edit: after the first comment, I adapted the question
When adding a rule in GUFW/Advanced there are three choices for logging. From the man ufw page/sectin LOGGING i learned
- do not log - log nothing
- log - logs all blocked packets for that rule and maybe new/invalid packets. There is a rate limiting
- log-all - logs all packets with rate limit
As ufw has the log levels (off/low/medium/high/full) its not clear what the mapping is, but it seems sure that everything beside "off" should log all packets that are caught by the rule where log is set.
According to man ufw logging goes into the syslog together with a lot of other suff. So naturally I would expect the GUI Log page to show those log entries.
However, I did not manage to get any packet log entries listed in the Log pane. How can that be done?
The GUI does not show the log.
The log goes to the journal. You can see it best with the console command
This shows the acutal added log entries. Here an allowed outgoing connection to remote IP 151.101.1.69 with TCP on port 443. You can use this to fine-tune the firewall settings, e.g. when you want to restrict outgoing traffic as well.
The log level should be set to "low" using the following command because the logs quickly grow to several gigabytes.