For the past month or so, I have watched as the amount of remaining disk space on the server has quickly decreased. I tracked it down to huge ModSecurity log files in /home/username/logs of the format:
I found this post, but the OP never responded, so it wasn't clear what the resolution is.
Yesterday, as a test, I set the Audit Log Level to "Do not log any transactions" and deleted the log files to reclaim the space. The ModSecurity Tools Hits list is not populated once I turn off the Audit Log.
This morning, the log files are back, created at 0514, and are already megabytes in size.
Here is the output of the files requested in the above post:
How can I prevent the ModSecurity logs from filling up my disk space?
There were three files in each account, one for April, May, and June. Most of them were hundreds of megabytes in size, and some on the busier sites were over a gigabyte.modsec2_username_Jun_2017.gz
I found this post, but the OP never responded, so it wasn't clear what the resolution is.
Yesterday, as a test, I set the Audit Log Level to "Do not log any transactions" and deleted the log files to reclaim the space. The ModSecurity Tools Hits list is not populated once I turn off the Audit Log.
This morning, the log files are back, created at 0514, and are already megabytes in size.
Here is the output of the files requested in the above post:
and:cat /usr/local/cpanel/etc/logrotate.d/modsecurity_logs
/usr/local/apache/logs/modsec_audit.log {
rotate 15
size=300M
missingok
compress
postrotate
/usr/local/cpanel/scripts/restartsrv_httpd 2> /dev/null > /dev/null || true
endscript
}
I am running the Comodo WAF vendor (not the plugin) and modruid2.cat /usr/local/cpanel/version
11.64.0.29
How can I prevent the ModSecurity logs from filling up my disk space?