kill hup nginx-master-pid and modsec_audit.log not auto create.

[xx-zhang]

remove the modsec_audit.log then kill the nginx master pid. we can see the modsec_audit.log file not auto create.

[martinhsv]

Hello @xx-zhang ,

With these steps:

1. sudo rm modsec_audit.log
2. kill the master pid
3. confirm the workers no longer exist. I.e. there should be nothing found with 'ps ax | grep nginx' besides the grep itself
4. restart nginx: sudo systemctl start nginx

... the modsec_audit.log file did auto-create for me just now.

If you saw something different, I can only speculate. Did you restart nginx? Did one of the workers perhaps not die after your step#2?

In any case, I wouldn't recommend that as the best approach. If you want to restart nginx while deleting the old audit log, instead consider:

1. sudo systemctl stop nginx
2. delete the old audit log file
3. sudo systemctl start nginx