Solved No /var/log/messages file

D

Daveos

New member
Joined
Mar 23, 2026
Messages
2
Version: 1.697
linux / debian13

lfd firewall settings keep sending me messages that /var/log/messages doesn't exist (and it doesn't).

I've done the basics, verifying rsyslog is running etc.

Code: 
root@server:/var/log# service rsyslog status
● rsyslog.service - System Logging Service
     Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; preset: enabled)
     Active: active (running) since Mon 2026-03-23 23:53:46 UTC; 12min ago
TriggeredBy: ● syslog.socket
       Docs: man:rsyslogd(8)
             man:rsyslog.conf(5)
             https://www.rsyslog.com/doc/
    Process: 228758 ExecStartPre=/usr/lib/rsyslog/reload-apparmor-profile (code=exited, status=0/SUCCESS)
   Main PID: 228763 (rsyslogd)
      Tasks: 4 (limit: 4601)
     Memory: 1.6M (peak: 5.2M)
        CPU: 130ms
     CGroup: /system.slice/rsyslog.service
             └─228763 /usr/sbin/rsyslogd -n -iNONE

Mar 23 23:53:46 server systemd[1]: Starting rsyslog.service - System Logging Service...
Mar 23 23:53:46 server systemd[1]: Started rsyslog.service - System Logging Service.

This says it should: https://docs.directadmin.com/directadmin/general-usage/directories-and-locations.html

I'm at a loss at this point, I know ubuntu doesn't use /var/log/messages but does directadmin use it? Should I just tell the firewall to not look at it?

Thanks
David
 
I think I got this sorted.

Had to uncomment a line in the rsyslog config in
Code: 
/etc/rsyslog.d/50-default.conf

Code: 
*.=info;*.=notice;*.=warn;\
        auth,authpriv.none;\
        cron,daemon.none;\
        mail,news.none          -/var/log/messages

Then make the /var/log/messages file
Code: 
touch /var/log/messages

Set permissions right

Code: 
sudo chown syslog:adm /var/log/messages
sudo chmod 640 /var/log/messages

Restart it
Code: 
systemctl restart rsyslog

Seems to have done the trick.
 
Daveos said:
Seems to have done the trick.
Click to expand...
Good choice. Earlier on Debian used /var/log/syslog and then one could just change /var/log/messages to /var/log/syslog in the csf.conf file and restart csf and lfd and things were fine.

However since Debian 12, the Syslog is replaced by journalctl. Seems the Debian devs forgot that some applications depend on logfiles and sometimes they also require to be saved due to government reasons.

So in that case your solution can fix that issue. Good job!
 
You must log in or register to reply here.
Back
Top