From a6ba0e869c915c7bb4dba94c4095f27e3b0ff15c Mon Sep 17 00:00:00 2001
From: bui <thibault@crowdsec.net>
Date: Tue, 11 Jul 2023 09:29:17 +0200
Subject: [PATCH] imp logging

---
 pkg/acquisition/modules/waf/utils.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/pkg/acquisition/modules/waf/utils.go b/pkg/acquisition/modules/waf/utils.go
index 879557477..a6a5b534f 100644
--- a/pkg/acquisition/modules/waf/utils.go
+++ b/pkg/acquisition/modules/waf/utils.go
@@ -44,7 +44,11 @@ func RuleMatchToEvent(rule corazatypes.MatchedRule, tx corazatypes.Transaction,
 	//def needs fixing
 	evt.Stage = "s00-raw"
 	evt.Process = true
-	log.Infof("SOURCE IP: %+v", rule)
+	log.WithFields(log.Fields{
+		"module": "waf",
+		"source": rule.ClientIPAddress(),
+		"id":     rule.Rule().ID(),
+	}).Infof("%s", rule.Message())
 	//we build a big-ass object that is going to be marshaled in line.raw and unmarshaled later.
 	//why ? because it's more consistent with the other data-sources etc. and it provides users with flexibility to alter our parsers
 	CorazaEvent := map[string]interface{}{