Just to add to @cprofitt's answer, I had an issue where UFW was showing:
sudo ufw status verbose
Status: active
Logging: on (low)
But it was not logging. I went through several gyrations, including disable/re-enabling ufw. Checking rsyslog conf, restarting rsyslog. All without any positive results. Still nothing going to the logfile.
I did a sudo ufw logging low and logs started growing once again. So ufw was obviously in some state where it would not write to the logs.
@Carlo Wood, the gentleman who after 8 years still did not get this resolved.
touch /var/log/ufw.log
Cycle ufw for good measure and/or adjust perms in the file. Additionally, as mentioned above, do 'ufw status medium' (or whatever) to confirm it's logging now, and then adjust if you want more or less.
Let me know if it's working. I had the same problem, but was able to fix it in minutes after reading this thread and doing what i mentioned in this post.
Note to developer: (if they should see this). on fresh installation of ubuntu 20.04 the /var/log/ufw.log doesn't exist. this problem is easily fixed and won't see issues about it if ufw.log is simply created as part of the OS installation process. my thought is it was either overlooked, or was not low enough lying fruit... either way i have seen this issue before and it's always solved by 'touch /var/log/ufw.log'
Update: I realized I was assuming too much. /var/log/ufw.log should be created on enabling of ufw (as opposed to mega kludge above on creating at OS installation time.
If you installed Ubuntu server minimal you will get something that responds to the ufw command, but it is missing all of its configuration in /etc/ufw. Until I executed apt install ufw, the log entries were directed to /var/log/syslog.
I also installed rsyslog as one of the answers here in this thread recommend, but it didn't help me that much until I restarted rsyslog AFTER installing ufw properly. Why? In /etc/rsyslog.d/ you might see a ufw conf file (mine was named 20-ufw.conf) that splits out the UFW messages into their own file. Since that file wasn't put there in the minimal install, all entries end up in syslog. After doing the ufw install, restarting rsyslog causes it to read the configuration and start putting entries into /var/log/ufw.log
Once I did that, all the things discussed about ufw out on the internet and in this thread started working. Pretty frustrating, but I did install minimal!
Here are some links to the 20.04 ufw man pages. Your favorite search providers might not list them in your results. Reading these really helped me figure out what was happening.
The log files are in
/var/log/. To get a list of UFW related logs run the following at the command line:Your results should appear like this:
If you do not have logs there you may want to double check the status and settings for UFW.
You should get a result like this:
If logging is off then you need to turn it on by running the following command:
If you do not have any log files then you can check to see if rsyslogd is running by typing:
You should get a result as follows:
If it does not show that it is running you can try to start the service:
last time i checked the log file for ufw it was in the
folder, with a lot of other files
Just to add to @cprofitt's answer, I had an issue where UFW was showing:
But it was not logging. I went through several gyrations, including disable/re-enabling ufw. Checking rsyslog conf, restarting rsyslog. All without any positive results. Still nothing going to the logfile.
I did a
sudo ufw logging lowand logs started growing once again. So ufw was obviously in some state where it would not write to the logs.I deleted the empty /var/log/ufw.log file, restarted and ufw began logging.
@Carlo Wood, the gentleman who after 8 years still did not get this resolved.
Cycle
ufwfor good measure and/or adjust perms in the file. Additionally, as mentioned above, do 'ufw status medium' (or whatever) to confirm it's logging now, and then adjust if you want more or less.Let me know if it's working. I had the same problem, but was able to fix it in minutes after reading this thread and doing what i mentioned in this post.
Note to developer: (if they should see this). on fresh installation of ubuntu 20.04 the
/var/log/ufw.logdoesn't exist. this problem is easily fixed and won't see issues about it if ufw.log is simply created as part of the OS installation process. my thought is it was either overlooked, or was not low enough lying fruit... either way i have seen this issue before and it's always solved by 'touch /var/log/ufw.log'Update: I realized I was assuming too much.
/var/log/ufw.logshould be created on enabling of ufw (as opposed to mega kludge above on creating at OS installation time.I had the same problem. In my case, none of the above suggestions was helpful. I could resolve the issue in the way described on Stackoverflow: https://stackoverflow.com/questions/42374494/ubuntu-16-ufw-not-logging-in-var-log-ufw-log-neither-another-location/42388079#42388079.
To make things easier:
/etc/rsyslog.confmodule(load="imklog")# provides kernel logging supportsudo service rsyslog restartLogging like a charm since then.
If you installed Ubuntu server minimal you will get something that responds to the ufw command, but it is missing all of its configuration in /etc/ufw. Until I executed
apt install ufw, the log entries were directed to /var/log/syslog.I also installed rsyslog as one of the answers here in this thread recommend, but it didn't help me that much until I restarted
rsyslogAFTER installing ufw properly. Why? In/etc/rsyslog.d/you might see a ufw conf file (mine was named20-ufw.conf) that splits out the UFW messages into their own file. Since that file wasn't put there in the minimal install, all entries end up in syslog. After doing the ufw install, restarting rsyslog causes it to read the configuration and start putting entries into/var/log/ufw.logOnce I did that, all the things discussed about ufw out on the internet and in this thread started working. Pretty frustrating, but I did install minimal!
Here are some links to the 20.04 ufw man pages. Your favorite search providers might not list them in your results. Reading these really helped me figure out what was happening.
https://manpages.ubuntu.com/manpages/focal/en/man8/ufw.8.html https://manpages.ubuntu.com/manpages/focal/en/man8/ufw-framework.8.html
I hope this helps.