Modsecparse.pl and new modsecurity...
I noticed recently on our new servers that the modsecurity log was increasing in size to the point where it was causing problems. I looked for the modsecparse cron job and it wasn't there in /etc/cron.hourly on any of our new servers.
I'm presuming that this is happening because the old modsecurity plugin no longer exists and cpanel have done away with the modsecparse script?
If that isn't the case - could it be that the file isn't there because we have been compiling Apache via a saved easyapache build? Does this miss out the process of setting up the modsecparse script? Do we need to compile all the servers manually from WHM to make this work?
If I click on the new "Modsecurity Tools" option, I see a full 7 days of modescurity history. I presume the log is getting parsed somehow and this tool is querying the modsec database?
Confused...
-
So it turns out that modsecparse script is no longer used, but having made changes to their modsec plugin, cPanel didn't add modsec_audit.log to logrotate and it now simply grows in size until you remove it. You can ether add it to logrotate or set a cron to delete the file periodically. There is a feature request here... 0 -
Hello, Thank you for taking the time to update this thread with the URL to the feature request. That feature is included with cPanel version 11.50, as you mentioned. 0
Please sign in to leave a comment.
Comments
2 comments