I have to come here for support, but normally a forum is a dead end
I am usually active in this forum. I always try to answer the questions people have no matter if they are a paid customer or a free user. I don’t even have access to the client’s database, so I don’t know which one is which ??
Why is it not recording any potential hacks?
Because I don’t have access to your website, it’s difficult to say.
But let me speculate… It is probable that the API key associated to your website has been affected by a temporary limit set by the server where the API service is running. The limit is tied to the amount of inodes that can be open at the same time. This limit is controlled by the operating system and is difficult to modify without affecting other parts of the machine.
However, the plugin is designed in such a way that, if the API service is unavailable, it will keep recording the event logs in your own website in these two files [1][2]. It tries to sync with the remote web service every 24 hours, when it succeeds, the logs in your website are deleted and a copy is sent to a secure location in one of our servers.
Take a look at those two files and see if the logs are still there.
If you can find the relevant logs associated with the malicious HTTP requests, then we can conclude that the problem is with the sync of data. If they are not there, we can conclude that the problem is with the retrieval of the logs from the API service. Lets find out which case applies to you before continue the investigation.
[1] /wp-content/uploads/sucuri/sucuri-auditlogs.php
[2] /wp-content/uploads/sucuri/sucuri-auditqueue.php
