OS type and version Debian Linux 12
Virtualmin version 7.30.4 Pro
I’ve installed CSF (Firewall version 14.24) following: https://webmin.com/docs/third-party-mod ... -firewall/
I’ve configured it, checked and followed the information from a previous discussion.
Firewall status : Enable and running
perl /usr/local/csf/bin/csftest.pl
Say everything is ok.
Check security : Server Score: 39/39
Watch System Log has output (all 4)
Mar 8 21:27:59 wiki lfd[5153]: *User Processing* PID:500 Kill:0 User:zabbix Time:1836 EXE:/usr/sbin/zabbix_agentd CMD:/usr/sbin/zabbix_agentd: listener #9 [waiting for connection]
Mar 8 21:27:59 wiki lfd[5153]: *User Processing* PID:489 Kill:0 User:zabbix Time:1836 EXE:/usr/sbin/zabbix_agentd CMD:/usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
View iptables rules display something
ldf status has output
lfd.service - ConfigServer Firewall & Security - lfd
Loaded: loaded (/lib/systemd/system/lfd.service; enabled; preset: enabled)
Active: active (running) since Sat 2025-03-08 20:57:58 IST; 51min ago
Process: 1824 ExecStart=/usr/sbin/lfd (code=exited, status=0/SUCCESS)
Main PID: 1837 (lfd - sleeping)
Tasks: 1 (limit: 2302)
Memory: 19.5M
CPU: 13.337s
CGroup: /system.slice/lfd.service
└─1837 "lfd - sleeping"
Mar 08 20:57:57 domain.com systemd[1]: Starting lfd.service - ConfigServer Firewall & Security - lfd...
Mar 08 20:57:58 domain.com systemd[1]: Started lfd.service - ConfigServer Firewall & Security - lfd.
/etc/csf/csf.logfiles shows path for “all” and for Debian. Nothing for Virtualmin.
/var/log/messages
/var/log/lfd.log
/var/log/cxswatch.log
# Debian/Ubuntu:
/var/log/auth.log
/var/log/daemon.log
/var/log/syslog
Test iptables says everything is ok.
I can add that IP Country based filtering is working.
So csf is active and does things.
I have also restarted csf and the server, but View Iptables logs => No logs entries found and View ldf Statistics => No statistical data has been collected yet
Debian using systems /journalctl so no real logs are created?
CSF in Virtualmin is running, but logs are empty
Re: CSF in Virtualmin is running, but logs are empty
Ha ha... 
I realize that CSF support for Debian does not includes version 12 (https://configserver.com/configserver-s ... -firewall/ *Debian v8 – v11).
Still it seems to me that CSF is working fine on Debian 12 and my only issue is with the logs.
Am I wrong to assume such ?
---
In Debian 12, logs are now managed by systemd-journald, and /var/log/syslog does not exist by default, but rsyslog is still available and can be configured to store logs in /var/log/syslog.
What (smart) people thinks ?
Bernard
I realize that CSF support for Debian does not includes version 12 (https://configserver.com/configserver-s ... -firewall/ *Debian v8 – v11).
Still it seems to me that CSF is working fine on Debian 12 and my only issue is with the logs.
Am I wrong to assume such ?
---
In Debian 12, logs are now managed by systemd-journald, and /var/log/syslog does not exist by default, but rsyslog is still available and can be configured to store logs in /var/log/syslog.
What (smart) people thinks ?
Bernard
-
ForumAdmin
- Moderator
- Posts: 1531
- Joined: 01 Oct 2008, 09:24
Re: CSF in Virtualmin is running, but logs are empty
You will need to install rsyslog on Debian 12 as it doesn't include it by default:
Code: Select all
apt install rsyslogRe: CSF in Virtualmin is running, but logs are empty
Thank you for your reply and help.
I installed rsyslog and see /var/log/syslog being populated.
I restarted CSF and I can see changes under the Watch system logs (4 more logs added)
However, View iptables Logs were still empty "No logs entries found".
