ffeingol

Well-Known Member
PartnerNOC
Nov 9, 2001
746
302
363
cPanel Access Level
DataCenter Provider
We have mod_security installed via cpanel. We have the default settings in modsec2.conf and a ton of custom rules added via WHM that go into modsec2.user.conf. The weird part is that the mod_security audit are going into the Apache error_log not modsec_audit.log

Here is the directive from modsec2.conf:

SecAuditLog logs/modsec_audit.log

I've grep'ed through all the Apache config files and there is nothing overriding that rule. Anyone seen an issue like this before?

TIA
 

lntu2000

Registered
Mar 7, 2008
1
0
51
We have mod_security installed via cpanel. We have the default settings in modsec2.conf and a ton of custom rules added via WHM that go into modsec2.user.conf. The weird part is that the mod_security audit are going into the Apache error_log not modsec_audit.log

Here is the directive from modsec2.conf:

SecAuditLog logs/modsec_audit.log

I've grep'ed through all the Apache config files and there is nothing overriding that rule. Anyone seen an issue like this before?

TIA
EDit:

SecAuditLog /var/logs/mocsec_audit.log

Then restart httpd: service httpd restart
 

ffeingol

Well-Known Member
PartnerNOC
Nov 9, 2001
746
302
363
cPanel Access Level
DataCenter Provider
We don't want them in /var/log/ We want them in the Apache log's dir like the rest of the logs. With the directive (as we have it) an empty modsec_audit.log is getting created but the messages are still logged to error_log not modsec_audit.log.

Frank