Bobcares
Client Area
Emergency Support
Latest | Server Management

ModSecurity failed to open the audit log file – How to fix

by | Mar 3, 2021

Wondering how to fix the error ‘ModSecurity failed to open the audit log file’? Here is how we fix it.

Generally, this error can occur due to various reasons that include missing log files or due to improper permissions set for the log files.

Here at Bobcares, we have seen several such ModSecurity errors as part of our Server Management Services for web hosts, cPanel users, and online service providers.

Today we will take a look at the causes for this error and see how to fix it.

 

How we fix the error ‘ModSecurity failed to open the audit log file’

Now let’s take a look at how our Support Engineers fix this error.

 

1. Missing log files

Recently, one of our customers came across an error message while running the SSH terminal. The Apache wasn’t starting. Here is the error message he received.

AH00526: Syntax error on line 12 of /etc/apache2/conf.d/modsec2.conf:
ModSecurity: Failed to open the audit log file: /etc/apache2/logs/modsec_audit.log

This error here clearly says that the log files are missing.

Sometimes, customers might delete the log files unknowingly from /etc/apache2/logs/ or /usr/local/apache/logs. So this error can occur.

So, we manually create the log files. Here is the command for it.

touch /etc/apache2/logs/error_log
touch /etc/apache2/logs/modsec_audit.log

After that, we ensure that the permissions are set properly. For that, we run the below commands.

chmod 0644 /etc/apache2/logs/error_log
chmod 0600 /etc/apache2/logs/modsec_audit.log

The modsec log files are assigned 0600 permissions by default, whereas the error_log is assigned 0644 permissions by default.

This resolved the error message.

 

2. SecAuditLogType

SecAuditLogType configures the type of audit logging mechanism to be used. This has 2 possible values, they are:

  • Serial – all audit log entries saves in the main audit logging file.
  • Concurrent – audit log entries saves in separate files, one for each transaction.

So, we suggest our customers set the value of SecAuditLogType is to Serial. Else, if Concurrent is set then we suggest creating the directory for saving concurrent logs.

[Need any further assistance in fixing ModSecurity errors? – We are here to help you.]

 

Conclusion

In short, this error ‘ModSecurity failed to open the audit log file’ can occur due to missing log files or due to improper permissions. Today, we saw how our Support Engineers resolve this error.

Related posts:

  1. ModSecurity failed deleting collection – How we tackle it
  2. How to Install and Configure ModSecurity on Ubuntu 16.04 Server?
  3. ModSecurity File Upload Error With SecRequestBodyNoFilesLimit
  4. ModSecurity PCRE limits exceeded – Easy fix!

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

server management

Spend time on your business, not on your servers.

TALK TO US

Or click here to learn more.

Related Articles

  1. ModSecurity failed deleting collection – How we tackle it
  2. How to Install and Configure ModSecurity on Ubuntu 16.04 Server?
  3. ModSecurity File Upload Error With SecRequestBodyNoFilesLimit
  4. ModSecurity PCRE limits exceeded – Easy fix!

Never again lose customers to poor
server speed! Let us help you.

GET STARTED