LinkBack URL
About LinkBacksHi,
modsec_audit.log is currently clearing itself every hour in /usr/local/apache/logs, how do I change this so that it's rotated properly like most lost in /var/log?
modsec_audit.log rotates clears every hour
Hi,
modsec_audit.log is currently clearing itself every hour in /usr/local/apache/logs, how do I change this so that it's rotated properly like most lost in /var/log?
Look in /etc/cron.hourly. Remove modsecparse.pl which causes the symptom you are seeing. It parses (not very well) modsec_audit.log and inserts contents into DB modsec, then clears the log file.
Unfortunately, next time you build apache it will return so you need to keep an eye on it. I could not find a way to disable it. You may want to keep a copy as the credentials for DB modsec are in there.
Edit: after removing modsecparse.pl, modsec_audit.log will not be included in Main >> Service Configuration >> Apache Configuration >> Apache Log Rotation Configuration list so it is not rotated. A workaround is to rename modsec_audit.log to something else in modsec2.conf. After that it appears in the list and rotates normally if selected. Sadly, modsec2.conf has a tendency to be overwritten as well.
Last edited by thobarn; 04-06-2009 at 08:54 AM. Reason: Added last paragraph
Thanks I'd since posting found that cron, I will create a cron to remove it daily for when apache is built.
Reply With Quote