Access SecAuditLog in a callback

[rauanmayemir]

Summary

Similar to how we can intercept debuglogger and interruptions, it would be great to also be able to interact with auditlog.

Basic example

waf, err = coraza.NewWAF(
	coraza.NewWAFConfig().
		WithDirectives(directive).
		WithDebugLogger(customDebuglogLogger()).
		WithErrorCallback(errorCallback).
		WithAuditlogCallback(auditlogCallback).
		WithRootFS(coreruleset.FS),
)

Motivation

Workloads are running in stateless non-privileged pods with specialized logger infra (e.g elastic ecs formatter), so we can't send auditlog into file or stdout/stderr. We would prefer a callback that lets us re-use our existing logger infra.

[jptosso]

Hey @rauanmayemir, although I like the idea of callbacks for most capabilities, you can use the audit log interfaces

https://github.com/corazawaf/coraza/blob/main/experimental/plugins/plugintypes/auditlog.go#L125
This is an example using the syslog writer https://github.com/corazawaf/coraza/blob/main/internal/auditlog/syslog_writer.go

You can use this functions to register your own code:
https://github.com/corazawaf/coraza/blob/main/experimental/plugins/auditlog.go

[rauanmayemir]

@jptosso yeah, that would work, too. but I couldn't understand how to register it as part of the initial middleware setup. (or enable experimental mode, for that matter)

	oWAF, ok := waf.(experimental.WAFWithOptions)
	if !ok {
		panic("WAF does not implement WAFWithOptions")
	}

is this all it takes to make WAF run in experimental mode (including its plugins, etc)?