Managing WireGuard Logs with Systemd and Logrotate 🔥

When managing a VPN like WireGuard, logging is crucial for monitoring activity, debugging issues, and ensuring security. But if left unchecked, logs can grow rapidly and become unmanageable.

In this guide, we’ll set up Systemd to capture WireGuard logs dynamically and use Logrotate to keep them under control automatically.

Setup a Systemd file to store logs

Step 1: Create a Systemd Service to Store Logs

First, we need to create a Systemd service that continuously logs WireGuard activity.

🔹 Open a new Systemd service file:

nano /etc/systemd/system/wireguard-log.service

🔹 Add the following configuration:

[Unit]
Description=WireGuard Dynamic Debug Logging
After=network.target

[Service]
ExecStart=/bin/bash -c 'dmesg -wT | grep wireguard >> /var/log/wireguard-dyndbg.log'
Restart=always
RestartSec=5
StandardOutput=null
StandardError=null

[Install]
WantedBy=multi-user.target

🔹 Reload and restart Systemd to apply changes:

🔹 Verify that the service is running:

Set Up Logrotate for Automatic Log Management

Now, let’s ensure our logs don’t grow indefinitely by setting up Logrotate.

🔹 Install Logrotate (if not already installed):

🔹 Create a Logrotate configuration file:

🔹 Add the following configuration to manage log rotation:

Test Your Log Rotation Setup

To force log rotation manually: