CSF remote rsyslog not working
Posted: 30 Oct 2022, 17:12
Hello everyone,
After googling for some time and not finding anything on this problem I'm asking here for some help.
I've setup remote logging for rsyslog on debian 11 and when CSF / LFD ist enabled, I get the following error for rsyslog:
(changed URL inside of the error message because of limitations)
I also tried setting the RESTRICT_SYSLOG = to 0 or 3 with no effect. If I disable LFD/CSF (csf -x) it works without any issue.
Thank you in advance.
After googling for some time and not finding anything on this problem I'm asking here for some help.
I've setup remote logging for rsyslog on debian 11 and when CSF / LFD ist enabled, I get the following error for rsyslog:
(changed URL inside of the error message because of limitations)
Code: Select all
Oct 30 16:54:08 SERVER85 rsyslogd[994607]: action 'action-0-builtin:omfwd' suspended (module 'builtin:omfwd'), retry 0. There should be messages before this one giving the reason for suspension. [v8.2102.0 try URL ]
Oct 30 16:54:08 SERVER85 rsyslogd[994607]: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0 try URL ]
Oct 30 16:54:08 SERVER85 rsyslogd[994607]: omfwd/udp: socket 8: sendto() error: Operation not permitted [v8.2102.0 try URL ]
Oct 30 16:54:08 SERVER85 rsyslogd[994607]: omfwd: socket 8: error 1 sending via udp: Operation not permitted [v8.2102.0 try URL ]
Oct 30 16:54:08 SERVER85 rsyslogd[994607]: action 'action-0-builtin:omfwd' suspended (module 'builtin:omfwd'), retry 0. There should be messages before this one giving the reason for suspension. [v8.2102.0 try URL ]
Oct 30 16:54:08 SERVER85 rsyslogd[994607]: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0 try URL ]
Oct 30 16:54:08 SERVER85 rsyslogd[994607]: omfwd/udp: socket 8: sendto() error: Operation not permitted [v8.2102.0 try URL ]
Oct 30 16:54:08 SERVER85 rsyslogd[994607]: omfwd: socket 8: error 1 sending via udp: Operation not permitted [v8.2102.0 try URL ]
Oct 30 16:54:08 SERVER85 rsyslogd[994607]: action 'action-0-builtin:omfwd' suspended (module 'builtin:omfwd'), retry 0. There should be messages before this one giving the reason for suspension. [v8.2102.0 try URL ]
Oct 30 16:54:08 SERVER85 rsyslogd[994607]: action 'action-0-builtin:omfwd' suspended (module 'builtin:omfwd'), next retry is Sun Oct 30 16:54:38 2022, retry nbr 0. There should be messages before this one giving the reason for suspension. [v8.2102.0 try URL
Thank you in advance.