On my csf.conf I saw a lot of path that goes to "/var/log/messages" including "IPTABLES_LOG" and I don't have such file in my /var/log/
I changed
to
I finally started to see things.
Testing iptables are all ok.
Is it what is expected ?
It doesn't look like the iptables logs at : https://configserver.com/configserver-s ... -firewall/
Should change all "/var/log/messages" to "/var/log/syslog" ?
I installed rsyslog and see /var/log/syslog being populated.
I restarted CSF and I can see changes under the Watch system logs (4 more logs added)
However, View iptables Logs were still empty "No logs entries found".
On my csf.conf I saw a lot of path that goes to "/var/log/messages" including "IPTABLES_LOG" and I don't have such file in my /var/log/
Code: Select all
SU_LOG = "/var/log/messages"
FTPD_LOG = "/var/log/messages"
IPTABLES_LOG = "/var/log/messages"
SUHOSIN_LOG = "/var/log/messages"
BIND_LOG = "/var/log/messages"
Code: Select all
IPTABLES_LOG = "/var/log/messages"Code: Select all
IPTABLES_LOG = "/var/log/syslog"Testing iptables are all ok.
Is it what is expected ?
It doesn't look like the iptables logs at : https://configserver.com/configserver-s ... -firewall/
Should change all "/var/log/messages" to "/var/log/syslog" ?
Last edited by jonedoe on 10 Mar 2025, 19:23, edited 2 times in total.
Re: CSF in Virtualmin is running, but logs are empty
A little bit more on this...
I replaced all path at csf.conf from “/var/log/messages” to “/var/log/syslog” so it look like this:
```
HTACCESS_LOG = "/var/log/apache2/error.log"
MODSEC_LOG = "/var/log/apache2/error.log"
SSHD_LOG = "/var/log/auth.log"
SU_LOG = "/var/log/syslog"
SUDO_LOG = "/var/log/secure"
FTPD_LOG = "/var/log/syslog"
SMTPAUTH_LOG = "/var/log/secure"
POP3D_LOG = "/var/log/mail.log"
IMAPD_LOG = "/var/log/mail.log"
IPTABLES_LOG = "/var/log/syslog"
SUHOSIN_LOG = "/var/log/syslog"
BIND_LOG = "/var/log/syslog"
SYSLOG_LOG = "/var/log/syslog"
WEBMIN_LOG = "/var/log/auth.log"
```
*only /var/log/secure doesn't exist*
On the same csf.conf I turned "ON" all statistics tools.
I also (after upgrading to Debian 12.10) installed gd graphics library and the
GD::Graph perl module with all dependent modules.
As results:
I have a new button "View system statistics" on the csf interface. Not really essential as I have already most of this information elsewhere.
The "view iptables log" still look un-complete/broken.
The View lfd blocking statistics is still empty.
I replaced all path at csf.conf from “/var/log/messages” to “/var/log/syslog” so it look like this:
```
HTACCESS_LOG = "/var/log/apache2/error.log"
MODSEC_LOG = "/var/log/apache2/error.log"
SSHD_LOG = "/var/log/auth.log"
SU_LOG = "/var/log/syslog"
SUDO_LOG = "/var/log/secure"
FTPD_LOG = "/var/log/syslog"
SMTPAUTH_LOG = "/var/log/secure"
POP3D_LOG = "/var/log/mail.log"
IMAPD_LOG = "/var/log/mail.log"
IPTABLES_LOG = "/var/log/syslog"
SUHOSIN_LOG = "/var/log/syslog"
BIND_LOG = "/var/log/syslog"
SYSLOG_LOG = "/var/log/syslog"
WEBMIN_LOG = "/var/log/auth.log"
```
*only /var/log/secure doesn't exist*
On the same csf.conf I turned "ON" all statistics tools.
I also (after upgrading to Debian 12.10) installed gd graphics library and the
GD::Graph perl module with all dependent modules.
As results:
I have a new button "View system statistics" on the csf interface. Not really essential as I have already most of this information elsewhere.
The "view iptables log" still look un-complete/broken.
The View lfd blocking statistics is still empty.