How do I enable wireguard logging on 7.1beta6

RouterOS RouterOS beta
1

I can’t find a way to enable wireguard logging on 7.1beta6:

[admin@router01] > /system/logging/add topics=         
account  bgp     certificate  dhcp   e-mail    gps      igmp-proxy  iscsi  ldp      mme   ospf    poe-out  radius  rip    script     snmp   store      tftp    upnp     watchdog   !
async    bridge  critical     dns    error     gsm      info        isdn   lora     mpls  ovpn    ppp      radvd   route  sertcp     ssh    stp        timer   ups      web-proxy  
backup   calc    ddns         dot1x  event     health   interface   kvm    lte      mqtt  packet  pppoe    raw     rpki   simulator  sstp   system     tr069   vrrp     wireless   
bfd      caps    debug        dude   firewall  hotspot  ipsec       l2tp   manager  ntp   pim     pptp     read    rsvp   smb        state  telephony  update  warning  write      
[admin@router01] > /system/logging/add topics=
2

I don’t think there are any logs for WG as of now (not that much can be logged there as it’s a stateless protocol).

3

At the very least I need to know what peer logged on, from what IP address and when for audit purposes. I can do this on EdgeOS (Ubiquiti).

4

I use a fw rule like this to log incoming connections:

/ip firewall filter add action=accept chain=input comment="Wireguard Port" dst-port=12345 in-interface=ether1-Gateway log=yes log-prefix="WIREGUARD " protocol=udp

12345 is the listen port of your WG interface, ether1-Gateway the interface where clients connections arrive.

5

but I only receive it when I log in, and the same message is repeated many times


wireguard input: in:ether8-LAN2de2 out:(unknown 0), connection-state:new src-mac 00:1a:8c:51:88:15, proto UDP, 172.0.2.25:13233->190.15.204.89:13233, len 124
wireguard input: in:ether8-LAN2de2 out:(unknown 0), connection-state:new src-mac 00:1a:8c:51:88:15, proto UDP, 172.0.2.25:13233->190.15.204.89:13233, len 124

wireguard input: in:ether8-LAN2de2 out:(unknown 0), connection-state:new src-mac 00:1a:8c:51:88:15, proto UDP, 172.0.2.25:13233->190.15.204.89:13233, len 124

wireguard input: in:ether8-LAN2de2 out:(unknown 0), connection-state:new src-mac 00:1a:8c:51:88:15, proto UDP, 172.0.2.25:13233->190.15.204.89:13233, len 124

I would need to have a way to record the start and end of the session.


With PPP in system/logging i can enable this topics (info, account)