The Importance of Checking the “lfd.log” File

A substantial portion of our work for our managed clients consists of monitoring their servers, and a large part of that monitoring consists of checking the logs, and seeing if there is anything unusual about them.

We check all the pertinent logs, but there is one log file that is really close to our hearts, and it is the lfd.log file which is located under the /var/log folder. The lfd.log file contains many actions such as:

  • ModSecurity/CSF blocks/unblocks.
  • Memory issues with scripts (e.g. scripts that are trying to consume more memory than they are allowed).
  • Timeout issues with scripts (e.g. scripts that are not getting executed within the server timeout limit).

All of the above are generally associated with malicious behavior on the server, but, in many cases on Joomla sites, the behavior that might be causing any of the above is benign, and either indicates some poor programming practices or the need for a more powerful machine.

Some benign issues reported in the lfd.log file can be fixed simply by modifying the server settings (e.g. increasing the memory limit, disabling rules in ModSecurity, etc…), but some other (also benign) issues really require a serious optimization of one or several Joomla extensions, or the absolute need for a server upgrade.

Of course, the lfd.log file is also a great place to check for attacks on the website, and that’s the beauty of it: you have one file that you can check for monitoring both benign/malicious issues on your website, and that’s why we love it so much and why we encourage you to check it!

We hope that you found this short post helpful and enlightening. If you are having issues (any issues) on your Joomla website then please contact us. Our rates are always right, our work is always clean, and we are always excited for challenging Joomla tasks!

No comments yet.

Leave a comment