SOLVED mod_security logs HUGE and Failed to access DBM file entries

jeffschips

Well-Known Member
Jun 5, 2016
264
36
78
new york
cPanel Access Level
Root Administrator
Hello. I hope everyone is safe and healthy and taking care of themselves and their loved ones.

In my /var/log/apache/error_log file as of today the beginning entry is May 18, 2021. When I search for information about trimming this file (if it's okay to do so) I see reports that there should be a Mod_Security Logs clickable link/icon in my Metrics folder of Cpanel, but none exists there.

Naturally I have access to WHM so maybe that's why it's not listed in Cpanel?

Nevertheless, what is the story with this humongous file? Can I trim it? Delete it?

Also, when using the following command to view what was triggering events:

Code:
grep ModSecurity /usr/local/apache/logs/error_log | sed -e 's#^.*\[id "\([0-9]*\).*hostname "\([a-z0-9\-\_\.]*\)"\].*uri "#\1 \2 #' | cut -d\" -f1 | sort -n | uniq -c
I am seeing lots of errors as follows:

Code:
 [Wed Sep 29 23:00:08.203229 2021] [:error] [pid 13071] [client xx.1xx.xxx.xx:38626] [client xx.xxx.xxx.xx] ModSecurity: collections_remove_stale: Failed to access DBM file
      1 [Wed Sep 29 23:00:08.290565 2021] [:error] [pid 11899] [client xx.1xx.xxx.xx:38636] [client xx.xxx.xxxxx] ModSecurity: collection_store: Failed to access DBM file




Thanks in advance.

Stay safe please.
 
Last edited:

quietFinn

Well-Known Member
Feb 4, 2006
1,701
352
438
Finland
cPanel Access Level
Root Administrator
Look in WHM -> Service Configuration -> cPanel Log Rotation Configuration
Is error_log in rotation?
 
  • Like
Reactions: cPanelAnthony

jeffschips

Well-Known Member
Jun 5, 2016
264
36
78
new york
cPanel Access Level
Root Administrator
Rotation shows 300mb and supposed to archive but I can't find any files in the reported archive directory.

Current error_log shows:

13981215 Jan 6 11:43 error_log

I wish linux would make it easy to read what 13981215 is? Bytes? Megabytes? How to read and convert?

Thank you.
 

quietFinn

Well-Known Member
Feb 4, 2006
1,701
352
438
Finland
cPanel Access Level
Root Administrator
I don't know what you mean by " Current error_log shows ",
you can see the size (in root SSH) like this:
Code:
ls -lah /usr/local/apache/logs/error_log
Edit: seems you found a solution before I finished posting...
Edit2: 13981215 is bytes, option "-h" in ls command means "human-readable"
 

jeffschips

Well-Known Member
Jun 5, 2016
264
36
78
new york
cPanel Access Level
Root Administrator
It shows size as:

13981215 Jan 6 11:43 error_log

My issue was the file was large and possibly not rotating out. However, once I could interpret what 13981215 means when running ls -la error_log (using ls -l --block-size=M error_log and now also lah) I saw that it wasn't large at all in terms of rotating out.

So solved.

Oh, and the error message "Failed to access DBM file" once examining the logs, seems to be related to non-authorized users trying to access the system, and failing.
 
Last edited:
  • Like
Reactions: quietFinn