Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 29

Thread: ufw.log missing?

  1. #11
    Join Date
    Aug 2016
    Location
    Wandering
    Beans
    Hidden!
    Distro
    Xubuntu Development Release

    Re: ufw.log missing?

    Quote Originally Posted by g3kxyz View Post
    I see the following in nano /etc/rsyslog.d/20-ufw.conf

    Code:
    # Log kernel generated UFW log messages to file
    :msg,contains,"[UFW " /var/log/ufw.log
    
    
    # Uncomment the following to stop logging anything that matches the last rule.
    # Doing this will stop logging kernel generated UFW log messages to the file
    # normally containing kern.* messages (eg, /var/log/kern.log)
    #& stop
    Ok Great try with this then add to the bottom:

    Code:
    tail -1 /etc/rsyslog.d/20-ufw.conf 
    & stop
    Then restart rsyslog:
    Code:
    sudo systemctl restart rsyslog
    And now they should be in /var/log/ufw.log and not in /var/log/syslog anymore
    Last edited by 1fallen; December 27th, 2017 at 10:40 PM. Reason: Fixed Code spotted by QIII
    With realization of one's own potential and self-confidence in one's ability, one can build a better world.
    Dalai Lama>>
    Code Tags | System-info | Forum Guide lines | Arch Linux, Debian Unstable, FreeBSD

  2. #12
    Join Date
    Jan 2017
    Location
    IA
    Beans
    20
    Distro
    Ubuntu 18.04 Bionic Beaver

    Re: ufw.log missing?

    Added it exactly as you said

    nano /etc/rsyslog.d/20-ufw.conf

    Code:
    # Log kernel generated UFW log messages to file:msg,contains,"[UFW " /var/log/ufw.log
    
    
    # Uncomment the following to stop logging anything that matches the last rule.
    # Doing this will stop logging kernel generated UFW log messages to the file
    # normally containing kern.* messages (eg, /var/log/kern.log)
    #& stop
    
    
    $ tail -1 /etc/rsyslog.d/20-ufw.conf
    & stop
    restarted with
    Code:
    sudo systemctl restart rsyslog
    but now I see this in /var/log/syslog
    Code:
    Dec 27 15:18:20 apollo systemd[1]: Starting System Logging Service...
    Dec 27 15:18:20 apollo rsyslogd-2039: Could not open output pipe '/dev/xconsole':: No such file or directory [v8.16.0 try http://www.rsyslog.com/e/2039 ]
    Dec 27 15:18:20 apollo systemd[1]: Started System Logging Service.
    Dec 27 15:18:20 apollo rsyslogd-2007: action 'action 11' suspended, next retry is Wed Dec 27 15:18:50 2017 [v8.16.0 try http://www.rsyslog.com/e/2007 ]
    Dec 27 15:18:20 apollo rsyslogd-3003: invalid or yet-unknown config file command 'KLogPermitNonKernelFacility' - have you forgotten to load a module? [v8.16.0 try http://www.rsyslog.com/e/3003 ]
    Dec 27 15:18:20 apollo rsyslogd-2207: error during parsing file /etc/rsyslog.d/20-ufw.conf, on or before line 9: invalid character '$' - is there an invalid escape sequence somewhere? [v8.16.0 try http://www.rsyslog.com/e/2207 ]
    Dec 27 15:18:20 apollo rsyslogd-2184: action 'tail' treated as ':omusrmsg:tail' - please use ':omusrmsg:tail' syntax instead, 'tail' will not be supported in the future [v8.16.0 try http://www.rsyslog.com/e/2184 ]
    Dec 27 15:18:20 apollo rsyslogd-2207: error during parsing file /etc/rsyslog.d/20-ufw.conf, on or before line 9: warnings occured in file '/etc/rsyslog.d/20-ufw.conf' around line 9 [v8.16.0 try http://www.rsyslog.com/e/2207 ]
    Dec 27 15:18:20 apollo rsyslogd-2207: error during parsing file /etc/rsyslog.d/20-ufw.conf, on or before line 9: errors occured in file '/etc/rsyslog.d/20-ufw.conf' around line 9 [v8.16.0 try http://www.rsyslog.com/e/2207 ]
    Dec 27 15:18:20 apollo rsyslogd: rsyslogd's groupid changed to 111
    Dec 27 15:18:20 apollo rsyslogd: rsyslogd's userid changed to 106
    Dec 27 15:18:38 apollo rsyslogd: [origin software="rsyslogd" swVersion="8.16.0" x-pid="4719" x-info="http://www.rsyslog.com"] exiting on signal 15.
    Dec 27 15:18:38 apollo rsyslogd: [origin software="rsyslogd" swVersion="8.16.0" x-pid="4726" x-info="http://www.rsyslog.com"] start
    Dec 27 15:18:38 apollo rsyslogd-3003: invalid or yet-unknown config file command 'KLogPermitNonKernelFacility' - have you forgotten to load a module? [v8.16.0 try http://www.rsyslog.com/e/3003 ]
    Dec 27 15:18:38 apollo rsyslogd-2207: error during parsing file /etc/rsyslog.d/20-ufw.conf, on or before line 9: invalid character '$' - is there an invalid escape sequence somewhere? [v8.16.0 try http://www.rsyslog.com/e/2207 ]
    Dec 27 15:18:38 apollo rsyslogd-2184: action 'tail' treated as ':omusrmsg:tail' - please use ':omusrmsg:tail' syntax instead, 'tail' will not be supported in the future [v8.16.0 try http://www.rsyslog.com/e/2184 ]
    Dec 27 15:18:38 apollo rsyslogd-2207: error during parsing file /etc/rsyslog.d/20-ufw.conf, on or before line 9: warnings occured in file '/etc/rsyslog.d/20-ufw.conf' around line 9 [v8.16.0 try http://www.rsyslog.com/e/2207 ]
    Dec 27 15:18:38 apollo rsyslogd-2207: error during parsing file /etc/rsyslog.d/20-ufw.conf, on or before line 9: errors occured in file '/etc/rsyslog.d/20-ufw.conf' around line 9 [v8.16.0 try http://www.rsyslog.com/e/2207 ]
    Dec 27 15:18:38 apollo rsyslogd: rsyslogd's groupid changed to 111
    Dec 27 15:18:38 apollo rsyslogd: rsyslogd's userid changed to 106
    if I do this at term # /var/log# grep ufw syslog

