Where can I find CSF logs?

David Beroff

Well-known member
Registered
Joined
Jun 14, 2016
Messages
1,476
Points
63
I have installed CSF on my VPS hosting and there are some people contacted me they could not access my site like they were blocked by my firewall, I want to find out the problem from log files of CSF, where can I find it and how solve this problem?
 

AlbaHost

Well-known member
Moderator
Hosting Provider
Joined
Jan 18, 2017
Messages
774
Points
43

liveinhost

Member
Hosting Provider
Registered
Joined
Jan 18, 2017
Messages
48
Points
8
If you type the below command you can see the reason for the IP block in your server.
csf -g IP_ADDRESS

csf -dr IP_ADDRESS ( to remove the IP from your firewall)

After that type csf -r to restart the firewall.
 

Dewlance

Well-known member
Hosting Provider
Registered
Joined
Dec 20, 2014
Messages
114
Points
18
In my server I found /var/log/lfd.logs file.

Other is /var/logs/messages and also monitor CSF alert (Enable alert/notify option in your CSF configuration).
 

HostingWaves

Member
Registered
Joined
Jan 16, 2017
Messages
53
Points
0
CSF logs are stored in /var/log/lfd.logs
 

David Beroff

Well-known member
Registered
Joined
Jun 14, 2016
Messages
1,476
Points
63
In my server I found /var/log/lfd.logs file.

Other is /var/logs/messages and also monitor CSF alert (Enable alert/notify option in your CSF configuration).
CSF logs are stored in /var/log/lfd.logs
thanks you guys for sharing this piece of this info but when I typed this in SSH

nano /var/log/lfd.logs
there is no content there.

Is it possible to check if a file is existing in a folder in VPS, for example lfd.logs is existing in /var/log/?
 

HostingWaves

Member
Registered
Joined
Jan 16, 2017
Messages
53
Points
0
You can run below command to confirm if file is present:

------
[root@localhost ~]# ls -ld /var/log/lfd.log
-rw------- 1 root root 12059 Mar 2 00:00 /var/log/lfd.log
------
 

mobin

Well-known member
Registered
Joined
Jun 22, 2017
Messages
234
Points
28
How to solve - thats the main question here

How to check whether they are blocked in CSF ?
1. Collect the visitor's public IP address.
2. run command "csf -g <IP ADDRESS>" as root user from your server command line and check output. Its far better to check IP block than going through logs manually.

How to unblock if the IP address is blocked?
1. If its permanent block, run the command "csf -dr <IP ADDRESS>" as root user from your server command line
2. If its temporary block, run the command "csf -tr <IP ADDRESS>" as root user from your server command line

Also you need to let them know why the IP address was blocked [ you shiuld get the reason from csf -g command ] and ask them to take care to avoid another block.
 

hostguy

Member
Registered
Joined
Sep 9, 2020
Messages
49
Points
6
Yes, its very important to learn use of linux command if you are a server administrator.
But if you are on shared server then you can take help of them.
You should check your logs in /var/log/lfd.log and also you can check logs in /var/log/messages for CSF.
 

MooseLucifer

Well-known member
Registered
Joined
May 20, 2016
Messages
149
Points
28
The log files for ConfigServer Security & Firewall (CSF) can usually be found in the /var/log/ directory on your VPS hosting. The specific file you're looking for is usually named "lfd.log".

To find out why someone is being blocked by your firewall, you can look for entries in this log file that relate to their IP address. If you find an entry for the blocked IP address, it will likely include the reason for the block, such as "Failed Login Attempts" or "Excessive resource usage".

Once you have determined the reason for the block, you can take steps to resolve the issue and allow the IP address to access your site again. Some common solutions include:
  1. Modifying the firewall rules in CSF to allow the IP address. You can do this by accessing the CSF configuration file, which is usually located at /etc/csf/csf.conf.
  2. Whitelisting the IP address in the firewall so that it is never blocked in the future. You can do this by adding the IP address to the "CSF Whitelist" in the CSF configuration file.
  3. Increasing the threshold for triggering a block in the firewall. For example, if the IP address is being blocked due to failed login attempts, you can increase the number of allowed attempts before a block is triggered.
  4. Addressing the underlying issue that is causing the block to occur, such as a vulnerability in your website code or weak passwords.
It is important to note that making changes to your firewall can have serious consequences if not done correctly, so make sure to thoroughly understand the implications of any changes you make before implementing them. If you're not familiar with firewall configurations and the Linux command line, it may be best to consult a professional for assistance.

You can use the following command to find the log file for ConfigServer Security & Firewall (CSF) on your VPS hosting:

Code:
sudo find / -name "lfd.log"

This command will search the entire file system on your VPS hosting for a file named "lfd.log". Once you have found the file, you can view its contents using the cat or less command:

Code:
sudo cat /path/to/lfd.log
or

Code:
sudo less /path/to/lfd.log
The less command allows you to view the contents of the file one page at a time, which can be useful if the file is very large. You can navigate through the file using the up and down arrow keys, and exit the less command by pressing q.
 

Tech Simon

New member
Registered
Joined
Jul 19, 2023
Messages
2
Points
1
Hello
If I want to start a server with a strong host that won't cause any problems, what vps should I use that has IPs?
 

Latest Hosting OffersNew Reviews

Sponsors

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top