I've set up CSF within Virtualmin, including the admin module successfully using the documentation instructions to the letter. Virtualmin is running on a fully patched Ubuntu 18.04.5 running on AWS with a firewall rule in AWS set to block SSH port 22 to only accept connections from my IP address, no other rules in AWS firewall. All seems to work well. Virtualmin is set up with one domain running a Wordpress website over SSL.
Running "Check server security" comes back 38/39, only returning "Check SSH on non-standard port" but otherwise no issues or errors flagged.
Running "Test iptables" also returns no issues, with all tests returning "OK" and "RESULT: csf should function on this server".
Nothing outwardly seems misconfigured or returns an error. TESTING mode is definitely off.
The issue I'm having is that clicking "View iptables log" always returns "No logs entries found", even after months of use. Similarly when I click "View lfd statistics", it's currently returning "No statistical data has been collected yet" and before I had used the "Reinstall csf" button to start from scratch it was showing data that basically never changed and seemed to not be updating.
One of the features I've set up in CSF and have had working fine on another web host with CSF was the country block feature. I've got it set up on this server with the Maxmind ip database and again, I can't see any errors but have no way of verifying if it's actually doing any country level checking or blocking.
I'm wondering if CSF is in fact working correctly in the background or if it looks like it's set up correctly but some config somewhere either in CSF or Virtualmin is not connecting up properly. I'm not sure if CSF is accessing the correct logs within Virtualmin or if there's something in Virtualmin that I'd need to set up to get CSF able to monitor traffic in the normal way. Within Webmin>Networking , I do have the IPv4 "Linux firewall" enabled at boot since I'm assuming this is the service that CSF hooks into. FirewallD has been disabled both in Webmin and I also ran the CSF script to disable other firewalls.
In any case, I'd appreciate any advice as to how to investigate the iptables log and the lfd statistics seemingly being empty and just generally step through what needs to connect up and where the problem might be. Seems like it could be a simple misconfiguration somewhere.