The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mod Security log file (Where is it?)

Discussion in 'Security' started by rogcan, Apr 26, 2007.

  1. rogcan

    rogcan Well-Known Member

    Joined:
    Jun 7, 2004
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    6
    I installed Mod Security thru WHM and i have added extra security checks in my /usr/local/apache/conf/modsec.user.con file.

    Everything runs fine and when i click on the Mod Security button in WHM it shows a log of all scripts/access that was denied by Mod Security but where is this file located in SSH ??

    I thought it was logs/audit.log but that file is empty so it cant be that...

    Can anyone tell me where this is located and can we increase the line amount of logs it shows in WHM?
     
  2. oulzac

    oulzac Well-Known Member

    Joined:
    Aug 7, 2005
    Messages:
    131
    Likes Received:
    0
    Trophy Points:
    16
    The main log is filed under the /usr/local/apache/logs/error_log
    that is where all the denial logs are kept.
     
  3. rogcan

    rogcan Well-Known Member

    Joined:
    Jun 7, 2004
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    6
    That aint were it logs those Mod Security logs...... Already checked that before.

    Anyone else ?
     
  4. jpetersen

    jpetersen Well-Known Member

    Joined:
    Dec 31, 2006
    Messages:
    113
    Likes Received:
    4
    Trophy Points:
    18
    /usr/local/apache/logs/audit_log

    or:

    # grep ^SecAuditLog /usr/local/apache/conf/modsec.conf

    I would advise against viewing modsec logs in a web browser, considering anyone can influence what they contain.
     
    #4 jpetersen, Apr 26, 2007
    Last edited: Apr 26, 2007
  5. rogcan

    rogcan Well-Known Member

    Joined:
    Jun 7, 2004
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    6
    Neither of those show me what i see in the Mod Security area in WHM

    /usr/local/apache/logs/audit_log (nothing in here.. it's empty)
    grep ^SecAuditLog /usr/local/apache/conf/modsec.conf (Doesnt do anything)
     
  6. WillyBoy

    WillyBoy Member

    Joined:
    Jan 23, 2006
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Check /var/log/httpd/
    wb
     
  7. rogcan

    rogcan Well-Known Member

    Joined:
    Jun 7, 2004
    Messages:
    48
    Likes Received:
    0
    Trophy Points:
    6
    Actually, i found access to this in my WHM by clicking on phpMyAdmin under the topic SQL Services

    Didnt know all this info was stored in the database called modsec

    Hope that helps anyone looking for it :)
     
  8. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    With the cPanel mod_security installation there's a cronjob that runs (modsecparse IIRC, in /etc/cron.* - can't remember which one) that empties out the mod_security log and sticks them into that MySQL database.
     
Loading...

Share This Page