Home / server / Questions / 1020279
In Process
artfulrobot
Asked: 2020-06-07 00:32:07 +0800 CST

How to see debug logs for WireGuard (e.g. to see authentication attempts)

  • 772

I've successfully set up a WireGuard VPN on my Debian 10 server. It was incredibly straight forward compared to the setup of OpenVPN, and it's working fine.

However, I can't see any logs beyond those from journalctl -u [email protected]. I'd like to know, for example, when there are failed authentication attempts. Is there a way to monitor that? e.g. with openvpn I could use fail2ban based on auth attempts.

wireguard debian-buster

2 Answers

  1. Assuming you are running a 5.6 kernel which supports dynamic debugging, you can enable debug logs by executing:

    # modprobe wireguard 
# echo module wireguard +p > /sys/kernel/debug/dynamic_debug/control

    The logs can than be consumed via dmesg or journalctl. With dmesg, just use following command:

    $ dmesg -wH

    (-H, --human enables user-friendly features like colors, relative time)

    (-w, --follow)

    Also on systems with systemd you can use:

    $ journalctl -kf
    • 24

  2. My version of logging users, script in crontab every 3 minutes. If inactivity less then 180 seconds, nothing doing, else appending to a log file.

    wg show all dump | grep 10.0 | awk 'BEGIN {}; {if (systime()-$6 <180 ) print strftime("%m-%d-%Y %H:%M:%S", systime()),$5, $4, (systime()-$6) "sec" } ; END {}' >> /var/log/wg.log

    Note: Searching for 10.0 in the output, because that is what IP addresses in my private network start with.

    • 0