Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

[Case CPANEL-13602] ModSecurity Logs Are Getting Huge With Logging Off

Discussion in 'Security' started by linux4me2, Jun 29, 2017.

Tags:
  1. linux4me2

    linux4me2 Well-Known Member

    Joined:
    Aug 21, 2015
    Messages:
    200
    Likes Received:
    46
    Trophy Points:
    28
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    For the past month or so, I have watched as the amount of remaining disk space on the server has quickly decreased. I tracked it down to huge ModSecurity log files in /home/username/logs of the format:
    There were three files in each account, one for April, May, and June. Most of them were hundreds of megabytes in size, and some on the busier sites were over a gigabyte.

    I found this post, but the OP never responded, so it wasn't clear what the resolution is.

    Yesterday, as a test, I set the Audit Log Level to "Do not log any transactions" and deleted the log files to reclaim the space. The ModSecurity Tools Hits list is not populated once I turn off the Audit Log.

    This morning, the log files are back, created at 0514, and are already megabytes in size.

    Here is the output of the files requested in the above post:
    and:
    I am running the Comodo WAF vendor (not the plugin) and modruid2.

    How can I prevent the ModSecurity logs from filling up my disk space?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,303
    Likes Received:
    1,847
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Internal case CPANEL-13602 is open to address an issue where the previous month's ModSecurity logs are not removed from the account's "/home/$username/logs" directory on systems with Mod_Ruid2 enabled. This happens despite enabling the "Remove the previous month's archived logs from the user's home directory at the end of each month unless configured by the user" option in "WHM >> Tweak Settings".

    I'll monitor this case and update this thread with the outcome. In the meantime, the workaround is to manually remove the logs.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    linux4me2 likes this.
  3. fgunno

    fgunno Member

    Joined:
    Apr 24, 2017
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Quebec
    cPanel Access Level:
    Root Administrator
    Do you have an Update for this problem? ( 7 years later? )
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,303
    Likes Received:
    1,847
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    There's no time frame to offer on the publication of a resolution at this time, but I do see some new activity on this case as of last week. I'll continue to monitor the case and update this thread with more information as it becomes available.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. a.rayman

    a.rayman Member

    Joined:
    Dec 7, 2016
    Messages:
    9
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    United Kingdom
    cPanel Access Level:
    Root Administrator
    Is it really necessary for it to take 1 year to resolve a bug when it is this critical?
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,303
    Likes Received:
    1,847
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    I brought this case up internally to note the continued reports of it leading to server's running out of disk space. I'll update this thread as soon as more information is available.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. linux4me2

    linux4me2 Well-Known Member

    Joined:
    Aug 21, 2015
    Messages:
    200
    Likes Received:
    46
    Trophy Points:
    28
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    cPanelMichael likes this.
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,303
    Likes Received:
    1,847
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    To update, case CPANEL-13602 is planned for inclusion with cPanel & WHM version 76.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice