My /usr/local/apache/logs/modsec_audit.log file is rotating everyday. Where is this controlled? I need to keep it around longer so I can report false positives.
Hi
It depends on your logging filter. As example cPanel use logrotate which keep its config in /etc/logrotate.conf and /etc/logrotate.d/*
Here is example of /etc/logrotate.d/modsecurity
/usr/local/apache/logs/modsec_audit.log {
missingok
notifempty
size=1G
weekly
postrotate
##Restart the apache daemon
/usr/local/apache/bin/apachectl graceful > /dev/null 2>/dev/null || true
endscript
}
Thanks, I’ll give that a try.
But something was already rotating it daily, won’t I now have a conflict between two rotation routines somewhere?
Sure there will be a conflict. You have to find what logging filter use your Apache and modify it.