CMC does not read logs

These forums are not for questions about ModSecurity, just the cmc script itself
Post Reply
Uhl-Services
Junior Member
Posts: 7
Joined: 02 Feb 2015, 20:45
Location: Brno
Contact:

CMC does not read logs

Post by Uhl-Services »

Hello,

It seems the plugin after installed by cPanel Server Service, without any of my interference does not display or read the logs, it display this error.

Code: Select all

ConfigServer ModSecurity Control - cmc v2.01

Displaying logs from /etc/apache2/logs/modsec_audit/

No entries found in /etc/apache2/logs/modsec_audit.log

Code: Select all

root@panel [/usr/local/cpanel/whostmgr/docroot/cgi/configserver/cmc]# stat /etc/apache2/logs/modsec_audit.log
  File: ‘/etc/apache2/logs/modsec_audit.log’
  Size: 340559    	Blocks: 672        IO Block: 4096   regular file
Device: fd00h/64768d	Inode: 68573467    Links: 1
Access: (0640/-rw-r-----)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2016-07-10 08:55:50.130000000 +0200
Modify: 2016-07-10 08:55:50.129000000 +0200
Change: 2016-07-10 08:55:50.129000000 +0200
 Birth: -
Any idea?
ForumAdmin
Moderator
Posts: 1523
Joined: 01 Oct 2008, 09:24

Re: CMC does not read logs

Post by ForumAdmin »

We've just released cmc v2.02 which improves the detection of the apache modules that affect the location of the ModSecurity audit log:
http://blog.configserver.com/
HighSciFi
Junior Member
Posts: 2
Joined: 16 Sep 2016, 20:46

No entries here as well.

Post by HighSciFi »

I'm seeing this as well, even with the newest version of the cmc plugin. The file exists where it should be, has around 31k of entries, and is set 640 root:root, yet the plugin is showing no entries. Strange thing is that the cpanel modsec page is also showing no entries. I'm using the user.conf settings that are suggested for the Atomicorp rules.

Code: Select all

SecRequestBodyAccess On
SecAuditLogType Concurrent
SecResponseBodyAccess On
SecResponseBodyMimeType (null) text/html text/plain text/xml
 SecResponseBodyLimit 2621440
 SecAuditLogRelevantStatus "^(?:5|4(?!04))"
SecServerSignature Apache
SecUploadDir /var/asl/data/suspicious
SecUploadKeepFiles Off
SecAuditLogParts ABIFHZ
SecArgumentSeparator "&"
SecCookieFormat 0
LimitRequestBody 131072
SecDataDir /var/asl/data/msa
SecTmpDir /tmp
SecAuditLogStorageDir /var/asl/data/audit
SecResponseBodyLimitAction ProcessPartial
include /etc/apache2/conf.d/modsec_rules/*asl*.conf

Include /etc/apache2/conf.d/modsec2.whitelist.conf
Any ideas or suggestions?
HighSciFi
Junior Member
Posts: 2
Joined: 16 Sep 2016, 20:46

Re: CMC does not read logs

Post by HighSciFi »

Found out that it was the way I was calling the rules it seems. Explicitly called them individually and now everything is working correctly.
Post Reply