Add log format definition for perflogjson

[theseion]

We currently use a custom log format named perlogjson for the performance log of Apache. This log format doesn't exist though. It was introduced in cfe220b but without a format definition.

[fzipi]

I don't think this log format makes any sense for us. Probably this is a leftover from a different installation from the vshn team.

So I'm closing this one as won't fix.

[dune73]

I suspect it's been a VSHN->JSON version of the perflog I'm advocating in my ModSec->Apache tutorial here: https://www.netnea.com/cms/apache-tutorial-6_embedding-modsecurity/#step_5_creating_the_base_configuration

This is hardly used in production and nothing wrong with removing it.

[theseion]

Thanks for the hint!

[dune73]

The one thing you may want to make the Apache default is the extended format that I use throughout my tutorials:

LogFormat "%h %{GEOIP_COUNTRY_CODE}e %u [%{%Y-%m-%d %H:%M:%S}t.%{usec_frac}t] \"%r\" %>s %b \
\"%{Referer}i\" \"%{User-Agent}i\" \"%{Content-Type}i\" %{remote}p %v %A %p %R \
%{BALANCER_WORKER_ROUTE}e %X \"%{cookie}n\" %{UNIQUE_ID}e %{SSL_PROTOCOL}x %{SSL_CIPHER}x \
%I %O %{ratio}n%% %D %{ModSecTimeIn}e %{ApplicationTime}e %{ModSecTimeOut}e \
%{ModSecAnomalyScoreInPLs}e %{ModSecAnomalyScoreOutPLs}e \
%{ModSecAnomalyScoreIn}e %{ModSecAnomalyScoreOut}e" extended

Explained and spiced up with aliases to extract the individual columns in this tutorial: https://www.netnea.com/cms/apache-tutorial-5_extending-access-log/#step_4_configuring_the_new,_extended_log_format

The ModSec variables are defined here: https://www.netnea.com/cms/apache-tutorial-6_embedding-modsecurity/#step_5_creating_the_base_configuration
-> rules in the 90K range

[theseion]

Thanks. I've opened an issue: coreruleset/modsecurity-crs-docker#97.