LFD stops logging to kern.log
It took a while before I figured out why LFD wasn’t logging any issues to kern.log on my Debian-based systems. I realized at some point that it worked when I first installed CSF, but then logged nothing after the first day.
Hmmm. What happens everyday on a typical UN*X-like system? Cron. /etc/cron.daily executes the logrotate script, which moves the log file and creates a new one. Anything writing to those files need to be SIGHUP’d or restarted. But CSF isn’t that well-tuned to Debian-based systems when it’s installed manually.
You can fix it in one of two ways. Change the cron run time in /etc/cron.d/lfd-cron to a minute after cron.daily runs or put /usr/sbin/csf --lfd restart > /dev/null 2>&1
in the postrotate stanza of /etc/logrotate.d/rsyslog.