Fix for LFD error in syslog
I noticed that I was getting emails from LFD (part of the ConfigServer Firewall package) about failing to find some added check line it was sending to syslog.
The syslog message looks like this:
lfd[%d]: *SYSLOG CHECK* Failed to detect check line [%s] sent to SYSLOG
Of course I’ve replaced the pid with %d and the check string that it’s looking for with %s, since that will vary.
The fix is simple. Just like how you may need to adjust the path in /etc/csf/csf.conf to the real location of the ipset
binary, you also may need to set where your SYSLOG messages are going. On an Ubuntu system, that means /var/log/syslog rather than /var/log/messages. Then just run csf -r
to restart LFD with the new settings.
UPDATE:
/var/log/messages appears in more than just csf.conf. Since /var/log/messages doesn’t exist on my system, I’m just going to symlink it to syslog and see what happens.
UPDATE 2:
OK, I thought better of it and just modified csf.syslogs and csf.logfiles. I deleted that messages symlink in /var/log next. LFD was still being a little bitch after I restarted using csf -r
, so I ran service lfd stop
and then started it again.