Control Web Panel
Security => Mod_Security => Topic started by: DragoCom on March 14, 2025, 04:00:39 AM
-
Is this file not getting rotated in my log rotate? Is this not in CWP by default and if so ho can I add it so it will get rotated?
-
Truncate it to zero bytes:
truncate -s0 /usr/local/apache/logs/modsec_audit.logThen go to File Management > Logrotate Manager and create a rotation rule for it. (Mine was 4K.)
-
Create the file:
/etc/logrotate.d/httpd
with the following content:
/usr/local/apache/logs/*log
{
missingok
notifempty
sharedscripts
copytruncate
compress
postrotate
if [ -f /usr/local/apache/logs/httpd.pid ]; then
kill -USR1 `cat /usr/local/apache/logs/httpd.pid`
fi
endscript
maxsize 100M
}
It will rotate files called like "anythinglog" located in the folder /usr/local/apache/logs/
-
Ok will that also rotate the error dom logs? I am noticing one or two error logs is getting large as well. Also thank you for your help.
-
Create the file:
/etc/logrotate.d/httpd
with the following content:
/usr/local/apache/logs/*log
{
missingok
notifempty
sharedscripts
copytruncate
compress
postrotate
if [ -f /usr/local/apache/logs/httpd.pid ]; then
kill -USR1 `cat /usr/local/apache/logs/httpd.pid`
fi
endscript
maxsize 100M
}
It will rotate files called like "anythinglog" located in the folder /usr/local/apache/logs/
Also do I run this manually when they get large oer does it run on it's own?
-
It will be executed automatically on daily bases. All files located in the folder /usr/local/apache/logs/ with the names "log" at the end:
something.log
something_log
somethinglog
will be checked for their size. If the file size is over than 100Mb the log file will be rotated.
-
It will be executed automatically on daily bases. All files located in the folder /usr/local/apache/logs/ with the names "log" at the end:
something.log
something_log
somethinglog
will be checked for their size. If the file size is over than 100Mb the log file will be rotated.
So then the dom error log files won't be rotated
-
cyberspace's Logrotate config will catch anything ending in .log or _log, including /usr/local/apache/logs/modsec_audit.log
and /usr/local/apache/logs/modsec_debug.log (which is the subject of this thread:
0 /usr/local/apache/logs/*bytes
129M /usr/local/apache/logs/access_log
452K /usr/local/apache/logs/error_log
4.0K /usr/local/apache/logs/httpd.pid
4.0K /usr/local/apache/logs/modsec_audit.log
0 /usr/local/apache/logs/modsec_debug.log
0 /usr/local/apache/logs/phpmail.log
0 /usr/local/apache/logs/suphp_log
0 /usr/local/apache/logs/tmpIf you're thinking of logs in /usr/local/apache/domlogs/, that is a separate logrotate config for httpd, /etc/logrotate.d/httpd:
/usr/local/apache/domlogs/*.log {
missingok
notifempty
sharedscripts
daily
rotate 7
postrotate
/sbin/service httpd reload > /var/log/httpd-rotate.log 2>&1 || true
endscript
compress
}(which is why I would name cyberspace's config "modsec" or something like that, since your purpose is to rotate the Mod Security audit & error logs. The server-wide access & error_log files in that directory shouldn't be growing much in size unless you have something misconfigured.)
-
I added this code to the same logrotate.d/httpd file as the other
/usr/local/apache/domlogs/*.log {
missingok
notifempty
sharedscripts
daily
rotate 7
postrotate
/sbin/service httpd reload > /var/log/httpd-rotate.log 2>&1 || true
endscript
compress
}
I hope that is where it goes.