SOLVED-lfd on Hostname SYSLOG Check Failed

0

SOLVED-lfd on Hostname SYSLOG Check Failed

 

The problem is related to a known bug involving imjournal (https://bugzilla.redhat.com/show_bug.cgi?id=1088021) that prevents rsyslogd from logging properly and that, in turn, triggers the “SYSLOG Check Failed” LFD alert message.

Solution
In /etc/rsyslog.conf, the following lines had to be adjusted:
#$ModLoad imjournal # provides access to the systemd journal
^^ Commented Out
+
$OmitLocalLogging off
#$IMJournalStateFile imjournal.state
(Details)
(“$ModLoad imjournal” and “$IMJournalStateFile” should be commented out and “$OmitLocalLogging” should be switched to “off”.)

Then /etc/rsyslog.d/*.conf needed to be commented out in /etc/rsyslog.conf also because that was including references that were causing issues as well.
#$IncludeConfig /etc/rsyslog.d/*.conf

After the changes and restarting it (/usr/local/cpanel/scripts/restartsrv rsyslogd) we could test by inserting a line (logger -p auth.notice “test123”) into the log and then searching for the text to confirm the log was working properly again.
root@makeme [~]# logger -p auth.notice “test123”
root@makeme [~]# grep “test123” /var/log/messages
Jan 27 16:00:27 zmanz root: test123

 

 

SOLVED-lfd on  Hostname  SYSLOG Check Failed

Share.

About Author

Comments are closed.