Technical Discovery on what logging mechanism to use with ModSecurity in the WAF

Discovery around the settings to use with ModSecurity and the audit logging mechanism, logging format, and exposure to GitLab application.

Options for logging mechanism (Default Serial today) https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-%28v2.x%29#secauditlogtype
Options for logging format (Default Native today) https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-%28v2.x%29#SecAuditLogFormat

Desired outcome

Technical direction for which audit logging format we should use by default
Technical direction for logging format
Technical direction for remote logging
Issue with details for how to approach implementation or a list of specific questions to answer

Decisions

#32459 (comment 240542518)

Edited Nov 06, 2019 by Sam Kerr