    it gives me this below
    Code:
    Dec 26 19:40:25 apollo ufw-init[52]: modprobe: ERROR: ../libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file '/lib/modules/2.6.32-042stab126.1/modules.dep.bin'
    Dec 26 19:40:25 apollo ufw-init[52]: modprobe: FATAL: Module nf_conntrack_ftp not found in directory /lib/modules/2.6.32-042stab126.1
    Dec 26 19:40:25 apollo ufw-init[52]: modprobe: ERROR: ../libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file '/lib/modules/2.6.32-042stab126.1/modules.dep.bin'
    Dec 26 19:40:25 apollo ufw-init[52]: modprobe: FATAL: Module nf_nat_ftp not found in directory /lib/modules/2.6.32-042stab126.1
    Dec 26 19:40:25 apollo ufw-init[52]: modprobe: ERROR: ../libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file '/lib/modules/2.6.32-042stab126.1/modules.dep.bin'
    Dec 26 19:40:25 apollo ufw-init[52]: modprobe: FATAL: Module nf_conntrack_netbios_ns not found in directory /lib/modules/2.6.32-042stab126.1
    Dec 26 19:40:25 apollo ufw-init[52]: sysctl: permission denied on key 'net.ipv4.tcp_sack'
    Dec 27 15:18:20 apollo rsyslogd-2207: error during parsing file /etc/rsyslog.d/20-ufw.conf, on or before line 9: invalid character '$' - is there an invalid escape sequence somewhere? [v8.16.0 try http://www.rsyslog.com/e/2207 ]
    Dec 27 15:18:20 apollo rsyslogd-2207: error during parsing file /etc/rsyslog.d/20-ufw.conf, on or before line 9: warnings occured in file '/etc/rsyslog.d/20-ufw.conf' around line 9 [v8.16.0 try http://www.rsyslog.com/e/2207 ]
    Dec 27 15:18:20 apollo rsyslogd-2207: error during parsing file /etc/rsyslog.d/20-ufw.conf, on or before line 9: errors occured in file '/etc/rsyslog.d/20-ufw.conf' around line 9 [v8.16.0 try http://www.rsyslog.com/e/2207 ]
    Dec 27 15:18:38 apollo rsyslogd-2207: error during parsing file /etc/rsyslog.d/20-ufw.conf, on or before line 9: invalid character '$' - is there an invalid escape sequence somewhere? [v8.16.0 try http://www.rsyslog.com/e/2207 ]
    Dec 27 15:18:38 apollo rsyslogd-2207: error during parsing file /etc/rsyslog.d/20-ufw.conf, on or before line 9: warnings occured in file '/etc/rsyslog.d/20-ufw.conf' around line 9 [v8.16.0 try http://www.rsyslog.com/e/2207 ]
    Dec 27 15:18:38 apollo rsyslogd-2207: error during parsing file /etc/rsyslog.d/20-ufw.conf, on or before line 9: errors occured in file '/etc/rsyslog.d/20-ufw.conf' around line 9 [v8.16.0 try http://www.rsyslog.com/e/2207 ]
    Dec 27 15:23:10 apollo rsyslogd-2207: error during parsing file /etc/rsyslog.d/20-ufw.conf, on or before line 9: warnings occured in file '/etc/rsyslog.d/20-ufw.conf' around line 9 [v8.16.0 try http://www.rsyslog.com/e/2207 ]
    Dec 27 15:23:10 apollo rsyslogd-2207: error during parsing file /etc/rsyslog.d/20-ufw.conf, on or before line 9: errors occured in file '/etc/rsyslog.d/20-ufw.conf' around line 9 [v8.16.0 try http://www.rsyslog.com/e/2207 ]
    Last edited by g3kxyz; December 27th, 2017 at 09:28 PM.

