG, INFO, WARNING, ERROR, EMERG (default: WARNING)
|
|
# DEBUG: Log all messages including header skipping and buffer truncation
|
|
# INFO: Log informational messages
|
|
# WARNING: Log warnings (default)
|
|
# ERROR: Log only errors
|
|
# EMERG: Log only emergency messages
|
|
JsonSockLogLevel WARNING
|