Menu
How to enable network activity logging in wireguard?
I searched for ways to view the logs on the server but don't see anything under /var/log.
As it's running as a systemd service I can see some minimal info with
sudo systemctl status wg-quick@wg0 but this provides very little info.
Also tried:
journalctl -u wg-quick@wg0 but this does not show much more than the previous command.
Ideally I would like to be able to see peer connections and (optionally) the requests that are being made.
So far the only helpful diagnostic command I've found is sudo wg show wg0 (or just sudo wg) but I wish there was a way to increase the verbosity level and have it display in real time.
It is possible to get some sense of what connections are initiated by using third-party network tools such as tcpdump | grep 10.66.66 (given that the tunnel is set up on 10.66.66.x) and nethogs, but that still does not answer the question how to do it directly via wireguard.
666
If your system is set up with rsyslogd, journald, or a similar logging daemon, you can use it to see this logging. With rsyslogd, check the /var/log/kern. log or /var/log/messages file.
The simplest thing you can do is just SSH into each of the WireGuard hosts on your network, and use WireGuard's built-in status display to check the current status of each interface and peer.
WireGuard has forward secrecy of data packets, thanks to its handshake, but the handshake itself encrypts the sender's public key using the static public key of the responder, which means that a compromise of the responder's private key and a traffic log of previous handshakes would enable an attacker to figure out who ...
Once WireGuard is installed, you can check that the installation succeeded by running: wg , if you get no output it's all good. In order to check that the WireGuard kernel module has loaded you can run sudo modprobe wireguard .
If all you need is peer "connection", i wrote this: https://github.com/nikaro/wirelogd
Wirelogd is a logging daemon for WireGuard. Since WireGuard itself does not log the state of its peers (and since it is UDP based so there is no concept of "connection state"), Wirelogd relies on the latest handshake to determine if a peer is active or inactive. While there is trafic the handshake should be renewed every 2 minutes. If there is no trafic handshake is not renewed. Based on this behavior we assume that if there is no new handshake after a while (default Wirelogd timeout value is 5 minutes), the client is probably inactive.
102
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