  3. #13
    Join Date
    Jan 2017
    Location
    IA
    Beans
    20
    Distro
    Ubuntu 18.04 Bionic Beaver

    Re: ufw.log missing?

    Something tells me it hasn't been logging [UFW in the /var/log/syslog file either because I can't find any traces of it there.

  4. #14
    Join Date
    Jan 2017
    Location
    IA
    Beans
    20
    Distro
    Ubuntu 18.04 Bionic Beaver

    Re: ufw.log missing?

    I found the [UFW BLOCK] logs by typing dmesg in terminal so for some reason they are logging to dmesg instead.

    I'm not exactly sure how to change this logging behavior.

  5. #15
    Join Date
    Aug 2016
    Location
    Wandering
    Beans
    Hidden!
    Distro
    Xubuntu Development Release

    Re: ufw.log missing?

    Something is syntactically wrong with the mentioned config file, so that further interpretation is impossible. The error most often actually is on the quoted line, or at least very close in front of it. A syntax error can be caused by invalid spelling of RainerScript commands, e.g. "stopp" instead of the correct "stop".
    But yours looks good from here?
    Hope you kept that terminal open lets try this instead then remove those 2 lines and instead add this to the Top this time:
    Code:
    :msg, contains, "UFW" -/var/log/ufw.log
    & ~
    you already have this ":msg,contains,"[UFW " /var/log/ufw.log"
    Just a:
    Code:
    & ~
    Save and restart:
    Code:
    sudo systemctl restart rsyslog
    Now look at all data that contains "UFW" in /var/log/ufw.log
    With realization of one's own potential and self-confidence in one's ability, one can build a better world.
    Dalai Lama>>
    Code Tags | System-info | Forum Guide lines | Arch Linux, Debian Unstable, FreeBSD

  6. #16
    Join Date
    Jul 2008
    Location
    The Left Coast of the USA
    Beans
    Hidden!
    Distro
    Kubuntu

    Re: ufw.log missing?

    I think the issue is here:

    Code:
    Dec 27 15:18:38 apollo rsyslogd-2207: error during parsing file /etc/rsyslog.d/20-ufw.conf, on or before line 9: invalid character '$' - is there an invalid escape sequence somewhere? [v8.16.0 try http://www.rsyslog.com/e/2207 ]
    Try replacing

    Code:
    $ tail -1 /etc/rsyslog.d/20-ufw.conf
    in 20-ufw.conf with

    Code:
    tail -1 /etc/rsyslog.d/20-ufw.conf
    Let us know if that helps.
    Please read The Forum Rules and The Forum Posting Guidelines

    A thing discovered and kept to oneself must be discovered time and again by others. A thing discovered and shared with others need be discovered only the once.
    This universe is crazy. I'm going back to my own.

  7. #17
    Join Date
    Jan 2017
    Location
    IA
    Beans
    20
    Distro
    Ubuntu 18.04 Bionic Beaver

    Re: ufw.log missing?

    Now the file looks like this

    Code:
    # Log kernel generated UFW log messages to file:msg,contains,"[UFW " /var/log/ufw.log
    & ~
    
    
    # Uncomment the following to stop logging anything that matches the last rule.
    # Doing this will stop logging kernel generated UFW log messages to the file
    # normally containing kern.* messages (eg, /var/log/kern.log)
    #:msg, contains, "UFW" -/var/log/ufw.log
    
    
    #& stop
    restarted rsyslog

    No change in /var/log
    Code:
    root@apollo:/var/log# ls
    alternatives.log  apt       btmp             dmesg     faillog         fsck     mail.log  php7.0-fpm.log  syslog      wtmp
    apache2           auth.log  dbconfig-common  dpkg.log  fontconfig.log  lastlog  mysql     samba           vsftpd.log
    Still see a ton of [UFW BLOCK] in dmesg. My guess is iptables is doing the logging.

  8. #18
    Join Date
    Aug 2016
    Location
    Wandering
    Beans
    Hidden!
    Distro
    Xubuntu Development Release

    Re: ufw.log missing?

    Quote Originally Posted by QIII View Post
    I think the issue is here:

    Code:
    Dec 27 15:18:38 apollo rsyslogd-2207: error during parsing file /etc/rsyslog.d/20-ufw.conf, on or before line 9: invalid character '$' - is there an invalid escape sequence somewhere? [v8.16.0 try http://www.rsyslog.com/e/2207 ]
    Try replacing

    Code:
    $ tail -1 /etc/rsyslog.d/20-ufw.conf
    in 20-ufw.conf with

    Code:
    tail -1 /etc/rsyslog.d/20-ufw.conf
    Let us know if that helps.
    Good Spot QIII +1
    I tell ya I'm going Blind...LOL

    Quote Originally Posted by g3kxyz View Post
    Now the file looks like this

    Code:
    # Log kernel generated UFW log messages to file:msg,contains,"[UFW " /var/log/ufw.log
    & ~
    
    
    # Uncomment the following to stop logging anything that matches the last rule.
    # Doing this will stop logging kernel generated UFW log messages to the file
    # normally containing kern.* messages (eg, /var/log/kern.log)
    #:msg, contains, "UFW" -/var/log/ufw.log
    
    
    #& stop
    restarted rsyslog

    No change in /var/log
    Code:
    root@apollo:/var/log# ls
    alternatives.log  apt       btmp             dmesg     faillog         fsck     mail.log  php7.0-fpm.log  syslog      wtmp
    apache2           auth.log  dbconfig-common  dpkg.log  fontconfig.log  lastlog  mysql     samba           vsftpd.log
    Still see a ton of [UFW BLOCK] in dmesg. My guess is iptables is doing the logging.
    Yep that to be expected wrong syntax should look like this:
    Code:
    :msg, contains, "UFW" -/var/log/ufw.log
    & ~
    But try with the new syntax QIII picked out!
    With realization of one's own potential and self-confidence in one's ability, one can build a better world.
    Dalai Lama>>
    Code Tags | System-info | Forum Guide lines | Arch Linux, Debian Unstable, FreeBSD

  9. #19
    Join Date
    Jan 2017
    Location
    IA
    Beans
    20
    Distro
    Ubuntu 18.04 Bionic Beaver

    Re: ufw.log missing?

    right now 20-ufw.conf contains the following

    Code:
    # Log kernel generated UFW log messages to file
    :msg,contains,"[UFW " /var/log/ufw.log
    
    
    # Uncomment the following to stop logging anything that matches the last rule.
    # Doing this will stop logging kernel generated UFW log messages to the file
    # normally containing kern.* messages (eg, /var/log/kern.log)
    
    
    tail -1 /etc/rsyslog.d/20-ufw.conf
    & stop
    is that what u want me to try?

  10. #20
    Join Date
    Aug 2016
    Location
    Wandering
    Beans
    Hidden!
    Distro
    Xubuntu Development Release

    Re: ufw.log missing?

    Yes Please.
    With realization of one's own potential and self-confidence in one's ability, one can build a better world.
    Dalai Lama>>
    Code Tags | System-info | Forum Guide lines | Arch Linux, Debian Unstable, FreeBSD

Page 2 of 3 FirstFirst 123 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •