ufw没有在任何位置上记录。
UFW配置:
root@localhost:/var/log# ufw status verbose
Status: active
Logging: on (full)
Default: deny (incoming), allow (outgoing), deny (routed)
New profiles: skip
To Action From
-- ------ ----
2022/tcp ALLOW IN Anywhere
80 ALLOW IN Anywhere
2022/tcp (v6) ALLOW IN Anywhere (v6)
80 (v6) ALLOW IN Anywhere (v6)
root@localhost:/var/log#
rsyslog配置:
root@localhost:/var/log# service rsyslog status
● rsyslog.service - System Logging Service
Loaded: loaded (/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2017-02-21 18:43:33 CET; 5min ago
Docs: man:rsyslogd(8)
http://www.rsyslog.com/doc/
Main PID: 283 (rsyslogd)
CGroup: /system.slice/rsyslog.service
└─283 /usr/sbin/rsyslogd -n
Feb 21 18:43:33 localhost systemd[1]: Starting System Logging Service...
Feb 21 18:43:33 localhost systemd[1]: Started System Logging Service.
root@localhost:/var/log#
root@localhost:/var/log# cat /etc/rsyslog.d/20-ufw.conf
# Log kernel generated UFW log messages to file
:msg,contains,"[UFW " /var/log/ufw.log
# Uncomment the following to stop logging anything that matches the last rule.
# Doing this will stop logging kernel generated UFW log messages to the file
# normally containing kern.* messages (eg, /var/log/kern.log)
#& stop
没有/var/log/ufw.log文件,也没有任何对ufw in/var/log/syslog nor/var/log/kern.log中的提及(最后一个不存在)
为什么UFW不记录?
在:https://superuser.com/questions/803996/no-kernel-messages-are-messages-are-logged-to-kern-log
编辑/etc/rsyslog.conf
和未点击行:
module(load="imklog") # provides kernel logging support
然后,sudo service rsyslog restart
这里的实际问题似乎是一个权限问题。Syslog用户确实无权在/var/log中创建文件。
日志目录属于Syslog组组的权限设置为读/执行。结果,rsyslogd是无法在目录中创建新文件,但可以更新/写入现有具有适当组权限的文件。
因此,请修复整个文件夹的权限,或者只是:
touch /var/log/ufw.log && chown syslog:syslog /var/log/ufw.log