i triggered modsec rule for testing.
I tailed /usr/local/apache/logs/modsec_audit.log and i saw modsec was trigger
when i check to whm > cmc > modsec log, i can't see anything.
so i try modsec plugin from cpanel (WHM > Plugins > Mod Security) i can see the record.
Any advice?
cmc log blank
Re: cmc log blank
You need to disable modsecparsel.pl in cmc if you want to use cmc to view the log.
Re: cmc log blank
Hi.
i've disabled modsecparsel.pl, but log stills empty.
Also, WHM > Plugins > Mod Security is empty too if modsecparsel.pl is disabled. If i re-enable it, WHM > Plugins > Mod Security parses the log file.
But i still receiving emails from lfd:
Any help please ? 
Thanks.
i've disabled modsecparsel.pl, but log stills empty.
Also, WHM > Plugins > Mod Security is empty too if modsecparsel.pl is disabled. If i re-enable it, WHM > Plugins > Mod Security parses the log file.
But i still receiving emails from lfd:
Code: Select all
Time: Wed Sep 26 09:04:18 2012 +0200
IP: 85.17.xxx.xxx (NL/Netherlands/hosted-by.xxx.com)
Failures: 5 (mod_security)
Interval: 300 seconds
Blocked: Permanent Block
Log entries:
[Wed Sep 26 09:04:06 2012] [error] [client 85.17.29.107] ModSecurity: Access denied with code 403 (phase 2). Match of "rx (^-?[0-9]+$|^-?[0-9]+\\\\:[a-z0-9\\\\-' ]+(&|$)|^$|^[%0-9:_a-z \\\\.\\\\!\\\\-']+$)" against "ARGS:id" required. [file "/usr/local/apache/conf/modsec/99_asl_jitp.conf"] [line "2082"] [id "390605"] [rev "18"] [msg "Atomicorp.com UNSUPPORTED DELAYED Rules - Virtual Just In Time Patch: Joomla id ARG injection"] [severity "CRITICAL"] [hostname "www.xxx.net"] [uri "/component/content/category/\\"http://www.xxx.net/index.php"] [unique_id "UGKo5qSKGUgAAG46DIsAAAAG"]
Thanks.
-
AnthonyG70
- Junior Member
- Posts: 1
- Joined: 25 Jan 2013, 23:08
Re: cmc log blank
Had same issue on fresh server, fresh cmc install.
Changed SecAuditLogType to Serial in modsec2.user.conf and all started reporting via cmc (with parse off).
Changed SecAuditLogType to Serial in modsec2.user.conf and all started reporting via cmc (with parse off).
Re: cmc log blank
Glad I found this.
The interface in WHM>Plugins>Mod Security had stopped updating since I installed paid Atomic ruleset
I found this thread and changed SecAuditLogType from Concurrent to Serial in modsec2.user.conf
After doing this the plugin resumed updating and CMC will also display the latest results in /usr/local/apache/logs/modsec_audit.log
CMC1.08
Thanks
The interface in WHM>Plugins>Mod Security had stopped updating since I installed paid Atomic ruleset
I found this thread and changed SecAuditLogType from Concurrent to Serial in modsec2.user.conf
After doing this the plugin resumed updating and CMC will also display the latest results in /usr/local/apache/logs/modsec_audit.log
CMC1.08
Thanks
-
maryschreffler
- Junior Member
- Posts: 1
- Joined: 26 Jul 2019, 09:19
Re: cmc log blank
I had the same issue on interface stopping updating but because of another software.jimlongo wrote: ↑16 Nov 2013, 05:28 The interface in WHM>Plugins>Mod Security had stopped updating since I installed paid Atomic ruleset https://writemyessay.pro/
-
siljathomas
- Junior Member
- Posts: 1
- Joined: 12 Jul 2020, 12:10
Re: cmc log blank
The interface under WHM> Plugins> Security Mod has not been updated since installing paid Atom rules. I found this thread and changed SecAuditLogType in modsec2.user.conf from serial to serial. Then the plugin continues to update and the CMC also shows the latest results at /usr/local/apache/logs/modsec_audit.log CMC1.08