The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mod Security Hit List is empty and Internal error in modsec log

Discussion in 'Security' started by postcd, Apr 30, 2016.

  1. postcd

    postcd Well-Known Member

    Joined:
    Oct 22, 2010
    Messages:
    620
    Likes Received:
    6
    Trophy Points:
    18
    Hello,

    i see at
    WHM » Security Center » ModSecurity™ Tools » Hits List

    it is empty where usually i had hits there.

    The Rules List contains active and published rules

    tail of modsec_audit.log:
    Please which Linux commands or what to do to discover cause & fix?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    Would you mind opening a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
  3. postcd

    postcd Well-Known Member

    Joined:
    Oct 22, 2010
    Messages:
    620
    Likes Received:
    6
    Trophy Points:
    18
    Thx for an advice, i submitted ticket and this is the final reply by the cpanel staff:


    After continued research, I found that your custom configuration relocated the ModSecAuditLog. I created a backup of your existing configuration, and made the following changes as shown:
    ====
    [11:26:22 host1 root@7542771 /usr/local/apache/conf]cPs# cp -av modsec2.user.conf{,.7542771.bak}
    `modsec2.user.conf' -> `modsec2.user.conf.7542771.bak'

    [11:35:38 host1 root@7542771 /usr/local/apache/conf]cPs# diff modsec2.user.conf.7542771.bak modsec2.user.conf
    51,52c51,53
    < SecAuditLogType Serial
    < SecAuditLog logs/mod_security.log
    ---
    > #SecAuditLogType Serial
    > #SecAuditLog logs/mod_security.log
    > SecAuditLog /usr/local/apache/logs/modsec_audit.log
    55c56
    < SecDataDir logs/mod_security-data
    ---
    > #SecDataDir logs/mod_security-data
    ====

    After doing so, you'll notice your Hits List is now being populated.


    ----
    so it appears issue is solved
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page