You are receiving such messages on your cPanel/CentOS server with CSF installed?
Time: Wed Aug 23 13:31:28 2017 -0500
Error: Failed to detect code [bBBeGfELFkMEGUV4fi] in SYSLOG_LOG [/var/log/messages]
SYSLOG may not be running correctly on server.example.com
These messages are sent by lfd(Login Failure Daemon- part of the Config Server Firewall CSF). It’s not an lfd issue. The issue is with the rsyslog. It is not logging correctly.
There are some options to fix this issue.
First make sure rsyslog is running. Use service rsyslog status command:
root@web [~]# service rsyslog status
Redirecting to /bin/systemctl status rsyslog.service
* rsyslog.service - System Logging Service
Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2017-08-19 07:39:49 EDT; 4 days ago
Main PID: 207 (rsyslogd)
CGroup: /system.slice/rsyslog.service
`-207 /usr/sbin/rsyslogd -n
Aug 19 07:39:49 web systemd[1]: Starting System Logging Service...
Aug 19 07:39:49 web systemd[1]: Started System Logging Service.
root@web [~]#
If it’s not running, try to start it with service rsyslog start:
root@web [~]# service rsyslog status
Redirecting to /bin/systemctl status rsyslog.service
* rsyslog.service - System Logging Service
Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled)
Active: inactive (dead) since Wed 2017-08-23 16:06:25 EDT; 7s ago
Process: 4056 ExecStart=/usr/sbin/rsyslogd -n $SYSLOGD_OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 4056 (code=exited, status=0/SUCCESS)
Aug 23 16:06:13 web systemd[1]: Starting System Logging Service...
Aug 23 16:06:13 web systemd[1]: Started System Logging Service.
Aug 23 16:06:25 web systemd[1]: Stopping System Logging Service...
Aug 23 16:06:25 web systemd[1]: Stopped System Logging Service.
root@web [~]# service rsyslog start
Redirecting to /bin/systemctl start rsyslog.service
root@web [~]# service rsyslog status
Redirecting to /bin/systemctl status rsyslog.service
* rsyslog.service - System Logging Service
Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2017-08-23 16:06:51 EDT; 4s ago
Main PID: 4146 (rsyslogd)
CGroup: /system.slice/rsyslog.service
`-4146 /usr/sbin/rsyslogd -n
Aug 23 16:06:51 web systemd[1]: Starting System Logging Service...
Aug 23 16:06:51 web systemd[1]: Started System Logging Service.
root@web [~]#
Now, let’s check if rsyslog is logging correctly, log a test message:
root@web [~]# logger -p auth.notice "log test"
root@web [~]# grep "log test" /var/log/messages
root@web [~]#
If you don’t see your message rsyslog is not working correctly. To fix this you will need to edit the file /etc/rsyslog.conf. These lines must to commented out:
#$ModLoad imjournal # provides access to the systemd journal
#$IMJournalStateFile imjournal.state
and this option changed to off
$OmitLocalLogging off
To comment a line in the rsyslog.conf file, add a # sign at the beginning of the line.
Then restart the rsyslog with service rsyslog restart:
root@web [~]# service rsyslog restart
Redirecting to /bin/systemctl restart rsyslog.service
root@web [~]#
Test again if the logging is working correctly:
root@web [~]# logger -p auth.notice "log test"
root@web [~]# grep "log test" /var/log/messages
Aug 23 16:09:06 web root: log test
root@web [~]#
Now, everything is running fine and you should not receive any more messages from lfd regarding rsyslog.