• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

Mod_security log trouble

WillyN

New Pleskian
Hello,

I noticed that to get Mod_security writing to its modsec_audit.log I need to stop and restart Mod_security.

Once started the log file grows explosively.

I use logrotate to rotate the modsec_audit.log every 24 hours, placing the following in /etc/logrotate.conf
Code:
/var/log/modsec_audit.log {
missingok
daily
rotate 4
compress
}

This works fine, but to make Mod_security start writing to the new modsec_audit.log I need to manually restart Mod_security.

Two questions:
- What can be done to avoid having to manually restart Mod_security on a daily basis?
- What can I do to reduce the amount of info Mod_security writes to its modsec_audit.log?

Greetings.
 
Plesk logrotate already have record for modSecurity:
Code:
# cat /etc/logrotate.d/mod_security 
/var/log/modsec_audit.log {
	daily
	rotate 7
	missingok
	compress
	postrotate
		/etc/init.d/apache2 reload > /dev/null 2>/dev/null || true
	endscript
}
and I suppose that apache reload is enough, because I have no such problem with modsecurity log.
 
Plesk logrotate already have record for modSecurity:
Code:
# cat /etc/logrotate.d/mod_security 
/var/log/modsec_audit.log {
	daily
	rotate 7
	missingok
	compress
	postrotate
		/etc/init.d/apache2 reload > /dev/null 2>/dev/null || true
	endscript
}
and I suppose that apache reload is enough, because I have no such problem with modsecurity log.
On my server there's no such record.

It seems true that an apache-restart makes mod_security start logging. I don´t like to have to restart apache, I'd rather have a cleaner method. The logical way seems to me that writing continues on the newly created modsec_audit.log.

And how about restricting whar is written to the modsec_audit.log?
 
Back
Top