Knowledge Base

ModSecurity log is empty on Plesk server

 
apachemod securityplesk for linuxplesk serversecurity

Symptoms

  • Mod Security log /var/log/modsec_audit.log is empty;
  • The command below shows that ModSecurity is disabled:

    # /usr/local/psa/admin/bin/modsecurity_ctl -s
    Disabled

Cause

ModSecurity is not enabled on the server.

Resolution

  1. Log in the server via SSH.

    Note: if direct SSH access to the server is not possible, contact server administrator for further assistance.

  2. To enable Mod Security use the following command:

    # /usr/local/psa/admin/bin/modsecurity_ctl -e

  3. After that operation, /var/log/modsec_audit.log will be created in the following directory:

    # ls -la /var/log/modsec_audit.log
    -rw-r—– 1 root root 865608 Jun 29 09:37 /var/log/modsec_audit.log

Note: if ModSecurity is enabled and /var/log/modsec_audit.log is empty, it means that no attack/threads are detected.
OR
ModSecurity is set to Detection only and it writes to Apache logs.

Read the full article
Related Posts
Knowledge Base

Industry
Partners

industry-partner_ALIBABA
industry-partner_GOOGLEPARTNER
industry-partner_MICROSOFT
industry-partner_REDHAT-r2
industry-partner_ALIBABA
industry-partner_AUTOMATTIC
industry-partner_AWS
industry-partner_DIGITALOCEAN
industry-partner_SCALEWAY

Follow us:

Facebook Twitter Linkedin Youtube Github

© 2021 Plesk International GmbH. All rights reserved. Plesk and the Plesk logo are trademarks of Plesk International GmbH.

Managed with 💙  with Plesk WordPress Toolkit

Search
Generic filters
Exact matches only
Search in title
Search in content
Search in excerpt