The mod_security implementation on Plesk 12 is a great new feature but we’ve noticed a tendency to accumulate very large log files at:
/var/log/modsec_audit.log
This happens on CentOS but not sure if it’s a problem on other distributions.
One way to reduce the logging is to add this line:
1 |
SecAuditEngine RelevantOnly |
to:
Plesk -> Tools & Settings -> Web Application Firewall -> Settings -> Custom directives
Another good step is to add log rotation for the file by creating:
/etc/logrotate.d/modsec
with:
1 2 3 4 5 6 7 8 9 |
/var/log/modsec_audit.log { missingok notifempty sharedscripts delaycompress postrotate /sbin/service httpd reload > /dev/null 2>/dev/null || true endscript } |