mod_security logs

[ffeingol]

We have mod_security installed via cpanel. We have the default settings in modsec2.conf and a ton of custom rules added via WHM that go into modsec2.user.conf. The weird part is that the mod_security audit are going into the Apache error_log not modsec_audit.log

Here is the directive from modsec2.conf:

SecAuditLog logs/modsec_audit.log

I've grep'ed through all the Apache config files and there is nothing overriding that rule. Anyone seen an issue like this before?

TIA

 

[lntu2000]

We have mod_security installed via cpanel. We have the default settings in modsec2.conf and a ton of custom rules added via WHM that go into modsec2.user.conf. The weird part is that the mod_security audit are going into the Apache error_log not modsec_audit.log

Here is the directive from modsec2.conf:

SecAuditLog logs/modsec_audit.log

I've grep'ed through all the Apache config files and there is nothing overriding that rule. Anyone seen an issue like this before?

TIA

EDit:

SecAuditLog /var/logs/mocsec_audit.log

Then restart httpd: service httpd restart

 

[ffeingol]

We don't want them in /var/log/ We want them in the Apache log's dir like the rest of the logs. With the directive (as we have it) an empty modsec_audit.log is getting created but the messages are still logged to error_log not modsec_audit.log.

Frank