to Syslog or not to Syslog ??

Hi I hope you can help.

CSF has an option for a "Syslog check" - which it states is good for security to stop bruteforce attacks on the logs...

When I enable the syslog_check though I get emails such as:

Time:  Sat Mar  4 12:00:23 2017 +0000
Error: Failed to detect code [hzYGHF47QXVRduy0] in SYSLOG_LOG [/var/log/messages]

SYSLOG may not be running correctly on server

I just wondered if Virtualmin by default doesn't actually use syslog and how to get this to work or if it's best to not set this up? I don't want to harm any logs currently working etc, but would be nice if it helps security to get this working too...

Thanks for any help.

Status: 
Active

Comments

Howdy -- all the distros that Virtualmin supports come with Syslog enabled (even before Virtualmin is installed).

I'm not sure what they code they're referring to is, but you may want to see if there's another log file in /var/log that contains what you're looking for.