Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
litespeed_wiki:config:mod_security_no_log [2018/10/01 20:52] Jackson Zhang created |
litespeed_wiki:config:mod_security_no_log [2018/10/08 20:27] (current) Jackson Zhang [Unsupported Variable error] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== I can not see LSWS loging any activities but apache logging ok ====== | + | ====== LiteSpeed Web Server Not Logging but Apache Is ====== |
- | The user runs cPanel/WHM on the server. We do not see any blocks of activity under the ModSec section in WHM when switching to LiteSpeed while switching to Apache, it is working fine and all the logs started showing all the blocks coming in. | + | A user running cPanel/WHM on the server does not see any blocks of activity under the ModSec section in WHM while using LiteSpeed. After switching to Apache, the blocks coming in begin to be logged. |
- | When particular testing a rule, it did hit mod_security and returned 403 error on LSWS. It seems mod_security works fine on both Apache and LSWS, just no log on LSWS. Why does it happen? | + | Testing has shown that mod_security is hit and a 403 error is returned under LSWS. So, it seems that mod_security works fine on both Apache and LSWS, and that the problem is only with the logging. Why? |
- | There are two type of mod_security log mode: Concurrent or Serial. | + | There are two mod_security log modes: Concurrent and Serial. |
SecAuditLogType Concurrent | SecAuditLogType Concurrent | ||
or | or | ||
SecAuditLogType Serial | SecAuditLogType Serial | ||
- | Apache supports both mode while LSWS only supports Serial Audit log mode. | + | Apache supports both modes while LSWS only supports Serial Audit log mode. |
+ | |||
+ | In the above example, the mode is set to ''Concurrent'', and so Apache uses that logger mode, but under LiteSpeed cPanel is looking for another log to populate the "ModSecurity Tools" entries. | ||
+ | |||
+ | To fix the problem and get LiteSpeed Web Server logging, turn off the mod_security concurrent logger configuration and change it to serial mode. | ||
- | In the above example, Apache uses concurrent logger mode and cPanel is looking for another log to populate the "ModSecurity Tools" entries. How to fix? | ||
- | Turning off mod_security concurrent logger configuration and change it to serial mode. |