UFW is not logging how do I troubleshoot?
Solution 1
The log files are in /var/log/. To get a list of UFW related logs run the following at the command line:
ls /var/log/ufw*
Your results should appear like this:
$ ls /var/log/ufw*
/var/log/ufw.log /var/log/ufw.log.2.gz /var/log/ufw.log.4.gz
/var/log/ufw.log.1 /var/log/ufw.log.3.gz
If you do not have logs there you may want to double check the status and settings for UFW.
sudo ufw status verbose
You should get a result like this:
$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing)
New profiles: skip
If logging is off then you need to turn it on by running the following command:
sudo ufw logging low
If you do not have any log files then you can check to see if rsyslogd is running by typing:
sudo service rsyslog status
You should get a result as follows:
$ sudo service rsyslog status
rsyslog start/running, process 991
If it does not show that it is running you can try to start the service:
sudo service rsyslog restart
Solution 2
last time i checked the log file for ufw it was in the
/var/log/ufw.log
folder, with a lot of other files
Solution 3
Just to add to @cprofitt's answer, I had an issue where UFW was showing:
sudo ufw status verbose
Status: active
Logging: on (low)
But it was not logging. I went through several gyrations, including disable/re-enabling ufw. Checking rsyslog conf, restarting rsyslog. All without any positive results. Still nothing going to the logfile.
I did a sudo ufw logging low and logs started growing once again. So ufw was obviously in some state where it would not write to the logs.
Related videos on Youtube
08 : 11
27 : 51
13 : 16
02 : 36
09 : 31
sureshvv
Updated on September 18, 2022Comments
-
sureshvv over 1 year
I have set logging to high.
I am not seeing any log messages.
I do see the empty ufw.log file.
No messages in dmesg
-
Prasad RD about 12 yearsCheck this in the terminal "Sudo Ufw status" if the yfw is enabled you may have a problem with loging events
-
blade19899 almost 12 yearsif any of these answers "answered" your question please accept one of them :)
-
Carlo Wood about 4 years8 years later.... Still no logging. How the $%!@$ is the maintainer of this sh1t? And no, nothing of the below helped me. There is no/var/log/ufw*, there is nothing in syslog, changing log level doesn't make a difference.
-
-
Prasad RD about 12 yearsNo, what he mentioned there is the log folder!. Anyone knows it isn't a folder if it ends with an extension :-)
-
RobotHumans about 12 yearsnot true of the .d extension...and it's a 1 rep asker...so maybe not 'Anyone'
-
Prasad RD about 12 yearsSorry then, that is the far as i know
-
sureshvv about 12 yearsrsyslog was running. I restarted. logging level already set to high. Still no joy! ufw.log is empty. What events are logged? Will attempt to access any port that has a DENY rule be logged?
-
gcode about 4 yearsSorry to bump this, but I also ran into the issue of ufw not logging and a similar solution to this fixed it for me. I had to set
ufw loggingtomediumin order for it to even generate a ufw.log file. Previously, even with logging low, the file wasn't even being made. Thank you! -
Ronald Johnson over 3 yearsah, my mistake. comment is correct. i made a mistake when i thought it was the original poster. will take more care. still kind of new but as this is turning out to be a great resource will make sure i get original poster/posts accurate. -
Ronald Johnson over 3 yearsi was able to fix this issue immediately after reading the entirety of this thread. additionally, the fact that /var/log/ufw.log doesnt exist on new inst of 20.04, does not get created on enabling ufw, might just save someone some time in the future, as it did me.
