Re: [mod-security-users] ModSecurity: Audit log: Failed to lock global mutex: Invalid argument

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Thank you very much, Azurit.
I tried last week, and it seems it's working now.

Thanks a lot!!! 🙏

Best Regards,
Ricardo Martins

On Thu, May 19, 2022 at 5:59 PM <az...@po...> wrote:

> Hi,
>
> have you tried switching to 'concurrent' logging? See SecAuditLogType .
>
>
>
>
>
>
> Citát Ricardo Martins <ri...@ri...>:
>
> > I'm facing the errors below for 2 months:
> >
> > ModSecurity: Audit log: *Failed to lock global mutex: Invalid argument*
> > [hostname "xyz.com"] [uri "/some/url/index.php"] [unique_id
> > "YoVhNjBIlODXmbU8zRObNAAAAAo"]
> >
> > ModSecurity: Audit log: Failed to *unlock* global mutex: Invalid argument
> > [hostname "xyz.com"] [uri "/some/url/index.php"] [unique_id
> > "YoVhNjBIlODXmbU8zRObNAAAAAo"]
> >
> > In the audit log I have the following:
> >
> >> --4f737934-A--
> >> [18/May/2022:21:12:23 +0000] YoVhNjBIlODXmbU8zRObNAAAAAo 98.142.102.10
> >> 55052 172.31.20.202 443
> >> --4f737934-B--
> >> POST /some/url HTTP/1.1
> >> Host: xyz.com
> >> Accept: */*
> >> Content-Length: 7
> >> Content-Type: application/x-www-form-urlencoded
> >>
> >> --4f737934-C--
> >> token=0
> >> --4f737934-F--
> >> HTTP/1.1 401 Unauthorized
> >> Cache-Control: no-cache, private
> >> Content-Length: 19
> >> Content-Type: text/html; charset=UTF-8
> >>
> >> --4f737934-H--
> >> Message: Audit log: Failed to lock global mutex: Invalid argument
> >> Apache-Error: [file "apache2_util.c"] [line 273] [level 3] [client
> >> 98.142.102.10] ModSecurity: Audit log: Failed to lock global mutex:
> Invalid
> >> argument [hostname "xyz.com"] [uri "/some/url/index.php"] [unique_id
> >> "YoVhNjBIlODXmbU8zRObNAAAAAo"]
> >> Apache-Handler: application/x-httpd-php
> >> Stopwatch: 1652908342996576 5468 (- - -)
> >> Stopwatch2: 1652908342996576 5468; combined=1343, p1=443, p2=721, p3=0,
> >> p4=0, p5=178, sr=83, sw=1, l=0, gc=0
> >> Producer: ModSecurity for Apache/2.9.3 (http://www.modsecurity.org/);
> >> OWASP_CRS/3.2.0.
> >> Server: Apache
> >> Engine-Mode: "ENABLED"
> >>
> >
> > I read it was related to logrotate.
> > I tried to add "Mutext default" line to apache2.conf, also tried to use
> > "Mutex posixem" to fix another mutex related error (AH02026: Failed to
> > acquire SSL session cache lock)...
> >
> > I simply don't know what else to do to solve the problem, or if it's safe
> > enough to disable mod_security.
> >
> > Any help is appreciated.
> >
> > System: Ubuntu 20.04.4 LTS
> > Apache: 2.4
>
>
>
>
>
> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> http://www.modsecurity.org/projects/commercial/rules/
> http://www.modsecurity.org/projects/commercial/support/
>