• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Mod_security log trouble

W

WillyN

New Pleskian
Hello,

I noticed that to get Mod_security writing to its modsec_audit.log I need to stop and restart Mod_security.

Once started the log file grows explosively.

I use logrotate to rotate the modsec_audit.log every 24 hours, placing the following in /etc/logrotate.conf
Code: 
/var/log/modsec_audit.log {
missingok
daily
rotate 4
compress
}

This works fine, but to make Mod_security start writing to the new modsec_audit.log I need to manually restart Mod_security.

Two questions:
- What can be done to avoid having to manually restart Mod_security on a daily basis?
- What can I do to reduce the amount of info Mod_security writes to its modsec_audit.log?

Greetings.
 
Plesk logrotate already have record for modSecurity:
Code: 
# cat /etc/logrotate.d/mod_security 
/var/log/modsec_audit.log {
	daily
	rotate 7
	missingok
	compress
	postrotate
		/etc/init.d/apache2 reload > /dev/null 2>/dev/null || true
	endscript
}
and I suppose that apache reload is enough, because I have no such problem with modsecurity log.
 
iiiuhkai said:
Plesk logrotate already have record for modSecurity:
Code: 
# cat /etc/logrotate.d/mod_security 
/var/log/modsec_audit.log {
	daily
	rotate 7
	missingok
	compress
	postrotate
		/etc/init.d/apache2 reload > /dev/null 2>/dev/null || true
	endscript
}
and I suppose that apache reload is enough, because I have no such problem with modsecurity log.
Click to expand...
On my server there's no such record.

It seems true that an apache-restart makes mod_security start logging. I don´t like to have to restart apache, I'd rather have a cleaner method. The logical way seems to me that writing continues on the newly created modsec_audit.log.

And how about restricting whar is written to the modsec_audit.log?
 
You must log in or register to reply here.

Similar threads

UHolthausen
Issue proftpd logs daily
Replies
3
Views
784
UHolthausen
UHolthausen
T
Question how to: awstats: daily log rotation for a single domain
Replies
0
Views
1K
TomBoB
T
G
Log viewer for domain log files tries to parse encrypted files which results to display error
Replies
6
Views
1K
Peter Debik
P
B
Issue High latency, unreliable performance & 522 errors on a Plesk server that ran fine for 6+ months
Replies
1
Views
153
Sebahat.hadzhi
Sebahat.hadzhi
Quinten
Resolved php-fpm_error.log is huge how to disable or delete apache log?
Replies
7
Views
4K
Quinten
Quinten
Back
Top