Ubuntu: Redirect UFW logs to own file?



Question:

Is there a way I can easily redirect the entries for UFW to their own log file at /var/log/ufw instead of filling up /var/log/syslog as it's becoming tricky to find solutions to problems with all this UFW stuff flying past me?


Solution:1

I'm running Ubuntu 14.04 as well. In my /etc/rsyslog.d/ there's a file 20-ufw.conf which has the following line:

:msg,contains,"[UFW " /var/log/ufw.log

What I've done is delete that file, and at the top of 50-default.conf I added the following:

:msg,contains,"[UFW " /var/log/ufw.log
& stop

Restart rsyslog with sudo service rsyslog restart and your UFW logs should be put into their own file and not into any other.


Solution:2

In Ubuntu 15.10 and Debian Jessie there is a file /etc/rsyslog.d/20-ufw.conf. It contains at the bottom # & ~. Remove the # in front of it to uncomment it and refresh rsyslog with the command /etc/init.d/rsyslog restart so that it takes in account the configuration change.


Solution:3

ufw uses rsyslog for logging to /var/log/syslog or /var/log/messages:

To change the log file, edit /etc/rsyslog.d/50-default.conf and to the top add:

:msg, contains, "UFW" -/var/log/ufw.log  & ~  

This will log all data that contains "UFW" to /var/log/ufw.log will prevent further processing of such data.


Solution:4

On 16.04 just comment out the last line in this file so that it reads

$ tail -1 /etc/rsyslog.d/20-ufw.conf   & stop  

and restart rsyslog

$ sudo systemctl restart rsyslog  

from now on, ufw logs will be in /var/log/ufw.log and not anymore in /var/log/syslog


Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »