CSF remote rsyslog not working

Post Reply
Trickle
Junior Member
Posts: 1
Joined: 30 Oct 2022, 15:51

CSF remote rsyslog not working

Post by Trickle »

Hello everyone,

After googling for some time and not finding anything on this problem I'm asking here for some help.

I've setup remote logging for rsyslog on debian 11 and when CSF / LFD ist enabled, I get the following error for rsyslog:
(changed URL inside of the error message because of limitations)

Code: Select all

Oct 30 16:54:08 SERVER85 rsyslogd[994607]: action 'action-0-builtin:omfwd' suspended (module 'builtin:omfwd'), retry 0. There should be messages before this one giving the reason for suspension. [v8.2102.0 try URL ]
Oct 30 16:54:08 SERVER85 rsyslogd[994607]: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0 try URL ]
Oct 30 16:54:08 SERVER85 rsyslogd[994607]: omfwd/udp: socket 8: sendto() error: Operation not permitted [v8.2102.0 try URL ]
Oct 30 16:54:08 SERVER85 rsyslogd[994607]: omfwd: socket 8: error 1 sending via udp: Operation not permitted [v8.2102.0 try URL ]
Oct 30 16:54:08 SERVER85 rsyslogd[994607]: action 'action-0-builtin:omfwd' suspended (module 'builtin:omfwd'), retry 0. There should be messages before this one giving the reason for suspension. [v8.2102.0 try URL ]
Oct 30 16:54:08 SERVER85 rsyslogd[994607]: action 'action-0-builtin:omfwd' resumed (module 'builtin:omfwd') [v8.2102.0 try URL ]
Oct 30 16:54:08 SERVER85 rsyslogd[994607]: omfwd/udp: socket 8: sendto() error: Operation not permitted [v8.2102.0 try URL ]
Oct 30 16:54:08 SERVER85 rsyslogd[994607]: omfwd: socket 8: error 1 sending via udp: Operation not permitted [v8.2102.0 try URL ]
Oct 30 16:54:08 SERVER85 rsyslogd[994607]: action 'action-0-builtin:omfwd' suspended (module 'builtin:omfwd'), retry 0. There should be messages before this one giving the reason for suspension. [v8.2102.0 try URL ]
Oct 30 16:54:08 SERVER85 rsyslogd[994607]: action 'action-0-builtin:omfwd' suspended (module 'builtin:omfwd'), next retry is Sun Oct 30 16:54:38 2022, retry nbr 0. There should be messages before this one giving the reason for suspension. [v8.2102.0 try URL
I also tried setting the RESTRICT_SYSLOG = to 0 or 3 with no effect. If I disable LFD/CSF (csf -x) it works without any issue.

Thank you in advance.
Post Reply