LFD SYSLOG Check Failed

[Ryan_D]

Hi,

# Issue

We've been seeing the following error coming through from CSF/LFD recently:

Time: Wed Jun 11 04:27:14 2025 +0000
Error: Failed to detect code [bJjQIF5vceaiNUaw5wtsQkRIEr] in SYSLOG_LOG [/var/log/messages]

SYSLOG may not be running correctly on server.domain.com

# What I've checked:

I've checked checked that rsyslog is running by using:

Code: Select all

systemctl status rsyslog

I've checked that /var/log/messages is being written to with:

Code: Select all

logger "CSF LFD syslog test"
tail -n 20 /var/log/messages

I've checked that /etc/systemd/journald.conf is NOT forwarding journal entries to /var/log/messages.

I've checked /etc/rsyslog.conf is logging the correct items

Code: Select all

*.info;mail.none;authpriv.none;cron.none    /var/log/messages[/code}

I've checked that /etc/csf/csf.conf has the correct log path:
[code]SYSLOG_LOG = "/var/log/messages"

I've checked the write speed/delay with the following, which returns OK so it's not a write delay issue.

Code: Select all

CSFCODE="TEST-$(date +%s)"
logger -p daemon.notice "$CSFCODE"
sleep 1
grep -q "$CSFCODE" /var/log/messages && echo "OK" || echo "FAIL"

I've double checked the write speed/delay up modifying /etc/csf/csf.conf to have a bigger waiting period

Code: Select all

LF_SYSLOGD_DELAY = "3"

I'm not sure what I'm missing... how does one fix this?