failed to lock global mutex
I've spent a good few hours trying to find an answer to this, but I'm struggling.
Can anyone explain what this meas in apache logs.
[Tue Jun 20 14:13:28.316922 2017] [:error] [pid 18909] [client xxx.xxx.xxx.xxx] ModSecurity: Audit log: Failed to lock global mutex: Invalid argument [hostname "mydomain.com"> [uri "/cgi-sys/ea-php56/index.php"> [unique_id "WUkfdwhdWs2BJ4nkeYY4RAAAAAE">
-
Hello, This error message is discussed on the following thread: ModSecurity Failed to lock proc mutex You may also find this thread helpful: ModSecurity - SecDataDir Thank you. 0 -
These are similar to the ones I found. Unfortunately, they all appear to be related to Ruid2, which I don't currently use. Also, they mention "Permission denied" whereas I'm seeing "Invalid Argument" 0 -
Hello, Are you using MPM ITK? Thank you. 0 -
I'm not using that either, I'm using SUExec 0 -
Hello, Feel free to open a support ticket using the link in my signature if you'd like us to take a closer look at the affected system. Thank you. 0 -
Ticket 8634193 0 -
support says: It appears that this is occurring when too many multiple entries are trying to be added to the modsec_audit log simultaneously and one cannot receive a file lock. This doesn't appear to be happening all the time. Based on what I see it's likely when a traffic spike happens. I checked the configuration in Home >> Security Center >>ModSecurity Configuration >> Configure Global Directives and it looks like you are logging all mod_security events to the Audit log. If you reduce the logging level you will likely see this error less ( if at all) since Apache won't be consistently writing to the mod_security audit log. Logging only noteworthy transactions would be the recommended setting in my opinion. You can always turn up the logging level later if you ever need it. In my experience the audit logs are only needed when troubleshooting an issue. 0
Please sign in to leave a comment.
Comments
7 comments