Fix SYSLOG check failed on Ubuntu Server 16.04

If you use Ubuntu Server and decided to install some firewall or log monitoring (UFW, LFD etc.), you can receive strange mails about SYSLOG check failed. The example content of such mails is:

Error: Failed to detect code [BlaBlaBla1234BlaBlaBla1234] in SYSLOG_LOG [/var/log/messages]

SYSLOG may not be running correctly on mymachine

You must first check rsyslog service status (service rsyslog status) – Ubuntu uses rsyslog by default and if there is no such service, you should install it. This may not be enough, becuase default rsyslog configuration doesn’t ceate messages log files. To change that, you should edit file /etc/rsyslog.d/50-default.conf (file may be called differently!) and uncomment that section:

*.=info;*.=notice;*.=warn;\
auth,authpriv.none;\
cron,daemon.none;\
mail,news.none -/var/log/messages

It is responsible for saving logs to /var/logmessages file. You can also uncomment or comment other settings in that file – rsyslog provides many informations about mails, kernel, user actions or debug info. After that just restart service. Firewalls and monitoring services should work fine now.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.