search
About me
githubEdit

Managing WireGuard Logs with Systemd and Logrotate ๐Ÿ”ฅ

When managing a VPN like WireGuard, logging is crucial for monitoring activity, debugging issues, and ensuring security. But if left unchecked, logs can grow rapidly and become unmanageable.

In this guide, weโ€™ll set up Systemd to capture WireGuard logs dynamically and use Logrotate to keep them under control automatically.

hashtag
Setup a Systemd file to store logs

Step 1: Create a Systemd Service to Store Logs

First, we need to create a Systemd service that continuously logs WireGuard activity.

๐Ÿ”น Open a new Systemd service file:

nano /etc/systemd/system/wireguard-log.service

๐Ÿ”น Add the following configuration:

[Unit]
Description=WireGuard Dynamic Debug Logging
After=network.target

[Service]
ExecStart=/bin/bash -c 'dmesg -wT | grep wireguard >> /var/log/wireguard-dyndbg.log'
Restart=always
RestartSec=5
StandardOutput=null
StandardError=null

[Install]
WantedBy=multi-user.target

๐Ÿ”น Reload and restart Systemd to apply changes:

๐Ÿ”น Verify that the service is running:

hashtag
Set Up Logrotate for Automatic Log Management

Now, letโ€™s ensure our logs donโ€™t grow indefinitely by setting up Logrotate.

๐Ÿ”น Install Logrotate (if not already installed):

๐Ÿ”น Create a Logrotate configuration file:

๐Ÿ”น Add the following configuration to manage log rotation:

Test Your Log Rotation Setup

To force log rotation manually:

PreviousSetting up WireguardNextCloudflare Tunnels: The Cybersecurity Pro's Secret Weapon for Secure Cloud Access

Last updated