• The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Resolved Mod Security Log Files Empty

D

daanse

Regular Pleskian
Hi,
i have noticed that my mod security Log Files are empty.
Nothing happens there.

I restartet, stop & started, disabled, reenabled, changed Modus - nothing.

System:
Plesk Onyx 17.5.3
Debian 8.9

And via SSH it sais, that Service is running.

Any Ideas?
Could it be something with Cron Job?
 

Attachments

  • Bildschirmfoto 2017-08-26 um 11.24.04.jpg
    Bildschirmfoto 2017-08-26 um 11.24.04.jpg
    393.8 KB · Views: 25
today i found some lead:
Code: 
[Mon Sep 04 07:08:23.147978 2017] [core:notice] [pid 18422] AH00094: Command line: '/usr/sbin/apache2'
[Mon Sep 04 07:08:23.147990 2017] [mpm_prefork:warn] [pid 18422] AH00167: long lost child came home! (pid 18425)
[Mon Sep 04 08:41:34.305560 2017] [fcgid:warn] [pid 22305] mod_fcgid: process 4316 graceful kill fail, sending SIGKILL
[Mon Sep 04 09:50:55.711663 2017] [fcgid:warn] [pid 22305] mod_fcgid: process 21379 graceful kill fail, sending SIGKILL
[Mon Sep 04 10:41:59.168974 2017] [:error] [pid 4120] [client xx_Xx_Xx_Xx] ModSecurity: Audit log: Failed to create subdirectories: /var/log/modsecurity/audit/20170904/20170904-1041 (Permission denied) [hostname "default-xx_Xx_Xx_Xx"] [uri "/"] [unique_id "Wa0R138AAAEAABAYsHIAAABH"]

how can that be? did'nt changed any permissions.

it seems i have no folder.
I already reinstalled mod_Security but nothing...

Code: 
 cd /var/log/modsecurity/audit/
-bash: cd: /var/log/modsecurity/audit/: No such file or directory
~ # /var/log/modsecurity/
-bash: /var/log/modsecurity/: No such file or directory
 
Last edited:
Hi @IgorG ,

i have Debian 8.9 ? Do i have SELinux then?
#sestatus sais not found.

EDIT:

Ouh!! Somehow my Folders where gone (maybe Update, or while disabling Mod Security once?)
anyways.
My Mod Sec Config sais:
Code: 
SecAuditEngine RelevantOnly
SecAuditLogRelevantStatus "^(?:5|4(?!04))"
SecAuditLogParts ABIFHZ
SecAuditLogType Concurrent
SecAuditLog /var/log/modsec_audit.log
SecAuditLogStorageDir /var/log/modsecurity/audit
SecAuditLogDirMode "default"
SecAuditLogFileMode "default"

And my Folder "/var/log/modsecurity/audit" was gone.
I ran following commands to get it working again.

# mkdir -p /var/log/modsecurity/audit
# chown www-data:www-data /var/log/modsecurity/audit

No it works.
 
Last edited:
You must log in or register to reply here.

Similar threads

U
Issue DRWeb logging to root console
Replies
5
Views
534
uniauto
U
C
Resolved Mariadb not working - DB query failed: SQLSTATE[HY000] [2002] No such file or directory
Replies
7
Views
2K
Crash79797
C
VirtualHorror
Issue Plesk backup issue - taking too long to list files of a particular website
2
Replies
20
Views
4K
VirtualHorror
VirtualHorror
H
Issue Modsecurity Broken from time to time
Replies
0
Views
1K
hostking
H
Endre
Issue Server Error 500 Plesk\Exception\Database DB query failed: SQLSTATE[HY000] [2002] No such file or directory
Replies
15
Views
8K
MihaiNecreala
M
Back
Top