Blog

lfd on server.example.com: SYSLOG Check Failed

You are receiving such messages on your cPanel/CentOS server with CSF installed?

Time: Wed Aug 23 13:31:28 2017 -0500
Error: Failed to detect code [bBBeGfELFkMEGUV4fi] in SYSLOG_LOG [/var/log/messages]

SYSLOG may not be running correctly on server.example.com

These messages are sent by lfd(Login Failure Daemon- part of the Config Server Firewall CSF). It’s not an lfd issue. The issue is with the rsyslog. It is not logging correctly.

There are some options to fix this issue.

First make sure rsyslog is running. Use service rsyslog status command:

root@web [~]# service rsyslog status
Redirecting to /bin/systemctl status  rsyslog.service
* rsyslog.service - System Logging Service
   Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled)
   Active: active (running) since Sat 2017-08-19 07:39:49 EDT; 4 days ago
 Main PID: 207 (rsyslogd)
   CGroup: /system.slice/rsyslog.service
           `-207 /usr/sbin/rsyslogd -n

Aug 19 07:39:49 web systemd[1]: Starting System Logging Service...
Aug 19 07:39:49 web systemd[1]: Started System Logging Service.
root@web [~]#

If it’s not running, start it with service rsyslog start:

# service rsyslog start
root@web [~]# service rsyslog start
Redirecting to /bin/systemctl start  rsyslog.service
root@web [~]# service rsyslog status
Redirecting to /bin/systemctl status  rsyslog.service
* rsyslog.service - System Logging Service
   Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2017-08-23 16:06:51 EDT; 4s ago
 Main PID: 4146 (rsyslogd)
   CGroup: /system.slice/rsyslog.service
           `-4146 /usr/sbin/rsyslogd -n

Aug 23 16:06:51 web systemd[1]: Starting System Logging Service...
Aug 23 16:06:51 web systemd[1]: Started System Logging Service.
root@web [~]#

Now, let’s check if rsyslog is logging correctly, log a test message:

root@web [~]# logger -p auth.notice "log test"
root@web [~]# grep "log test" /var/log/messages
root@web [~]#

If you don’t see your message rsyslog is not working correctly. To fix this you will need to edit the file /etc/rsyslog.conf. These lines must to commented out:

#$ModLoad imjournal # provides access to the systemd journal
#$IMJournalStateFile imjournal.state

and this option changed to off

$OmitLocalLogging off

To comment a line in the rsyslog.conf file, add a # sign at the beginning of the line.

Then restart the rsyslog with service rsyslog restart:

# service rsyslog restart
root@web [~]# service rsyslog restart
Redirecting to /bin/systemctl restart  rsyslog.service
root@web [~]#

Test again if the logging is working correctly:

root@web [~]# logger -p auth.notice "log test"
root@web [~]# grep "log test" /var/log/messages
Aug 23 16:09:06 web root: log test
root@web [~]#

Now, everything is running fine and you should not receive any more messages from lfd regarding rsyslog.

This Post Has 6 Comments

  1. Sheldon June 1, 2023 Reply

    worked great. thank you!

  2. CB Studio MX February 3, 2023 Reply

    Best Tutorial to solve problems that start with:

    Error: Failed to detect code [mRYK3ZbtK8xezRI1vVO] in SYSLOG_LOG [/var/log/messages]

    Thank you!

  3. Rahmat S. Masror January 24, 2022 Reply

    Hello,

    I checked and i see syslog working fine and i also grep the message i tested and it’s there and still i am getting failed messages from syslog.

    Thank you

  4. BuyLicense.Cheap September 4, 2020 Reply

    Thank you so much, tested and working

  6. Pradipta Chowdhury May 14, 2020 Reply

    Awesome Solution.

Leave a Reply