ConfigServer Community Forum

@Sergio ># If a log line matches it will be ignored, otherwise it will be reported This means for me the log line is already appearing, but it will be ignored for processing (logscanner). It does not mean the the log line will not be logged due to matching with regular expression. Because the first ...

@Sergio Thank you for let me discover the file /etc/csf/csf.logignore. This file mentions: # The following is a list of regular expressions for the LOGSCANNER feature. # If a log line matches it will be ignored, otherwise it will be reported and it includes already as first regular expression: ^(\S+...

Hello, My server is running under Debian 12 with rsyslog. In kernel.log, there are lot of messages: "Firewall: *ICMP_IN Blocked*" "Firewall: *UDP_IN Blocked*" "Firewall: *UDP_OUT Blocked* I already correctly set DROP_NOLOG directive so no log of TCP_IN nor TCP_OUT. How can a...

Hello, Since csf/lfd is very important for my server security, I would like with a monitoring script to ensure that csf and lfd are both running and operational. Is there a recommended way to do this ? I am running CentOS 7. I am thinking about: - either parsing the output of command "systemctl...

Hello, I am running CentOS 7 without cPanel. This night csf/lfd automatically upgraded from v9.11 to 9.13... and restarted. OK, I did not see any problem at first time, BUT few hours later I discovered that my site can only be accessed with IP v6, and not with IP v4, which is used by the majority of...

Hello, Update news: Answer to my own question 2): I tried with the mail command as above, it works, but since there is no csf update available, I got the message (from mail) "Null message body; hope that's ok". This is fine, but the problem is that I receive each day the email, and not onl...

Hello, I discover the csf autoupdate function (AUTO_UPDATES = "1" in csf.conf). But I have few questions : 1) The update is triggered daily with /etc/cron.d/csf_update. I only receive update report mail when there is an update, this is good. But how does this works? The cron daemon only se...

Thank you chirpy, but it does not cover the case where the FTP credentials are stolen but used by only one IP. The alert could also inform me of any legal FTP activity. So my initial suggestion is still valid I believe. This alert would let me know if there is any FTP activity for a given IP for eac...

Hello, Is this possible to receive an alert for a successful FTP login? The alert should be issued only once per day and per IP. Having this feature would allow to quickly detect cases where the FTP credentials are stolen (trojan etc...). Also could the SSH successful login alert be issued only once...

Hello, Just to mention that with latest version csf v5.04, when uprading from v5.03 on a CentOS release 4.8 (Final) 32-bit system, I got these error (?) messages : open3: exec of /sbin/ip6tables -v -A OUTPUT -o ! lo -p udp -m state --state NEW --dport 53 -j ACCEPT failed at /etc/csf/csf.pl line 2881...