The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

modsec_audit.log rotates clears every hour

Discussion in 'Security' started by 10101, Apr 5, 2009.

  1. 10101

    10101 Well-Known Member

    Joined:
    Sep 4, 2003
    Messages:
    151
    Likes Received:
    0
    Trophy Points:
    16
    Hi,

    modsec_audit.log is currently clearing itself every hour in /usr/local/apache/logs, how do I change this so that it's rotated properly like most lost in /var/log?
     
  2. thobarn

    thobarn Well-Known Member

    Joined:
    Apr 25, 2008
    Messages:
    153
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    sanctum sanctorum
    Look in /etc/cron.hourly. Remove modsecparse.pl which causes the symptom you are seeing. It parses (not very well) modsec_audit.log and inserts contents into DB modsec, then clears the log file.

    Unfortunately, next time you build apache it will return so you need to keep an eye on it. I could not find a way to disable it. You may want to keep a copy as the credentials for DB modsec are in there.

    Edit: after removing modsecparse.pl, modsec_audit.log will not be included in Main >> Service Configuration >> Apache Configuration >> Apache Log Rotation Configuration list so it is not rotated. A workaround is to rename modsec_audit.log to something else in modsec2.conf. After that it appears in the list and rotates normally if selected. Sadly, modsec2.conf has a tendency to be overwritten as well.
     
    #2 thobarn, Apr 6, 2009
    Last edited: Apr 6, 2009
  3. 10101

    10101 Well-Known Member

    Joined:
    Sep 4, 2003
    Messages:
    151
    Likes Received:
    0
    Trophy Points:
    16
    Thanks I'd since posting found that cron, I will create a cron to remove it daily for when apache is built.
     
Loading...

Share This Page