Thread Starter
alaid
(@alaid)
Hi,
I created the staging site and left only iTSec with the rest of the plugins deactivated, it does not work.
Hi @alaid, thank you for getting back. Could you please verify if all the sites where the issue occurs are on the same server?
Thread Starter
alaid
(@alaid)
Hi,
Yes, they are different servers with different providers, but it seems to me that the issue occurs because Itsec only deletes records stored in the DB, it does not delete records when they are files, even though the option is shown in the configuration.
I think at this point I checked everything possible.
Thanks.
Below the code of the relevant callback from the better-wp-security/core/lib/log.php file:
public static function purge_entries() {
global $wpdb;
$database_entry_expiration = date( 'Y-m-d H:i:s', ITSEC_Core::get_current_time_gmt() - ( ITSEC_Modules::get_setting( 'global', 'log_rotation' ) * DAY_IN_SECONDS ) );
$query = $wpdb->prepare( "DELETE FROM <code>{$wpdb->base_prefix}itsec_logs</code> WHERE timestamp<%s", $database_entry_expiration );
$wpdb->query( $query );
$log_type = ITSEC_Modules::get_setting( 'global', 'log_type' );
if ( 'database' !== $log_type ) {
self::rotate_log_files();
}
}
Looks like database logs are always (attempted to be) purged while file logs are only purged when log type is not equal to ‘database’.
-
This reply was modified 1 year, 7 months ago by
nlpro.
rotate_log_files() calls the delete_old_logs() method, which is where the magic should happen. Would be nice if a log debug entry was added from the delete_old_logs() method (enhancement).
That way simply inspecting the Debug entries from the Logs page would confirm the right execution path is followed (or not).
If interested I can probably provide you with code instructions to temporarily add a debug entry to the log.
It would only require to make a copy of the better-wp-security/core/lib/log.php file and then add 1 extra line of code to the delete_old_logs() method. Just to be sure my idea works, I’ll perform a test first.
@shanedelierrr
While having a closer look at the relevant code I noticed something in the get_log_file_path() method (from the log.php file). It’s about the log_info entry in the global settings.
According to the better-wp-security/core/modules/global/module.json file the log_info global setting is listed under “removed-settings”.
Yet, in the get_log_file_path() method an attempt is done to save/write a value to the log_info global setting.
If I’m not mistaken an attempt to save the log_info global setting would probably fail on validation. Something like log_info is not a valid global entry…
Could you please contact Timothy to verify this?
Hi @alaid, could you please provide the following:
– Browser
– PHP Version
– WordPress Version
– Plugin Version
@nlpro thank you for checking! I will forward this as a report to our developer and will let you know.
Thread Starter
alaid
(@alaid)
Hi,
– Browser: Brave, Chrome, Opera
– PHP Versión: 7.4
– WordPress Version: 6.0.2
– Plugin Version: 8.1.2
Thnks.
Quick update:
I can confirm file logging AND purging is not working properly due to the log_info global setting being removed.
It’s the line below from the get_log_file_path() method that fails silently:
ITSEC_Modules::set_setting( 'global', 'log_info', $log_info );
As a result every time the get_log_file_path() method is executed a new log file is created. That explains the large amount of log files created.
Definately a bug that needs to be fixed.
Thread Starter
alaid
(@alaid)
Hi,
Thank you for your dedication and attention to this issue, I hope soon they will release the new version with the bug fixed.
Hi @alaid, thank you for the update. I have included the details in the bug report. Rest assured, I will update you once I receive feedback from our developers. However, I cannot provide an exact timeframe of when they will review it.
@nlpro thank you for bringing this to our attention. I have included your additional investigations in the report.
I am also having this problem … HUNDREDS of thousands of tiny lil’ log files every day. This is a major problem, not a minor glitch – inode overrun has been crashing my server once or twice daily, despite cron jobs to purge the excess useless files. Please provide a rough timeline for a fix patch, my site isn’t even a particularly high-traffic site. Renders plugin unusable if unfixed.
To prevent disaster but still be able to use the iTSec plugin you can temporarily change the How should event logs be kept settings value to Database Only in the Global Settings. The bug only affects file logging.
Navigation path:
Security > Settings > CONFIGURE
Scroll down to the Logging section.
After changing the How should event logs be kept settings value don’t forget to click on the blue Save button at the bottom of the page 😉
Hi @alaid & @schmediaaolcom, this issue has been escalated to our developers, and we are working on a fix. At the moment, you can follow @nlpro’s advice to keep the logs to DB only. Thank you for bringing this to our attention, and we appreciate your patience!
