19GB modsec_audit.log

Is this file not getting rotated in my log rotate? Is this not in CWP by default and if so ho can I add it so it will get rotated?

Truncate it to zero bytes:

Code: [Select]

truncate -s0 /usr/local/apache/logs/modsec_audit.logThen go to File Management > Logrotate Manager and create a rotation rule for it. (Mine was 4K.)

Create the file:

/etc/logrotate.d/httpd

with the following content:

Code: [Select]

/usr/local/apache/logs/*log
{
        missingok
        notifempty
        sharedscripts
        copytruncate
        compress
        postrotate
                if [ -f /usr/local/apache/logs/httpd.pid ]; then
                        kill -USR1 `cat /usr/local/apache/logs/httpd.pid`
                fi
        endscript
        maxsize 100M
}

It will rotate files called like "anythinglog" located in the folder /usr/local/apache/logs/

Ok will that also rotate the error dom logs? I am noticing one or two error logs is getting large as well. Also thank you for your help.

Create the file:

/etc/logrotate.d/httpd

with the following content:

Code: [Select]

/usr/local/apache/logs/*log
{
        missingok
        notifempty
        sharedscripts
        copytruncate
        compress
        postrotate
                if [ -f /usr/local/apache/logs/httpd.pid ]; then
                        kill -USR1 `cat /usr/local/apache/logs/httpd.pid`
                fi
        endscript
        maxsize 100M
}

It will rotate files called like "anythinglog" located in the folder /usr/local/apache/logs/

Also do I run this manually when they get large oer does it run on it's own?

It will be executed automatically on daily bases. All files located in the folder /usr/local/apache/logs/ with the names "log" at the end:

something.log
something_log
somethinglog

will be checked for their size. If the file size is over than 100Mb the log file will be rotated.

It will be executed automatically on daily bases. All files located in the folder /usr/local/apache/logs/ with the names "log" at the end:

something.log
something_log
somethinglog

will be checked for their size. If the file size is over than 100Mb the log file will be rotated.

So then the dom error log files won't be rotated

cyberspace's Logrotate config will catch anything ending in .log or _log, including /usr/local/apache/logs/modsec_audit.log
and /usr/local/apache/logs/modsec_debug.log (which is the subject of this thread:

Code: [Select]

0 /usr/local/apache/logs/*bytes
129M /usr/local/apache/logs/access_log
452K /usr/local/apache/logs/error_log
4.0K /usr/local/apache/logs/httpd.pid
4.0K /usr/local/apache/logs/modsec_audit.log
0 /usr/local/apache/logs/modsec_debug.log
0 /usr/local/apache/logs/phpmail.log
0 /usr/local/apache/logs/suphp_log
0 /usr/local/apache/logs/tmpIf you're thinking of logs in /usr/local/apache/domlogs/, that is a separate logrotate config for httpd, /etc/logrotate.d/httpd:

Code: [Select]

/usr/local/apache/domlogs/*.log {
    missingok
    notifempty
    sharedscripts
    daily
    rotate 7
    postrotate
        /sbin/service httpd reload > /var/log/httpd-rotate.log 2>&1 || true
    endscript
    compress
}(which is why I would name cyberspace's config "modsec" or something like that, since your purpose is to rotate the Mod Security audit & error logs. The server-wide access & error_log files in that directory shouldn't be growing much in size unless you have something misconfigured.)

I added this code to the same logrotate.d/httpd file as the other

/usr/local/apache/domlogs/*.log {
    missingok
    notifempty
    sharedscripts
    daily
    rotate 7
    postrotate
        /sbin/service httpd reload > /var/log/httpd-rotate.log 2>&1 || true
    endscript
    compress
}

I hope that is where it goes.