Stop logging for particular REQBODY_ERROR_MSG

[mailtoyogeshpatel]

We have a following rule
SecRule REQBODY_ERROR "!@eq 0"
"id:'200001', phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"

in modsecurity log file we are getting so many logs like following :
"
Message: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "D:/tools/Apache2.4.x/conf/extra/highq/modsec/modsecurity.conf"] [line "132"] [id "200001"] [msg "Failed to parse request body."] [data "Error reading request body: Client went away."] [severity "CRITICAL"]
"
i want to stop logging only if REQBODY_ERROR_MSG contains "Client went away." How to achieve this?

[victorhora]

Your issue seems like a rare case. According to your error message, it seems like the requesting client simply disconnected before the request body was fully buffered/parsed by ModSecurity. See https://github.com/SpiderLabs/ModSecurity/blob/v2/master/apache2/apache2_io.c#L206-L225.

As for methods to disable logging it, I believe they have already been covered below:

SpiderLabs/owasp-modsecurity-crs#271
https://sourceforge.net/p/mod-security/mailman/search/?q=%22Client+went+away%22