Symptoms
The /var/log/modsec_audit.log
 file does not rotate properly.
As a result, it affects free disk space.
Cause
The /etc/logrotate.d/mod_security
log rotation script is missing or corrupted.
Resolution
-
Connect to the server via SSH.
-
Check if the
/etc/logrotate.d/mod_security
 log rotation script file exists and have the correct permissions:# stat /etc/logrotate.d/mod_security | grep “Access: (“
Access: (0644/-rw-r–r–) Uid: ( 0/ root) Gid: ( 0/ root)
-
In case the
/etc/logrotate.d/mod_security
file is missing, create it with the following content:# vi /etc/logrotate.d/mod_security
/var/log/modsec_audit.log {
daily
rotate 7
missingok
compress
postrotate
/sbin/service httpd reload > /dev/null 2>/dev/null || true
endscript
} -
Set proper permissions to the
/etc/logrotate.d/mod_security
file:# chmod 0644 /etc/logrotate.d/mod_security
Additional information
-
CentOS 6 only:
The
/etc/logrotate.d/mod_security
file is removed by ModSecurity itself (Plesk does not perform such action) after switching the Web application firewall mode directive under Tools & Settings > Web Application Firewall (ModSecurity) to Detection only or On mode at the first time right after the module installation.The manually created
/etc/logrotate.d/mod_security
file will not be removed after further switchings Web application firewall mode directive to any mode.