/var/log/modsec_audit.log file does not rotate properly.
As a result, it affects free disk space.
/etc/logrotate.d/mod_security log rotation script is missing or corrupted.
Connect to the server via SSH.
Check if the
/etc/logrotate.d/mod_securitylog rotation script file exists and have the correct permissions:
# stat /etc/logrotate.d/mod_security | grep “Access: (“
Access: (0644/-rw-r–r–) Uid: ( 0/ root) Gid: ( 0/ root)
In case the
/etc/logrotate.d/mod_securityfile is missing, create it with the following content:
# vi /etc/logrotate.d/mod_security
/sbin/service httpd reload > /dev/null 2>/dev/null || true
Set proper permissions to the
# chmod 0644 /etc/logrotate.d/mod_security
CentOS 6 only:
/etc/logrotate.d/mod_securityfile is removed by ModSecurity itself (Plesk does not perform such action) after switching the Web application firewall mode directive under Tools & Settings > Web Application Firewall (ModSecurity) to Detection only or On mode at the first time right after the module installation.
The manually created
/etc/logrotate.d/mod_securityfile will not be removed after further switchings Web application firewall mode directive to any mode.