Preventing UFW from using syslog as the default logging file

When it comes to securing your Linux system, the Uncomplicated Firewall (UFW) is a popular choice for managing network traffic. By default, UFW logs its activities to the system log file, commonly known as syslog. While syslog is a convenient option for many users, it may not always be the ideal choice, especially in situations where you want more control over the firewall logs or prefer to use a dedicated log file.

Method 1: Disable all logging

To prevent UFW from logging anything at all, follow these steps:

Step 1: Open the UFW configuration file:

$ sudo nano /etc/ufw/ufw.conf

Step 2: Locate the following line in the file:

#ENABLE_LOGGING="yes"

Step 3: Uncomment the line by removing the "#" symbol at the beginning and change the value to "no" as follows:

ENABLE_LOGGING="no"

Step 4: Save the changes and exit the editor.

Method 2: Use a different log file (recommended)

If you want UFW to use a different log file instead of syslog, you can configure it to do so. Here's how:

Step 1: Create a new log file (in case it doesn't exists):

$ sudo touch /var/log/ufw.log
$ sudo chown syslog:adm /var/log/ufw.log

Step 2: Open the rsyslog configuration file:

$ sudo nano /etc/rsyslog.d/20-ufw.conf

Step 3: Uncomment the last line and match the following fragment:

# Uncomment the following to stop logging anything that matches the last rule.
# Doing this will stop logging kernel generated UFW log messages to the file
# normally containing kern.* messages (eg, /var/log/kern.log)
& stop

That's it!

By default, UFW logs its activities to the syslog, but in certain scenarios, you may want to prevent it from doing so and use a different logging file instead. This gives you more control over the firewall logs and allows for better integration with your log management system. Remember to choose a log file location that is easily accessible and properly secured to ensure the confidentiality and integrity of your firewall logs.