ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://www.forum.configserver.com/

cmc log blank

https://www.forum.configserver.com/viewtopic.php?t=5762

Page 1 of 1

cmc log blank

Posted: 29 Aug 2012, 16:36
by skyknight
i triggered modsec rule for testing.
I tailed /usr/local/apache/logs/modsec_audit.log and i saw modsec was trigger
when i check to whm > cmc > modsec log, i can't see anything.
so i try modsec plugin from cpanel (WHM > Plugins > Mod Security) i can see the record.

Any advice?

Re: cmc log blank

Posted: 29 Aug 2012, 17:00
by Sarah
You need to disable modsecparsel.pl in cmc if you want to use cmc to view the log.

Re: cmc log blank

Posted: 29 Aug 2012, 18:55
by skyknight
thank you

Re: cmc log blank

Posted: 26 Sep 2012, 09:58
by MacIntox
Hi.

i've disabled modsecparsel.pl, but log stills empty.
Also, WHM > Plugins > Mod Security is empty too if modsecparsel.pl is disabled. If i re-enable it, WHM > Plugins > Mod Security parses the log file.

But i still receiving emails from lfd:

Code: Select all

Time:     Wed Sep 26 09:04:18 2012 +0200
IP:       85.17.xxx.xxx (NL/Netherlands/hosted-by.xxx.com)
Failures: 5 (mod_security)
Interval: 300 seconds
Blocked:  Permanent Block

Log entries:

[Wed Sep 26 09:04:06 2012] [error] [client 85.17.29.107] ModSecurity: Access denied with code 403 (phase 2). Match of "rx (^-?[0-9]+$|^-?[0-9]+\\\\:[a-z0-9\\\\-' ]+(&|$)|^$|^[%0-9:_a-z \\\\.\\\\!\\\\-']+$)" against "ARGS:id" required. [file "/usr/local/apache/conf/modsec/99_asl_jitp.conf"] [line "2082"] [id "390605"] [rev "18"] [msg "Atomicorp.com UNSUPPORTED DELAYED Rules - Virtual Just In Time Patch: Joomla id ARG injection"] [severity "CRITICAL"] [hostname "www.xxx.net"] [uri "/component/content/category/\\"http://www.xxx.net/index.php"] [unique_id "UGKo5qSKGUgAAG46DIsAAAAG"]
Any help please ? :confused:
Thanks.

Re: cmc log blank

Posted: 26 Jan 2013, 00:36
by AnthonyG70
Had same issue on fresh server, fresh cmc install.

Changed SecAuditLogType to Serial in modsec2.user.conf and all started reporting via cmc (with parse off).

Re: cmc log blank

Posted: 16 Nov 2013, 05:28
by jimlongo
Glad I found this.
The interface in WHM>Plugins>Mod Security had stopped updating since I installed paid Atomic ruleset

I found this thread and changed SecAuditLogType from Concurrent to Serial in modsec2.user.conf

After doing this the plugin resumed updating and CMC will also display the latest results in /usr/local/apache/logs/modsec_audit.log

CMC1.08

Thanks

Re: cmc log blank

Posted: 26 Jul 2019, 09:31
by maryschreffler
jimlongo wrote: 16 Nov 2013, 05:28 The interface in WHM>Plugins>Mod Security had stopped updating since I installed paid Atomic ruleset https://writemyessay.pro/
I had the same issue on interface stopping updating but because of another software.

Re: cmc log blank

Posted: 13 Jul 2020, 13:57
by siljathomas
The interface under WHM> Plugins> Security Mod has not been updated since installing paid Atom rules. I found this thread and changed SecAuditLogType in modsec2.user.conf from serial to serial. Then the plugin continues to update and the CMC also shows the latest results at /usr/local/apache/logs/modsec_audit.log CMC1.08
All times are UTC+01:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited