ModSecurity on Web Panel shows no logs


Verified User
Nov 8, 2023
DA Controls Panel doesn't show any logs for ModSecurity. However, there are modesc files in /var/log/httpd/
Here is the result of `ls -l /var/log/modsec*`
-rw-r----- 1 root root 1991968 May 14 20:37 /var/log/httpd/modsec_audit.log
-rw-r----- 1 root root 4588969 Apr 21 03:43 /var/log/httpd/modsec_audit.log-20240421
-rw-r----- 1 root root 5006748 Apr 28 03:06 /var/log/httpd/modsec_audit.log-20240428
-rw-r----- 1 root root 6631268 May 5 03:26 /var/log/httpd/modsec_audit.log-20240505
-rw-r----- 1 root root 5688488 May 12 03:14 /var/log/httpd/modsec_audit.log-20240512
-rw-r----- 1 root root 0 Apr 28 03:16 /var/log/httpd/modsec_debug.log
-rw-r----- 1 root root 0 Mar 31 03:51 /var/log/httpd/modsec_debug.log-20240407
-rw-r----- 1 root root 0 Apr 7 03:25 /var/log/httpd/modsec_debug.log-20240414
-rw-r----- 1 root root 0 Apr 14 03:15 /var/log/httpd/modsec_debug.log-20240421
-rw-r----- 1 root root 0 Apr 21 03:47 /var/log/httpd/modsec_debug.log-20240428

We have encountered this same issue on a number of servers as well.
It shouldn't matter as log file ownership and permissions are the same, but our nginx_apache servers seem unaffected. Only a number of our pure Apache machines have this issue. Update and conf rewrite didn't help.
Please open a support tickets and we will investigate it further. It works as expected in our testing environment.
Thanks for reporting it in the ticketing system.

The root cause for this issue was unexpected date format in modsec logs. All servers having GMT negative time zones triggers a modsecurity bug and prints malformed time-zone offset. For example EDT is reported as --0400 instead of -0400. An update to DA is released to support parsing malformed modsecurity log timestamps.