Resolved Mod Security Log Files Empty

M

mdde

Regular Pleskian
Hi,
i have noticed that my mod security Log Files are empty.
Nothing happens there.

I restartet, stop & started, disabled, reenabled, changed Modus - nothing.

System:
Plesk Onyx 17.5.3
Debian 8.9

And via SSH it sais, that Service is running.

Any Ideas?
Could it be something with Cron Job?
 

Attachments

  • Bildschirmfoto 2017-08-26 um 11.24.04.jpg
    Bildschirmfoto 2017-08-26 um 11.24.04.jpg
    393.8 KB · Views: 26
today i found some lead:
Code: 
[Mon Sep 04 07:08:23.147978 2017] [core:notice] [pid 18422] AH00094: Command line: '/usr/sbin/apache2'
[Mon Sep 04 07:08:23.147990 2017] [mpm_prefork:warn] [pid 18422] AH00167: long lost child came home! (pid 18425)
[Mon Sep 04 08:41:34.305560 2017] [fcgid:warn] [pid 22305] mod_fcgid: process 4316 graceful kill fail, sending SIGKILL
[Mon Sep 04 09:50:55.711663 2017] [fcgid:warn] [pid 22305] mod_fcgid: process 21379 graceful kill fail, sending SIGKILL
[Mon Sep 04 10:41:59.168974 2017] [:error] [pid 4120] [client xx_Xx_Xx_Xx] ModSecurity: Audit log: Failed to create subdirectories: /var/log/modsecurity/audit/20170904/20170904-1041 (Permission denied) [hostname "default-xx_Xx_Xx_Xx"] [uri "/"] [unique_id "Wa0R138AAAEAABAYsHIAAABH"]

how can that be? did'nt changed any permissions.

it seems i have no folder.
I already reinstalled mod_Security but nothing...

Code: 
 cd /var/log/modsecurity/audit/
-bash: cd: /var/log/modsecurity/audit/: No such file or directory
~ # /var/log/modsecurity/
-bash: /var/log/modsecurity/: No such file or directory
 
Last edited:
Hi @IgorG ,

i have Debian 8.9 ? Do i have SELinux then?
#sestatus sais not found.

EDIT:

Ouh!! Somehow my Folders where gone (maybe Update, or while disabling Mod Security once?)
anyways.
My Mod Sec Config sais:
Code: 
SecAuditEngine RelevantOnly
SecAuditLogRelevantStatus "^(?:5|4(?!04))"
SecAuditLogParts ABIFHZ
SecAuditLogType Concurrent
SecAuditLog /var/log/modsec_audit.log
SecAuditLogStorageDir /var/log/modsecurity/audit
SecAuditLogDirMode "default"
SecAuditLogFileMode "default"

And my Folder "/var/log/modsecurity/audit" was gone.
I ran following commands to get it working again.

# mkdir -p /var/log/modsecurity/audit
# chown www-data:www-data /var/log/modsecurity/audit

No it works.
 
Last edited:
You must log in or register to reply here.

Similar threads

M
Question Plesk E-Mail Security | Failed to start clamd scanner (amavisd) daemon
Replies
7
Views
4K
Raul A.
R
J
Resolved Logs and proFtpd
Replies
5
Views
3K
JuanCar
J
U
Issue DRWeb logging to root console
Replies
5
Views
2K
uniauto
U
B
Issue High latency, unreliable performance & 522 errors on a Plesk server that ran fine for 6+ months
Replies
8
Views
5K
HHawk
HHawk
Tim_Wakeling
Issue Firewall suddenly took Plesk down overnight
2
Replies
23
Views
7K
Peter Debik
P
Back
Top