Just to let people know that cPanel released the new version of WHH/cPanel to WHM 11.46.0 (build 12) and made changes to how Mod Security is configured.
Now in WHM Mod Security logs are not part of the Plugins section it is now located at
Home »Security Center »ModSecurity™ Tools »Hits List
But it does not show any Comodo Mod Security logs any more. So my question is how can this problem be fixed so it will display logs?
Well for me its showing all comodo waf logs perfectly…
Maybe path to log files changed or CWAF plugin disabled by update. ModSecurity™ Tools search for logs at /usr/local/apache/logs/modsec_audit.log. So please check your /usr/local/apache/conf/modsec2.conf for string:
Also after EasyApache update up to the latest version mod_security configuration file modsec2.conf may be changed by default file and CWAF disabled (and logs are not produced as result).
The best way to restore workability is to restore modsec2.conf.
Create backup of original configuration:
cp /usr/local/apache/conf/modsec2.conf /usr/local/apache/conf/modsec2.conf.cwaf_backup
Restore CWAF modsec config:
cp /var/cpanel/cwaf/etc/modsec2_cpanel.conf /usr/local/apache/conf/modsec2.conf
Ok I just had the same issue since the February 2015 update of WHM which now supports Vendors for ModSecurity. and landed on this page, I then realized that it was actually working, the only difference is they have sorted the hit list ordered by the date Descending instead of how it used to be Ascending, which is more convinient, so if like me you are going to the hitlist page and clicking “Last” like usual you will see a log from days ago.
I hope this saves some people from going crazy.