The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to prune massive modsec log archives

Discussion in 'Workarounds and Optimization' started by meeven, Oct 29, 2016.

Tags:
  1. meeven

    meeven Well-Known Member

    Joined:
    May 8, 2007
    Messages:
    124
    Likes Received:
    0
    Trophy Points:
    166
    I am seeing a massive list of daily modsec logs (each about 5 MB) archived from 11th May 2015 to 29th October 2016 at /usr/local/apache/logs/modsec_audit/nobody going something like this:
    Code:
    drwxr-x--- 706 nobody nobody 32768 May 12  2015 20150511/
    drwxr-x--- 756 nobody nobody 36864 May 13  2015 20150512/
    drwxr-x--- 737 nobody nobody 32768 May 14  2015 20150513/
    drwxr-x--- 732 nobody nobody 28672 May 15  2015 20150514/
    drwxr-x--- 756 nobody nobody 36864 May 16  2015 20150515/
    drwxr-x--- 751 nobody nobody 36864 May 17  2015 20150516/
    drwxr-x--- 702 nobody nobody 28672 May 18  2015 20150517/
    drwxr-x--- 738 nobody nobody 32768 May 19  2015 20150518/
    drwxr-x--- 719 nobody nobody 32768 May 20  2015 20150519/
    drwxr-x--- 726 nobody nobody 36864 May 21  2015 20150520/
    drwxr-x--- 717 nobody nobody 32768 May 22  2015 20150521/
    drwxr-x--- 701 nobody nobody 32768 May 23  2015 20150522/
    drwxr-x--- 712 nobody nobody 28672 May 24  2015 20150523/
    drwxr-x--- 711 nobody nobody 36864 May 25  2015 20150524/
    drwxr-x--- 717 nobody nobody 28672 May 26  2015 20150525/
    drwxr-x--- 709 nobody nobody 28672 May 27  2015 20150526/
    drwxr-x--- 725 nobody nobody 32768 May 28  2015 20150527/
    drwxr-x--- 708 nobody nobody 28672 May 29  2015 20150528/
    drwxr-x--- 700 nobody nobody 28672 May 30  2015 20150529/
    drwxr-x--- 704 nobody nobody 32768 May 31  2015 20150530/
    drwxr-x--- 699 nobody nobody 28672 Jun  1  2015 20150531/
    drwxr-x--- 722 nobody nobody 32768 Jun  2  2015 20150601/
    drwxr-x--- 721 nobody nobody 36864 Jun  3  2015 20150602/
    drwxr-x--- 692 nobody nobody 28672 Jun  4  2015 20150603/
    drwxr-x--- 706 nobody nobody 32768 Jun  5  2015 20150604/
    drwxr-x--- 720 nobody nobody 32768 Jun  6  2015 20150605/
    drwxr-x--- 702 nobody nobody 32768 Nov  9  2015 20150606/
    drwxr-x--- 702 nobody nobody 32768 Jun  8  2015 20150607/
    drwxr-x--- 718 nobody nobody 32768 Jun  9  2015 20150608/
    drwxr-x--- 718 nobody nobody 32768 Jun 10  2015 20150609/
    drwxr-x--- 708 nobody nobody 32768 Jun 11  2015 20150610/
    drwxr-x--- 692 nobody nobody 28672 Jun 12  2015 20150611/
    drwxr-x--- 705 nobody nobody 24576 Jun 13  2015 20150612/
    drwxr-x--- 694 nobody nobody 32768 Jun 14  2015 20150613/
    drwxr-x--- 684 nobody nobody 28672 Jun 15  2015 20150614/
    drwxr-x--- 702 nobody nobody 28672 Jun 16  2015 20150615/
    drwxr-x--- 698 nobody nobody 28672 Jun 17  2015 20150616/
    drwxr-x--- 541 nobody nobody 20480 Jun 18  2015 20150617/
    drwxr-x--- 475 nobody nobody 20480 Jun 19  2015 20150618/
    drwxr-x--- 470 nobody nobody 20480 Jun 20  2015 20150619/
    I am running WHM 11.58 (Build 32) and do have log rotation enabled, but apparently the logs are archived and left on the server.

    Is there a way to prune these logs so as to retain, say, just the October 2016 entries? I can't imagine doing an rm -rf on nearly 500 folders.

    Thanks in advance.
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    37,171
    Likes Received:
    1,295
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Could you open a support ticket using the link in my signature so we can review your system to determine why the individual user audit logs aren't rotated with an option to remove the archives after a set date? You can post the ticket number here and we will update this thread with the outcome.

    Thank you.
     
Loading...

Share This Page