Page 1 of 1

CMC does not read logs

Posted: 10 Jul 2016, 05:58
by Uhl-Services
Hello,

It seems the plugin after installed by cPanel Server Service, without any of my interference does not display or read the logs, it display this error.

Code: Select all

ConfigServer ModSecurity Control - cmc v2.01

Displaying logs from /etc/apache2/logs/modsec_audit/

No entries found in /etc/apache2/logs/modsec_audit.log

Code: Select all

root@panel [/usr/local/cpanel/whostmgr/docroot/cgi/configserver/cmc]# stat /etc/apache2/logs/modsec_audit.log
  File: ‘/etc/apache2/logs/modsec_audit.log’
  Size: 340559    	Blocks: 672        IO Block: 4096   regular file
Device: fd00h/64768d	Inode: 68573467    Links: 1
Access: (0640/-rw-r-----)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2016-07-10 08:55:50.130000000 +0200
Modify: 2016-07-10 08:55:50.129000000 +0200
Change: 2016-07-10 08:55:50.129000000 +0200
 Birth: -
Any idea?

Re: CMC does not read logs

Posted: 10 Jul 2016, 09:54
by ForumAdmin
We've just released cmc v2.02 which improves the detection of the apache modules that affect the location of the ModSecurity audit log:
http://blog.configserver.com/

No entries here as well.

Posted: 16 Sep 2016, 20:55
by HighSciFi
I'm seeing this as well, even with the newest version of the cmc plugin. The file exists where it should be, has around 31k of entries, and is set 640 root:root, yet the plugin is showing no entries. Strange thing is that the cpanel modsec page is also showing no entries. I'm using the user.conf settings that are suggested for the Atomicorp rules.

Code: Select all

SecRequestBodyAccess On
SecAuditLogType Concurrent
SecResponseBodyAccess On
SecResponseBodyMimeType (null) text/html text/plain text/xml
 SecResponseBodyLimit 2621440
 SecAuditLogRelevantStatus "^(?:5|4(?!04))"
SecServerSignature Apache
SecUploadDir /var/asl/data/suspicious
SecUploadKeepFiles Off
SecAuditLogParts ABIFHZ
SecArgumentSeparator "&"
SecCookieFormat 0
LimitRequestBody 131072
SecDataDir /var/asl/data/msa
SecTmpDir /tmp
SecAuditLogStorageDir /var/asl/data/audit
SecResponseBodyLimitAction ProcessPartial
include /etc/apache2/conf.d/modsec_rules/*asl*.conf

Include /etc/apache2/conf.d/modsec2.whitelist.conf
Any ideas or suggestions?

Re: CMC does not read logs

Posted: 17 Sep 2016, 18:48
by HighSciFi
Found out that it was the way I was calling the rules it seems. Explicitly called them individually and now everything is working correctly.