How to prune massive modsec log archives
I am seeing a massive list of daily modsec logs (each about 5 MB) archived from 11th May 2015 to 29th October 2016 at /usr/local/apache/logs/modsec_audit/nobody going something like this:
I am running WHM 11.58 (Build 32) and do have log rotation enabled, but apparently the logs are archived and left on the server. Is there a way to prune these logs so as to retain, say, just the October 2016 entries? I can't imagine doing an rm -rf on nearly 500 folders. Thanks in advance.
drwxr-x--- 706 nobody nobody 32768 May 12 2015 20150511/
drwxr-x--- 756 nobody nobody 36864 May 13 2015 20150512/
drwxr-x--- 737 nobody nobody 32768 May 14 2015 20150513/
drwxr-x--- 732 nobody nobody 28672 May 15 2015 20150514/
drwxr-x--- 756 nobody nobody 36864 May 16 2015 20150515/
drwxr-x--- 751 nobody nobody 36864 May 17 2015 20150516/
drwxr-x--- 702 nobody nobody 28672 May 18 2015 20150517/
drwxr-x--- 738 nobody nobody 32768 May 19 2015 20150518/
drwxr-x--- 719 nobody nobody 32768 May 20 2015 20150519/
drwxr-x--- 726 nobody nobody 36864 May 21 2015 20150520/
drwxr-x--- 717 nobody nobody 32768 May 22 2015 20150521/
drwxr-x--- 701 nobody nobody 32768 May 23 2015 20150522/
drwxr-x--- 712 nobody nobody 28672 May 24 2015 20150523/
drwxr-x--- 711 nobody nobody 36864 May 25 2015 20150524/
drwxr-x--- 717 nobody nobody 28672 May 26 2015 20150525/
drwxr-x--- 709 nobody nobody 28672 May 27 2015 20150526/
drwxr-x--- 725 nobody nobody 32768 May 28 2015 20150527/
drwxr-x--- 708 nobody nobody 28672 May 29 2015 20150528/
drwxr-x--- 700 nobody nobody 28672 May 30 2015 20150529/
drwxr-x--- 704 nobody nobody 32768 May 31 2015 20150530/
drwxr-x--- 699 nobody nobody 28672 Jun 1 2015 20150531/
drwxr-x--- 722 nobody nobody 32768 Jun 2 2015 20150601/
drwxr-x--- 721 nobody nobody 36864 Jun 3 2015 20150602/
drwxr-x--- 692 nobody nobody 28672 Jun 4 2015 20150603/
drwxr-x--- 706 nobody nobody 32768 Jun 5 2015 20150604/
drwxr-x--- 720 nobody nobody 32768 Jun 6 2015 20150605/
drwxr-x--- 702 nobody nobody 32768 Nov 9 2015 20150606/
drwxr-x--- 702 nobody nobody 32768 Jun 8 2015 20150607/
drwxr-x--- 718 nobody nobody 32768 Jun 9 2015 20150608/
drwxr-x--- 718 nobody nobody 32768 Jun 10 2015 20150609/
drwxr-x--- 708 nobody nobody 32768 Jun 11 2015 20150610/
drwxr-x--- 692 nobody nobody 28672 Jun 12 2015 20150611/
drwxr-x--- 705 nobody nobody 24576 Jun 13 2015 20150612/
drwxr-x--- 694 nobody nobody 32768 Jun 14 2015 20150613/
drwxr-x--- 684 nobody nobody 28672 Jun 15 2015 20150614/
drwxr-x--- 702 nobody nobody 28672 Jun 16 2015 20150615/
drwxr-x--- 698 nobody nobody 28672 Jun 17 2015 20150616/
drwxr-x--- 541 nobody nobody 20480 Jun 18 2015 20150617/
drwxr-x--- 475 nobody nobody 20480 Jun 19 2015 20150618/
drwxr-x--- 470 nobody nobody 20480 Jun 20 2015 20150619/I am running WHM 11.58 (Build 32) and do have log rotation enabled, but apparently the logs are archived and left on the server. Is there a way to prune these logs so as to retain, say, just the October 2016 entries? I can't imagine doing an rm -rf on nearly 500 folders. Thanks in advance.
-
Hello, Could you open a support ticket using the link in my signature so we can review your system to determine why the individual user audit logs aren't rotated with an option to remove the archives after a set date? You can post the ticket number here and we will update this thread with the outcome. Thank you. 0
Please sign in to leave a comment.
Comments
1 comment