Add interface in libModSecurity for reopening log files #1968

victorhora · 2018-11-28T21:48:36Z

Modsecurity should reopen audit log on these two signals for proper logrotate operation.

As noted at owasp-modsecurity/ModSecurity-nginx#121 (comment), we could leverage a similar approach as described at https://forum.nginx.org/read.php?29,247488,247500#msg-247500 (i.e. use standard nginx API to open some stub-file with ngx_conf_open_file(), add required handler, and use it for detecting USR1 and HUP signals from master process)

But it seems like libModSecurity currently does not have a nice interface to initiate audit/debug log files reopening by connector's request.

There's a PoC on how we could accomplish that on the connector at owasp-modsecurity/ModSecurity-nginx#121 (comment) as a starting point.

remort · 2022-10-04T11:19:37Z

Any news up on that?

victorhora added RIP - Type - Feature enhancement RIP - libmodsecurity TBF by libmodsec 3.x Related to ModSecurity version 3.x labels Nov 28, 2018

victorhora added this to the v3.0.4 milestone Nov 28, 2018

victorhora assigned zimmerle and victorhora Nov 28, 2018

victorhora mentioned this issue Nov 28, 2018

reopen audit log on SIGUSR1 and SIGHUP owasp-modsecurity/ModSecurity-nginx#121

Open

zimmerle added new feature This is a new feature and removed TBF by libmodsec enhancement labels Nov 30, 2018

brandonpayton linked a pull request May 1, 2020 that will close this issue

Support reopening audit logs #2304

Open

airween mentioned this issue Jan 30, 2024

Problem with logrotate: Log rotation writes to incorrect file #3047

Open

Provide feedback