alexh_neq

Member
Jun 16, 2014
12
0
1
cPanel Access Level
DataCenter Provider
Modsecurity is currently writing logs to per user directories under /usr/local/apache/logs/modsec_audit/$USER, i believe because ruid2 is enabled. However these logs are getting massive, and as they are owned by the user they are causing many users accounts to hit their disc quota.

I cant find any way of adjusting the rotation of these per user logs, all i can find is log rotate configuration for the main modsec_audit.log in /usr/local/cpanel/etc/logrotate.d/modsecurity_logs

This thread: Add log rotation for mod_security logs says that
In cPanel & WHM version 11.50 we are adding a logrotate configuration for the main mod_security audit log. In addition we updated our log rotation daemon, cpanellogd, to handle the per user log files when using mod_ruid2.
but these logs are definitely not getting rotated!

Anyone have any idea where the log rotation configuration for the per user modsec logs is stored?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,229
463
Hello,

Could you verify which version of cPanel is installed on this system, and whether the system uses EasyApache 4, or EasyApache 4?

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,229
463
Could you open a support ticket using the link in my signature so we can determine why the logs aren't rotating? You can post the ticket number here so we can update this thread with the outcome.

Thank you.