Hi,
I'm experimenting with FreeBSD's 14.1's wireguard implementation.
So far i've been quite satisfied with using it locally (over an
unsecured network). I would like to set up a PoC using wg as a VPN
provider (replacing openvpn) next.
Before opening wireguard endpoints up for global connectivity I would
like wireguard logs to be parsed by something like Fail2ban (so I can
have pf ward off baddies). I've managed to get wireguards' logs into
/var/log/messages by issueing:
/sbin/ifconfig wg0 debug
Since they are quite verbose and are polluting /var/log/messages, I'd
like for them to land in /var/ramdisk_log/wireguard.log instead. I've
instructing newsyslog to create the logfile :
[root@system:/]# cat /var/ramdisk_log/wireguard.log
Sep 17 00:27:36 system newsyslog[55203]: logfile first created
[root@system:/]# ls -laht /var/ramdisk_log/wireguard.log
-rw-rw---- 1 root wheel 66B Sep 17 00:27 /var/ramdisk_log/wireguard.log
[root@system:/]#
and have since attempted to redirect the "wg0" logs to
/var/ramdisk_log/wireguard.log by using these syslog includes:
:msg, contains, ".*wg0: .*"
*.* /var/ramdisk_log/wireguard.log
and
:msg, regex, "wg[0-9]{1,2}\:\ "
*.* /var/ramdisk_log/wireguard.log
Unfortunately, the includes are not redirecting the wg0 logs to my
preferred location (the includes are placed in
/etc/syslog.d/wireguard.conf which is parsed by syslogd) and I'm out of
ideas / logs on how to further troubleshoot why the logstream doesn't
get redirected :(
Im hoping somebody - a little better versed in syslog - could provide me
with some insights / pointers...
Feedback appreciated!
ruben
