• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved Empty ModSecurity Log File

othmaqsa

Regular Pleskian
Server operating system version
Ubuntu 20.04.5 LTS
Plesk version and microupdate number
18.0.49 #2
Hello,

When I try to check the logs in ModSecurity Log File or Logs Archive, it shows a blank page, it doesn't show any logs.

Firewall mode : Detection only
 
A similar issue was recently reported in the Facebook group. The solution there was that no logs existed, hence none were shown. Have you checked that there are actually log entries, e.g. by checking the access_ssl_log and error_log files in the /logs directory?
 
ModSecurity is not responding to non-existent files. Can you reproduce the issue with a scenario where an existing file is used?
 
Same problem, Log file still empty.

Do I need to wait at least 24H before checking the Mod Sec Log File ?
 
It needs to be checked in detail. Have you seen this other thread with a similar issue?
 
It needs to be checked in detail. Have you seen this other thread with a similar issue?
Hello @Peter Debik ,

I have tried this cmd:

cd /var/log/modsecurity/audit/
Output: -bash: cd: /var/log/modsecurity/audit/: No such file or directory
 
Also, what is the exact name of the config file of Modsecurity for nginx to check the file if exist or not ?
 
I am afraid that this is not leading to anywhere at the moment, but we need to come to a solution. I suggest that you open a ticket with Plesk support so that the resolution path gets more focused and an engineer can look onto your server directly to find out what is going on.
 
@Peter Debik , I have a good news.

Some Logs are showing currently since 2 days. So normally, the ModSec is working now.

Another question please:

In the Predefined set of values:
When I set "Fast" : Few logs is logged.
When I set "Tradeoff" : A lot of logs is logged with some error and false positive.

If I keep FAST, maybe few attacks will be blocked by ModSec, and other attacks not.
If I keep TRADEOFF, I have to sort out the rules that block plugins on Wordpress but normally the server will be more protected.

What is the best solution in your opinion?
 
For a Wordpress site I believe that "fast" will do. Instead, apply all security options from the "Security" link in WP Toolkit.
 
Back
Top