cmc log blank

These forums are not for questions about ModSecurity, just the cmc script itself
Post Reply
skyknight
Junior Member
Posts: 18
Joined: 13 May 2011, 07:35

cmc log blank

Post by skyknight »

i triggered modsec rule for testing.
I tailed /usr/local/apache/logs/modsec_audit.log and i saw modsec was trigger
when i check to whm > cmc > modsec log, i can't see anything.
so i try modsec plugin from cpanel (WHM > Plugins > Mod Security) i can see the record.

Any advice?
Sarah
Moderator
Posts: 934
Joined: 09 Dec 2006, 22:49

Re: cmc log blank

Post by Sarah »

You need to disable modsecparsel.pl in cmc if you want to use cmc to view the log.
skyknight
Junior Member
Posts: 18
Joined: 13 May 2011, 07:35

Re: cmc log blank

Post by skyknight »

thank you
MacIntox
Junior Member
Posts: 11
Joined: 23 Nov 2011, 13:11

Re: cmc log blank

Post by MacIntox »

Hi.

i've disabled modsecparsel.pl, but log stills empty.
Also, WHM > Plugins > Mod Security is empty too if modsecparsel.pl is disabled. If i re-enable it, WHM > Plugins > Mod Security parses the log file.

But i still receiving emails from lfd:

Code: Select all

Time:     Wed Sep 26 09:04:18 2012 +0200
IP:       85.17.xxx.xxx (NL/Netherlands/hosted-by.xxx.com)
Failures: 5 (mod_security)
Interval: 300 seconds
Blocked:  Permanent Block

Log entries:

[Wed Sep 26 09:04:06 2012] [error] [client 85.17.29.107] ModSecurity: Access denied with code 403 (phase 2). Match of "rx (^-?[0-9]+$|^-?[0-9]+\\\\:[a-z0-9\\\\-' ]+(&|$)|^$|^[%0-9:_a-z \\\\.\\\\!\\\\-']+$)" against "ARGS:id" required. [file "/usr/local/apache/conf/modsec/99_asl_jitp.conf"] [line "2082"] [id "390605"] [rev "18"] [msg "Atomicorp.com UNSUPPORTED DELAYED Rules - Virtual Just In Time Patch: Joomla id ARG injection"] [severity "CRITICAL"] [hostname "www.xxx.net"] [uri "/component/content/category/\\"http://www.xxx.net/index.php"] [unique_id "UGKo5qSKGUgAAG46DIsAAAAG"]
Any help please ? :confused:
Thanks.
AnthonyG70
Junior Member
Posts: 1
Joined: 25 Jan 2013, 23:08

Re: cmc log blank

Post by AnthonyG70 »

Had same issue on fresh server, fresh cmc install.

Changed SecAuditLogType to Serial in modsec2.user.conf and all started reporting via cmc (with parse off).
jimlongo
Junior Member
Posts: 19
Joined: 19 Oct 2013, 00:33

Re: cmc log blank

Post by jimlongo »

Glad I found this.
The interface in WHM>Plugins>Mod Security had stopped updating since I installed paid Atomic ruleset

I found this thread and changed SecAuditLogType from Concurrent to Serial in modsec2.user.conf

After doing this the plugin resumed updating and CMC will also display the latest results in /usr/local/apache/logs/modsec_audit.log

CMC1.08

Thanks
maryschreffler
Junior Member
Posts: 1
Joined: 26 Jul 2019, 09:19

Re: cmc log blank

Post by maryschreffler »

jimlongo wrote: 16 Nov 2013, 05:28 The interface in WHM>Plugins>Mod Security had stopped updating since I installed paid Atomic ruleset https://writemyessay.pro/
I had the same issue on interface stopping updating but because of another software.
siljathomas
Junior Member
Posts: 1
Joined: 12 Jul 2020, 12:10

Re: cmc log blank

Post by siljathomas »

The interface under WHM> Plugins> Security Mod has not been updated since installing paid Atom rules. I found this thread and changed SecAuditLogType in modsec2.user.conf from serial to serial. Then the plugin continues to update and the CMC also shows the latest results at /usr/local/apache/logs/modsec_audit.log CMC1.08
Post Reply