# Managing WireGuard Logs with Systemd and Logrotate 🔥 When managing a **VPN like WireGuard**, logging is crucial for **monitoring activity, debugging issues, and ensuring security**. But if left unchecked, logs can **grow rapidly** and become unmanageable. In this guide, we’ll **set up Systemd** to capture WireGuard logs dynamically and use **Logrotate** to keep them under control automatically. ### Setup a Systemd file to store logs **Step 1: Create a Systemd Service to Store Logs** First, we need to create a Systemd service that continuously logs WireGuard activity. 🔹 Open a new Systemd service file: ``` nano /etc/systemd/system/wireguard-log.service ``` 🔹 Add the following configuration: ``` [Unit] Description=WireGuard Dynamic Debug Logging After=network.target [Service] ExecStart=/bin/bash -c 'dmesg -wT | grep wireguard >> /var/log/wireguard-dyndbg.log' Restart=always RestartSec=5 StandardOutput=null StandardError=null [Install] WantedBy=multi-user.target ``` 🔹 Reload and restart Systemd to apply changes: ``` sudo systemctl daemon-reload sudo systemctl restart wireguard-log.service sudo systemctl enable wireguard-log.service ``` 🔹 Verify that the service is running: ``` sudo systemctl status wireguard-log.service ``` ### **Set Up Logrotate for Automatic Log Management** Now, let’s ensure our logs don’t grow indefinitely by setting up **Logrotate**. 🔹 Install Logrotate (if not already installed): ``` sudo apt update && sudo apt install logrotate -y ``` 🔹 Create a Logrotate configuration file: ``` nano /etc/logrotate.d/wireguard ``` 🔹 Add the following configuration to manage log rotation: ``` /var/log/wireguard-dyndbg.log { daily rotate 7 compress delaycompress missingok notifempty create 0640 root root postrotate systemctl restart wireguard-log.service > /dev/null 2>&1 || true endscript } ``` Test Your Log Rotation Setup ``` sudo logrotate -v /etc/logrotate.d/wireguard ``` To **force** log rotation manually: ``` sudo rm -f /var/lib/logrotate/status sudo logrotate -f /etc/logrotate.d/wireguard ``` ``` ls -lh /var/log/wireguard-dyndbg.log* ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.wehost.co.in/homelab/managing-wireguard-logs-with-systemd-and-logrotate.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.