Community discussions

MikroTik App
 
ilium007
Member Candidate
Member Candidate
Topic Author
Posts: 206
Joined: Sun Jan 31, 2010 9:58 am
Location: Newcastle, Australia

How do I enable wireguard logging on 7.1beta6

Wed May 26, 2021 1:39 pm

I can't find a way to enable wireguard logging on 7.1beta6:
[admin@router01] > /system/logging/add topics=         
account  bgp     certificate  dhcp   e-mail    gps      igmp-proxy  iscsi  ldp      mme   ospf    poe-out  radius  rip    script     snmp   store      tftp    upnp     watchdog   !
async    bridge  critical     dns    error     gsm      info        isdn   lora     mpls  ovpn    ppp      radvd   route  sertcp     ssh    stp        timer   ups      web-proxy  
backup   calc    ddns         dot1x  event     health   interface   kvm    lte      mqtt  packet  pppoe    raw     rpki   simulator  sstp   system     tr069   vrrp     wireless   
bfd      caps    debug        dude   firewall  hotspot  ipsec       l2tp   manager  ntp   pim     pptp     read    rsvp   smb        state  telephony  update  warning  write      
[admin@router01] > /system/logging/add topics=
 
User avatar
kiler129
Member
Member
Posts: 352
Joined: Tue Mar 31, 2015 4:32 pm
Location: IL, USA
Contact:

Re: How do I enable wireguard logging on 7.1beta6

Wed May 26, 2021 2:37 pm

I don't think there are any logs for WG as of now (not that much can be logged there as it's a stateless protocol).
 
ilium007
Member Candidate
Member Candidate
Topic Author
Posts: 206
Joined: Sun Jan 31, 2010 9:58 am
Location: Newcastle, Australia

Re: How do I enable wireguard logging on 7.1beta6

Wed May 26, 2021 2:46 pm

At the very least I need to know what peer logged on, from what IP address and when for audit purposes. I can do this on EdgeOS (Ubiquiti).
 
DL7JP
Frequent Visitor
Frequent Visitor
Posts: 85
Joined: Sat Oct 19, 2013 4:14 pm

Re: How do I enable wireguard logging on 7.1beta6

Thu May 27, 2021 12:14 am

At the very least I need to know what peer logged on, from what IP address and when for audit purposes. I can do this on EdgeOS (Ubiquiti).
I use a fw rule like this to log incoming connections:
/ip firewall filter add action=accept chain=input comment="Wireguard Port" dst-port=12345 in-interface=ether1-Gateway log=yes log-prefix="WIREGUARD " protocol=udp 
12345 is the listen port of your WG interface, ether1-Gateway the interface where clients connections arrive.

Who is online

Users browsing this forum: DigitalOcean [Bot] and 19 guests