The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Mod_Security logs..

Discussion in 'Security' started by sh4ka, Aug 23, 2005.

  1. sh4ka

    sh4ka Well-Known Member

    Joined:
    May 12, 2005
    Messages:
    442
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    US
    cPanel Access Level:
    DataCenter Provider
    Hello everyone,

    Recently i compiled mod security as apache module by my own.... Now... Time ago I installed the add on "mod_security" from the AddOn Module at the WHM.. When I used this AddOn.. I was able to see the attack logs (sort by date, attack, action taken, IP, etc).. but now that I compiled mod security by my own from the source code I don't know where to find those logs? please can anyone tell me the path of attacks logs?

    thkz!
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    They're wherever you have configured them to be created in the mod_security container within httpd.conf using the SecAuditLog directive. Usually that is /usr/local/apache/logs/audit_log
     
  3. domenetorget

    domenetorget Active Member

    Joined:
    Sep 26, 2004
    Messages:
    40
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Hokksund, Norway
    Lately, these logs have been empty. Is there a problem with mod_security lately?
    (I have 7 cPanel servers - and all of them have empty audit_log-files.)
     
  4. sh4ka

    sh4ka Well-Known Member

    Joined:
    May 12, 2005
    Messages:
    442
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    US
    cPanel Access Level:
    DataCenter Provider
    the log is empty for me too :( ?????
     
  5. fred123123

    fred123123 Well-Known Member

    Joined:
    Jul 23, 2005
    Messages:
    74
    Likes Received:
    0
    Trophy Points:
    6
    your logs are probably in /var/log/httpd/ ...
     
  6. fred123123

    fred123123 Well-Known Member

    Joined:
    Jul 23, 2005
    Messages:
    74
    Likes Received:
    0
    Trophy Points:
    6
    i wonder if we can edit the file : /etc/cron.hourly/modsecparse.pl
    to tell it that the log file is not the one in apache directory ...

    I fear that it will be overwrited during an update/upgrade or anything ?
     
  7. sh4ka

    sh4ka Well-Known Member

    Joined:
    May 12, 2005
    Messages:
    442
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    US
    cPanel Access Level:
    DataCenter Provider
    i know where my apache logs are, but they still empy :S
     
Loading...

Share This Page