• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved Mod Security Log Files Empty

D

daanse

Regular Pleskian
Hi,
i have noticed that my mod security Log Files are empty.
Nothing happens there.

I restartet, stop & started, disabled, reenabled, changed Modus - nothing.

System:
Plesk Onyx 17.5.3
Debian 8.9

And via SSH it sais, that Service is running.

Any Ideas?
Could it be something with Cron Job?
 

Attachments

  • Bildschirmfoto 2017-08-26 um 11.24.04.jpg
    Bildschirmfoto 2017-08-26 um 11.24.04.jpg
    393.8 KB · Views: 26
today i found some lead:
Code: 
[Mon Sep 04 07:08:23.147978 2017] [core:notice] [pid 18422] AH00094: Command line: '/usr/sbin/apache2'
[Mon Sep 04 07:08:23.147990 2017] [mpm_prefork:warn] [pid 18422] AH00167: long lost child came home! (pid 18425)
[Mon Sep 04 08:41:34.305560 2017] [fcgid:warn] [pid 22305] mod_fcgid: process 4316 graceful kill fail, sending SIGKILL
[Mon Sep 04 09:50:55.711663 2017] [fcgid:warn] [pid 22305] mod_fcgid: process 21379 graceful kill fail, sending SIGKILL
[Mon Sep 04 10:41:59.168974 2017] [:error] [pid 4120] [client xx_Xx_Xx_Xx] ModSecurity: Audit log: Failed to create subdirectories: /var/log/modsecurity/audit/20170904/20170904-1041 (Permission denied) [hostname "default-xx_Xx_Xx_Xx"] [uri "/"] [unique_id "Wa0R138AAAEAABAYsHIAAABH"]

how can that be? did'nt changed any permissions.

it seems i have no folder.
I already reinstalled mod_Security but nothing...

Code: 
 cd /var/log/modsecurity/audit/
-bash: cd: /var/log/modsecurity/audit/: No such file or directory
~ # /var/log/modsecurity/
-bash: /var/log/modsecurity/: No such file or directory
 
Last edited:
Hi @IgorG ,

i have Debian 8.9 ? Do i have SELinux then?
#sestatus sais not found.

EDIT:

Ouh!! Somehow my Folders where gone (maybe Update, or while disabling Mod Security once?)
anyways.
My Mod Sec Config sais:
Code: 
SecAuditEngine RelevantOnly
SecAuditLogRelevantStatus "^(?:5|4(?!04))"
SecAuditLogParts ABIFHZ
SecAuditLogType Concurrent
SecAuditLog /var/log/modsec_audit.log
SecAuditLogStorageDir /var/log/modsecurity/audit
SecAuditLogDirMode "default"
SecAuditLogFileMode "default"

And my Folder "/var/log/modsecurity/audit" was gone.
I ran following commands to get it working again.

# mkdir -p /var/log/modsecurity/audit
# chown www-data:www-data /var/log/modsecurity/audit

No it works.
 
Last edited:
You must log in or register to reply here.

Similar threads

M
Question Plesk E-Mail Security | Failed to start clamd scanner (amavisd) daemon
Replies
7
Views
2K
Raul A.
R
J
Resolved Logs and proFtpd
Replies
5
Views
1K
JuanCar
J
U
Issue DRWeb logging to root console
Replies
5
Views
1K
uniauto
U
B
Issue High latency, unreliable performance & 522 errors on a Plesk server that ran fine for 6+ months
Replies
8
Views
2K
HHawk
HHawk
Tim_Wakeling
Issue Firewall suddenly took Plesk down overnight
2
Replies
23
Views
5K
Peter Debik
P
Back
Top