anacron daily error logrotate

leonep

Well-Known Member
Nov 18, 2014
169
10
68
Pescara
cPanel Access Level
Root Administrator
hi ,
1 of my boxes sometime shows error on cron daily
i have no idea what is

/etc/cron.daily/logrotate:

error: modsecurity_logs:1 duplicate log entry for /usr/local/apache/logs/modsec_audit.log
error: found error in file modsecurity_logs, skipping

you think this need more investigation?
 
Last edited:

andrew.n

Well-Known Member
Jun 9, 2020
631
182
43
EU
cPanel Access Level
Root Administrator
What is the first line in the file of /usr/local/apache/logs/modsec_audit.log?
 

andrew.n

Well-Known Member
Jun 9, 2020
631
182
43
EU
cPanel Access Level
Root Administrator
my bad sorry...what is the content of "modsecurity_logs" file?
 

leonep

Well-Known Member
Nov 18, 2014
169
10
68
Pescara
cPanel Access Level
Root Administrator
thanks for help . here is it

/usr/local/apache/logs/modsec_audit.log {
rotate 15
size=300M
missingok
compress
postrotate
/usr/local/cpanel/scripts/restartsrv_httpd &> /dev/null || true
/usr/local/cpanel/scripts/restartsrv_tailwatchd &> /dev/null || true
endscript
}
 

andrew.n

Well-Known Member
Jun 9, 2020
631
182
43
EU
cPanel Access Level
Root Administrator
Can you remove "/usr/local/apache/logs/modsec_audit.log" from that file and leave only this?

{
rotate 15
size=300M
missingok
compress
postrotate
/usr/local/cpanel/scripts/restartsrv_httpd &> /dev/null || true
/usr/local/cpanel/scripts/restartsrv_tailwatchd &> /dev/null || true
endscript
}
 

leonep

Well-Known Member
Nov 18, 2014
169
10
68
Pescara
cPanel Access Level
Root Administrator
the solution is very simple (thanks to cpanel support :) )
i append here , i hope it help someone:

The error is reporting that two different configurations are trying to rotate the same file:
[12:58:20 gemini [email protected] /etc/logrotate.d]cPs# grep '/usr/local/apache/logs/modsec_audit.log' *
httpd:/usr/local/apache/logs/modsec_audit.log
modsecurity_logs:/usr/local/apache/logs/modsec_audit.log {
Shown above, both the httpd and modsecurity_logs configurations are attempting to rotate this log, however, the second attempt is being skipped.

If you'd like to remove this warning, you can remove the second check:
mv /etc/logrotate.d/modsecurity_logs /root/modsecurity_logs.logrotate.bak

thanks