Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Mod_Security logs..

Discussion in 'Security' started by sh4ka, Aug 23, 2005.

  1. sh4ka

    sh4ka Well-Known Member

    Joined:
    May 12, 2005
    Messages:
    444
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Uruguay
    cPanel Access Level:
    DataCenter Provider
    Hello everyone,

    Recently i compiled mod security as apache module by my own.... Now... Time ago I installed the add on "mod_security" from the AddOn Module at the WHM.. When I used this AddOn.. I was able to see the attack logs (sort by date, attack, action taken, IP, etc).. but now that I compiled mod security by my own from the source code I don't know where to find those logs? please can anyone tell me the path of attacks logs?

    thkz!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    21
    Trophy Points:
    463
    Location:
    Go on, have a guess
    They're wherever you have configured them to be created in the mod_security container within httpd.conf using the SecAuditLog directive. Usually that is /usr/local/apache/logs/audit_log
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. domenetorget

    domenetorget Active Member

    Joined:
    Sep 26, 2004
    Messages:
    40
    Likes Received:
    0
    Trophy Points:
    156
    Location:
    Hokksund, Norway
    Lately, these logs have been empty. Is there a problem with mod_security lately?
    (I have 7 cPanel servers - and all of them have empty audit_log-files.)
     
  4. sh4ka

    sh4ka Well-Known Member

    Joined:
    May 12, 2005
    Messages:
    444
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Uruguay
    cPanel Access Level:
    DataCenter Provider
    the log is empty for me too :( ?????
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. fred123123

    fred123123 Well-Known Member

    Joined:
    Jul 23, 2005
    Messages:
    74
    Likes Received:
    0
    Trophy Points:
    156
    your logs are probably in /var/log/httpd/ ...
     
  6. fred123123

    fred123123 Well-Known Member

    Joined:
    Jul 23, 2005
    Messages:
    74
    Likes Received:
    0
    Trophy Points:
    156
    i wonder if we can edit the file : /etc/cron.hourly/modsecparse.pl
    to tell it that the log file is not the one in apache directory ...

    I fear that it will be overwrited during an update/upgrade or anything ?
     
  7. sh4ka

    sh4ka Well-Known Member

    Joined:
    May 12, 2005
    Messages:
    444
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    Uruguay
    cPanel Access Level:
    DataCenter Provider
    i know where my apache logs are, but they still empy :S
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice