Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

modsec_audit.log rotates clears every hour

Discussion in 'Security' started by 10101, Apr 5, 2009.

  1. 10101

    10101 Well-Known Member

    Joined:
    Sep 4, 2003
    Messages:
    151
    Likes Received:
    0
    Trophy Points:
    166
    Hi,

    modsec_audit.log is currently clearing itself every hour in /usr/local/apache/logs, how do I change this so that it's rotated properly like most lost in /var/log?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. thobarn

    thobarn Well-Known Member

    Joined:
    Apr 25, 2008
    Messages:
    152
    Likes Received:
    1
    Trophy Points:
    68
    Location:
    sanctum sanctorum
    Look in /etc/cron.hourly. Remove modsecparse.pl which causes the symptom you are seeing. It parses (not very well) modsec_audit.log and inserts contents into DB modsec, then clears the log file.

    Unfortunately, next time you build apache it will return so you need to keep an eye on it. I could not find a way to disable it. You may want to keep a copy as the credentials for DB modsec are in there.

    Edit: after removing modsecparse.pl, modsec_audit.log will not be included in Main >> Service Configuration >> Apache Configuration >> Apache Log Rotation Configuration list so it is not rotated. A workaround is to rename modsec_audit.log to something else in modsec2.conf. After that it appears in the list and rotates normally if selected. Sadly, modsec2.conf has a tendency to be overwritten as well.
     
    #2 thobarn, Apr 6, 2009
    Last edited: Apr 6, 2009
  3. 10101

    10101 Well-Known Member

    Joined:
    Sep 4, 2003
    Messages:
    151
    Likes Received:
    0
    Trophy Points:
    166
    Thanks I'd since posting found that cron, I will create a cron to remove it daily for when apache is built.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...
Similar Threads - modsec_audit rotates clears
  1. postcd
    Replies:
    2
    Views:
    321
  2. JeffElkins
    Replies:
    7
    Views:
    158

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice