Question regarding rotating logs of modsec #2470

albgen · 2020-12-07T09:20:18Z

Hello dears,

i'm running modsec on latest nginx on centos7. The problem is that i cannot rotate the logs with logrotate.

My logrotate config file for modsec is the following:

/var/log/modsec_audit.log {
daily
rotate 7
missingok
compress
postrotate
[ ! -f /var/run/nginx.pid ] || kill -USR1 cat /var/run/nginx.pid
endscript
}

The text was updated successfully, but these errors were encountered:

zimmerle · 2020-12-07T13:20:15Z

Hi @albgen,

libModSecurity is not implementing the support for kill -USR1. Try nginx reload instead.

To follow the development of this feature, keep an eye on this issue: #2304

albgen · 2020-12-08T10:46:39Z

i tried with the following config

/var/log/modsec_audit.log {
daily
rotate 7
missingok
compress
postrotate
/usr/sbin/nginx -s reload
endscript
}

but the result was the following which means the new log for the day is 0:

zimmerle closed this as completed Dec 7, 2020

zimmerle self-assigned this Dec 7, 2020

zimmerle added the 3.x Related to ModSecurity version 3.x label Dec 7, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Question regarding rotating logs of modsec #2470

Question regarding rotating logs of modsec #2470

albgen commented Dec 7, 2020

zimmerle commented Dec 7, 2020

albgen commented Dec 8, 2020

Question regarding rotating logs of modsec #2470

Question regarding rotating logs of modsec #2470

Comments

albgen commented Dec 7, 2020

zimmerle commented Dec 7, 2020

albgen commented Dec 8, 2020