Nginx libmodsecurity json log bug

[bosungs2y]

Hi
I am currently managing SecAuditLog from the Client Sever (Nginx+libmodsecurity) to the remote manager server.
However, there are some problems.
When will these features be updated ? (Q1,Q2)

Info

Nginx(1.11.13)
libModSecurity(ver.3)

Q1 Nginx libmodsecurity json log bug

> host_ip and client_ip are the same 
> Response data is not inserted 
> Setting : SecAuditLogFormat JSON
{"transaction":{"client_ip":"172.26.137.77","time_stamp":"Thu Dec  7 11:33:42 2017","server_id":"d940cf730b6a24e14e4056565f301808532d8d95","client_port":50373,"host_ip":"172.26.137.77","host_port":80,"id":"151261402255.764464","request":{"method":"GET","http_version":1.1,"uri":"/test.html","body":"","headers":{"Host":"bs-nginx5_test.com","User-Agent":"curl/7.54.0","Accept":"*/*"}},"response":{"http_code":200,"headers":{"Server":"nginx/1.11.13","Date":"Thu, 07 Dec 2017 02:33:42 GMT","Content-Length":"64","Content-Type":"text/html","Last-Modified":"Thu, 07 Dec 2017 02:33:02 GMT","Connection":"keep-alive","ETag":"\"5a28a85e-40\"","Accept-Ranges":"bytes"}}}}

Q2 Logging to external server without generating Nginx + Modsecurity file

- There is no solution

[bosungs2y]

@zimmerle
Has the bug been fixed? (Q1 Nginx libmodsecurity json log bug)

[zimmerle]

@bosungs2y you can use the https logging method to delivery the logs straight to your end server.

https://github.com/SpiderLabs/ModSecurity/blob/v3/master/src/audit_log/writer/https.cc