The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

mod_security logs

Discussion in 'Security' started by ffeingol, Jul 14, 2008.

  1. ffeingol

    ffeingol Well-Known Member
    PartnerNOC

    Joined:
    Nov 9, 2001
    Messages:
    215
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    DataCenter Provider
    We have mod_security installed via cpanel. We have the default settings in modsec2.conf and a ton of custom rules added via WHM that go into modsec2.user.conf. The weird part is that the mod_security audit are going into the Apache error_log not modsec_audit.log

    Here is the directive from modsec2.conf:

    SecAuditLog logs/modsec_audit.log

    I've grep'ed through all the Apache config files and there is nothing overriding that rule. Anyone seen an issue like this before?

    TIA
     
  2. lntu2000

    lntu2000 Registered

    Joined:
    Mar 7, 2008
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    EDit:

    SecAuditLog /var/logs/mocsec_audit.log

    Then restart httpd: service httpd restart
     
  3. ffeingol

    ffeingol Well-Known Member
    PartnerNOC

    Joined:
    Nov 9, 2001
    Messages:
    215
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    DataCenter Provider
    We don't want them in /var/log/ We want them in the Apache log's dir like the rest of the logs. With the directive (as we have it) an empty modsec_audit.log is getting created but the messages are still logged to error_log not modsec_audit.log.

    Frank
     
Loading...

Share This Page