After googling for some time and not finding anything on this problem I'm asking here for some help.
I've setup remote logging for rsyslog on debian 11 and when CSF / LFD ist enabled, I get the following error for rsyslog:
(changed URL inside of the error message because of limitations)
Code: Select all
Oct 30 16:54:08 SERVER85 rsyslogd[994607]: action 'action-0-builtin:omfwd' suspended (module 'builtin:omfwd'), retry 0. There should be messages before this one giving the reason for suspension. [v8.2102.0 try URL ]
Oct 30 16:54:08 SERVER85 rsyslogd[994607]: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0 try URL ]
Oct 30 16:54:08 SERVER85 rsyslogd[994607]: omfwd/udp: socket 8: sendto() error: Operation not permitted [v8.2102.0 try URL ]
Oct 30 16:54:08 SERVER85 rsyslogd[994607]: omfwd: socket 8: error 1 sending via udp: Operation not permitted [v8.2102.0 try URL ]
Oct 30 16:54:08 SERVER85 rsyslogd[994607]: action 'action-0-builtin:omfwd' suspended (module 'builtin:omfwd'), retry 0. There should be messages before this one giving the reason for suspension. [v8.2102.0 try URL ]
Oct 30 16:54:08 SERVER85 rsyslogd[994607]: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0 try URL ]
Oct 30 16:54:08 SERVER85 rsyslogd[994607]: omfwd/udp: socket 8: sendto() error: Operation not permitted [v8.2102.0 try URL ]
Oct 30 16:54:08 SERVER85 rsyslogd[994607]: omfwd: socket 8: error 1 sending via udp: Operation not permitted [v8.2102.0 try URL ]
Oct 30 16:54:08 SERVER85 rsyslogd[994607]: action 'action-0-builtin:omfwd' suspended (module 'builtin:omfwd'), retry 0. There should be messages before this one giving the reason for suspension. [v8.2102.0 try URL ]
Oct 30 16:54:08 SERVER85 rsyslogd[994607]: action 'action-0-builtin:omfwd' suspended (module 'builtin:omfwd'), next retry is Sun Oct 30 16:54:38 2022, retry nbr 0. There should be messages before this one giving the reason for suspension. [v8.2102.0 try URLThank you in advance.