I noticed that I was getting emails from LFD (part of the ConfigServer Firewall package) about failing to find some added check line it was sending to syslog.
The syslog message looks like this:
lfd[%d]: *SYSLOG CHECK* Failed to detect check line [%s] sent to SYSLOG
Of course I’ve replaced the pid with %d and the check string that it’s looking for with %s, since that will vary.
The fix is simple. Just like how you may need to adjust the path in /etc/csf/csf.conf to the real location of the
ipset binary, you also may need to set where your SYSLOG messages are going. On an Ubuntu system, that means /var/log/syslog rather than /var/log/messages. Then just run
csf -r to restart LFD with the new settings.
/var/log/messages appears in more than just csf.conf. Since /var/log/messages doesn’t exist on my system,
I’m just going to symlink it to syslog and see what happens.
OK, I thought better of it and just modified csf.syslogs and csf.logfiles. I deleted that messages symlink in /var/log next. LFD was still being a little bitch after I restarted using
csf -r, so I ran
service lfd stop and then started it again.