ModSecurity events in EventViewer: The description for Event ID 1 from source y cannot be found

Follow

Comments

2 comments

  • Avatar
    Pete Batin

    It may be true to ignore them but Event Viewer is filling up with entries.  How can informational entries be disabled?

    I've added SecDebugLogLevel 0 in tortix_waf.conf

    And I've also changed the following in crs-setup.conf

    SecDefaultAction "phase:1,nolog,noauditlog,deny,status:403"
    SecDefaultAction "phase:2,nolog,noauditlog,deny,status:403"

    But in less than 20 minutes later I still have 1,617 entries since I cleared the log 20 minutes ago.

    0
    Comment actions Permalink
  • Avatar
    Alexey Lapshin

    Hello @Pete Batin,

    I would like to inform you that Plesk provides ModSecurity "as-is". Since the issue caused by ModSecurity bug, it is better to contact them https://www.modsecurity.org/CRS/Documentation/support.html about the question.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request