Skip to content

No debug log #2257

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
AnoopAlias opened this issue Feb 3, 2020 · 7 comments
Closed

No debug log #2257

AnoopAlias opened this issue Feb 3, 2020 · 7 comments
Assignees
@zimmerle
Labels
3.x Related to ModSecurity version 3.x pending feedback

Comments

@AnoopAlias
Copy link

AnoopAlias commented Feb 3, 2020
edited
Loading

Describe the bug
No, debug log being written even after explicitly setting SecDebugLog and SecDebugLogLevel 9
A clear and concise description of what the bug is.

nginx version: nginx/1.17.8
ibmodsecurity.so.3.0.4

SecDebugLog /var/log/nginx/debug.log
SecDebugLogLevel 9

The file /var/log/nginx/debug.log is blank

Logs and dumps

no logs

Server (please complete the following information):
nginx version: nginx/1.17.8
ibmodsecurity.so.3.0.4
OS: Centos7

Rule Set (please complete the following information):

SecRemoteRules XXXXXX https://rules.malware.expert/download.php?rules=generic
@AnoopAlias
Copy link
Author

Possibly a duplicate of owasp-modsecurity/ModSecurity-nginx#17

But I see the issue is closed

@zimmerle
Copy link
Contributor

zimmerle commented Feb 3, 2020

Hi @AnoopAlias,

Did you observe any crash on your system previous to the logs not being generated?

@zimmerle zimmerle self-assigned this Feb 3, 2020
@zimmerle zimmerle added the 3.x Related to ModSecurity version 3.x label Feb 3, 2020
@AnoopAlias
Copy link
Author

No, the server works just fine and I can see mod_sec normal logging in the Nginx error_log, but the explicit SecDebugLog and SecDebugLogLevel directives are simply ignored it seems

@zimmerle
Copy link
Contributor

zimmerle commented Feb 4, 2020

@AnoopAlias I have seen two cases where that situation occurs:

  • The debug logs make usage of shared memory to control the writing flow among the different processes. A brute shutdown may lead to a circumstance where garbage was left on the shared memory that further will imped the debug logs to be written well. List the shared memory attached to Nginx, and try to delete it after stop Nginx / before start it again.

  • Wrong permissions from either file system or kernel (SELinux/AppArmor) sometimes the application profile got updated, removing the original permission to write the logs.

Please check if any of those are happening so we can guide better the debug process.

@AnoopAlias
Copy link
Author

I can confirm this is not SELinux/AppArmor as it is a cPanel server and SELinux is not in the enabled state

https://i.imgur.com/tAWyAii.png

The permissions also look fine, in fact I tried 777 for the debug.log file and this didn't help too

I am little lost on listing and deleting shared memory attached to the process, but I have tried several times to restart the process after normal shutdown and this doesn't help

@zimmerle
Copy link
Contributor

Restart the process, indeed will not help. Is this server suitable for a restart?

@zimmerle
Copy link
Contributor

zimmerle commented Mar 5, 2020

@AnoopAlias restarting the server made it workable again?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zimmerle zimmerle

Labels
3.x Related to ModSecurity version 3.x pending feedback
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zimmerle @AnoopAlias