Modsecurity date problem

[nisse]

Since I updated to 10.2.0-CURRENT_131, modesecurity has been writing entries into its database with blank dates.

Anyone know of a fix?

 

[gupi]

I confirm a similar issue in WHM 10.1.0 cPanel 10.2.0-S83, too:

IP              Date            Time            Handler                  ....
at.ac.ck.er	0000-00-00	15:33:43	cgi-script

 

[adapter]

I use modesecurity but i dont have any database for it where is?

 

[Izzee]

I use modesecurity but i dont have any database for it where is?

/var/lib/mysql/modsec
In WHM under heading SQL Services/phpMyAdmin/Database/modsec
In WHM you should also have a menu option under Add-ons down at the bottom of the left hand menu panel called Mod Security. Clicking on it will give you the current db entries with search controls and other controls for this mod.
HTH

 

[adapter]

umm i dont have it, maybe bcs i have install it from source?

what it store in the db?

 

[Izzee]

umm i dont have it, maybe bcs i have install it from source?

what it store in the db?

Your questions are not relevant to this thread but if it helps, this is what it will show in the WHM link I gave above .
This info is collected from /usr/local/apache/logs/audit_log - stored in the db and then the log file is emptied.

IP
Date
Time
Handler
GET
Host
Mod_Security-Message
Mod_Security-Action

 

[rpmws]

I am missing valid dates on last several days entries across all servers also.

 

[jeroman8]

same here: date is 0000-00-00

 

[gupi]

I'm not skilled in Perl, but could.t be an issue in the cron function which extracts info from audit_log and pokes it into the database ?

 

[pizzaman]

a typo

It's a typo in "/etc/cron.hourly/modsecparse.pl"

change from:
if ($month =~ "Jal") { $nmonth = "07"; }

to:
if ($month =~ "Jul") { $nmonth = "07"; }

Somebody was doing overtime during the coding, perhaps.
Note that this may or may not survive cPanel's update. I'll submit a bug after this.

While at it, I'm not a good coder, but wouldn't it be nicer to change this line too, from

getmysqldate($date);

to

$mysqldate = getmysqldate($date);

[bugzilla ID: 2902]

 

[gupi]

It's a typo in "/etc/cron.hourly/modsecparse.pl"
change from:
if ($month =~ "Jal") { $nmonth = "07"; }
to:
if ($month =~ "Jul") { $nmonth = "07"; }

Somebody was doing overtime during the coding, perhaps.
Note that this may or may not survive cPanel's update. I'll submit a bug after this.

While at it, I'm not a good coder, but wouldn't it be nicer to change this line too, from

getmysqldate($date);

to

$mysqldate = getmysqldate($date);

[bugzilla ID: 2902]

pizzaman, you deserve a box of beer!
works great.