Closed peppies closed 1 year ago
This is now solved, I stumbled upon the "copytruncate" solution by chance. My full solution and details are found here: https://stackoverflow.com/questions/74296752/logrotate-ignores-size-parameter-with-modsecurity-log/
Ubuntu 22.04 Nginx/1.23.2 ModSecurity-nginx v1.0.3 logrotate 3.19.0
Fairly new to Nginx/ModSecurity, but I've been following a tutorial here and got everything set up, except the log rotation: https://www.linuxcapable.com/how-to-install-nginx-with-modsecurity-3-on-ubuntu-22-04-lts/?mtm_campaign=reddit#Create_ModSecurity_LogRotate_file
Basically what I would like to do is limit the size of the ModSecurity audit logs to 1GB, and then rotate the log if it grows larger than that, keeping a maximum of 7 log files. (My server ran out of disk space the other day with 20GB log files). The logs don't seem to be rotating properly either. This is what I have in /etc/logrotate.d/modsec:
Here is the user that is actually running nginx (I'm assuing root?):
Although my Nginx error.log and access.log is showing www-data:adm as the owner of those files.
Regardless, I tried adding combinations of "su www-data adm" and/or/both "create 640 www-data adm" in the logrotate config file without success.
When I manually run "sudo logrotate -v /etc/logrotate.d/modsec", it rotates, but nginx continues writing to the old log:
Again, even if root:root is the owner of the log files, it's the same problem. Is this a bug, or am I doing something wrong?