ModSecurity: collections_remove_stale failed

MACscr

Well-Known Member
Sep 30, 2003
198
5
168
cPanel Access Level
Root Administrator
Any suggestions for resolving this issue with mod_security and appearing in the apache error_log?

ModSecurity: collections_remove_stale: Failed deleting collection .......

My ip.pag is about 250MB and it appears that IP's that are supposed to be blocked are not being blocked. Getting a bit frustrating. This ip.pag file sure seems to be collecting more IP's per second than apache is saying its serving per second as well. whats up with that?
 

quizknows

Well-Known Member
Oct 20, 2009
1,008
87
78
cPanel Access Level
DataCenter Provider
You can always try clearing it out yourself, simply delete ip.dir and ip.pag and restart apache. The files should recreate themselves as soon as rules are processed. Check your permissions on /tmp and /var/cpanel/secdatadir, /tmp should be 1777 and /var/cpanel/secdatadir should be 1770

Out of curiosity do you happen to be using RUID2?
 

MACscr

Well-Known Member
Sep 30, 2003
198
5
168
cPanel Access Level
Root Administrator
No I am not, i am using suphp. I have deleted them and it does appear to have helped. Should we be using logrotate or something like that to maintain these files? If there is a logrotate conf for them, can someone share it with me?
 

quizknows

Well-Known Member
Oct 20, 2009
1,008
87
78
cPanel Access Level
DataCenter Provider

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Hello :)

Feel free to update this thread and let us know if lowering the "SecCollectionTimeout" value addressed the issue.

Thank you.
 

MACscr

Well-Known Member
Sep 30, 2003
198
5
168
cPanel Access Level
Root Administrator
Still happening. Super frustrating. I dont know of anyone using any type of pruning process for theirs either. Im not sure what i could be doing differently than others.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Hello :)

Internal case number FB-188769 is open to determine if rotation for /var/cpanel/secdatadir/ip.pag is a viable option. You may want to utilize the following utility offered by Mod_Security in the meantime:

https://github.com/SpiderLabs/modsec-sdbm-util

Thank you.