If you’re not seeing any activity related to IPDB blocking in rsyslog, follow these steps to diagnose and fix the issue.
1. Verify if Rsyslog is Running
Run the following command to check the status of rsyslog:
systemctl status rsyslogIf it's not running, start and enable it:
systemctl start rsyslog
systemctl enable rsyslog
systemctl restart rsyslogIf rsyslog isn’t installed, install + start it:
apt update
apt install -y rsyslog
systemctl enable --now rsyslog
systemctl start rsyslog2. Check Syslog File Permissions
Ensure that /var/log/syslog exists and has the correct permissions:
ls -lah /var/log/syslogIf the file is missing, create it manually:
touch /var/log/syslog
chown syslog:adm /var/log/syslog
chmod 640 /var/log/syslog
systemctl restart rsyslog3. Verify IPDB Logging
Once rsyslog is running, check if cPFence is blocking any IPs by running:
sudo tail -f /var/log/syslog | grep -E 'cPFence Blocked:|cPFence DDos Protection:|Brute-force Protection'You should see at least one or two IPs being blocked per minute.
4. Check If Rsyslog Stopped Unexpectedly
If rsyslog was inactive, logging would not have been possible even though protection was active. To check why rsyslog was inactive, run:
journalctl -u rsyslog --no-pager | tail -20Or check if any system units have failed:
systemctl list-units --failedIf rsyslog was stopped unexpectedly, restarting it should immediately restore logging.
Still No Logging?
Make sure cPFence IPDB and DDos protections are running:
cpfence --enable-ipdb
cpfence --enable-DDosAdditionally, restarting IPDB may fix the issue:
cpfence --restart-ipdbNeed Further Assistance?
Visit our Knowledgebase or contact our support team for help.
