Page 1 of 1
Email alert for cPanel/WHM logins
Posted: 01 Oct 2019, 12:11
by armitage318
Hi, I am using csf: v13.06 on WHM server (CentOS Linux release 7.7.1908 (Core)).
It seems I am no longer receive email alert whem someone access through WHM or cPanel.
My IP is not listed csf.allow or csf.ignore .
My relevant config is:
Code: Select all
LF_CPANEL_ALERT = "1"
LF_CPANEL_ALERT_USERS = "all"
thank you!
Re: Email alert for cPanel/WHM logins
Posted: 05 Oct 2019, 21:06
by BallyBasic79
Suggestions:
1. Verify if LFD has identified the login by searching the main log:
If no, the feature is not working.
If yes,
2. Verify email was sent by searching the email log:
Code: Select all
grep WHM/cPanel /var/log/exim_mainlog
If no, something is wrong somewhere. Verify where email to root are supposed to be sent.
If yes, verify that your incoming mail server has not filtered it.
Note, this alert will be ignored for IPs listed in csf.ignore, so good job checking that first.
HTH
Re: Email alert for cPanel/WHM logins
Posted: 07 Oct 2019, 11:37
by armitage318
Hi, I founded nothing in /var/log/lfd.log
But I confirm my access is logged fine in /usr/local/cpanel/logs/login_log
Furthermore, lfd.log says:
Code: Select all
Oct 7 12:34:13 vm lfd[15863]: Watching /var/log/customlog...
Oct 7 12:34:13 vm lfd[15863]: Watching /var/log/messages...
Oct 7 12:34:13 vm lfd[15863]: Watching /var/log/exim_mainlog...
Oct 7 12:34:13 vm lfd[15863]: Watching /etc/apache2/logs/error_log...
Oct 7 12:34:13 vm lfd[15863]: Watching /usr/local/cpanel/logs/access_log...
Oct 7 12:34:13 vm lfd[15863]: Watching /var/log/secure...
Oct 7 12:34:13 vm lfd[15863]: Watching /usr/local/cpanel/logs/login_log...
Thank you
so I guess, the alert should be triggered fine!
Re: Email alert for cPanel/WHM logins
Posted: 07 Oct 2019, 12:14
by armitage318
Sorry, I just discovered that probably this was my problem:
(my country is ITALY).
Anyway, why should this settings affect even login alerts?
Re: Email alert for cPanel/WHM logins
Posted: 07 Oct 2019, 17:39
by BallyBasic79
*_IGNORE does exactly what it says.
Look through these forums and you will complaints on every page of listings asking, "How can I make the notifications stop?"
Also consider why you are ignoring all traffic in Italy.
Re: Email alert for cPanel/WHM logins
Posted: 08 Oct 2019, 11:41
by armitage318
Sorry, but:
Code: Select all
# This Country Code list will prevent lfd from blocking IP address hits for the
# listed CC's
#
# CC_LOOKUPS must be enabled to use this option
CC_IGNORE = ""
There is absolutely no mention to ignore logins (ssh, whm, and so on)