idea: add suggestion on logging

[fzipi]

@RedXanadu's presentation on our CRS Dublin 2023 summit proposed interesting questions. One idea was to add information about how to do logging, what is important, etc.

[dune73]

Are the slides online already? Can you elaborate otherwise?

[lifeforms]

I don't know the scope, but I'd LOVE if we had a tutorial for (centralized) log management!

[RedXanadu]

This would be really great to see. I would definitely like to read this content as I want to learn how to perform this kind of logging/aggregation.

The context of the original proposal was: there is a lack of comprehensive, good documentation available on how to plug CRS+ModSecurity into systems like OpenSearch (formerly Kibana) and others.

Some vendors have their own proprietary solutions or internal/pay-walled documentation. There are some scattered guides available on the public internet, but I've not come across one that's complete or easy to follow.

It would be great if CRS could provide an A to Z, easy to follow, complete guide on how to do something along these lines. We've raised the idea before (coreruleset.org/docs/operation/log_handling/), but we've never had the knowledge and time to do anything about it.

---

What we need:

• Someone with operational experience to document the steps on how to achieve this kind of setup.
• (Optional) Someone to proofread the provided instructions (this part I could help with).

[dune73]

I could not agree more. I've had this conversation with customers repeatedly for many, many years.

My current work on dashboards brings me closer to his, but it's the essential part that is missing. Still miles away from this central piece.

[jcchavezs]

Shall we start a google doc on this?