Preventing UFW from using syslog as the default logging file

By default, UFW logs its activities to the syslog, but in certain scenarios, you may want to prevent it from doing so and use a different logging file instead.

When it comes to securing your Linux system, the Uncomplicated Firewall (UFW) is a popular choice for managing network traffic. By default, UFW logs its activities to the system log file, commonly known as syslog. While syslog is a convenient option for many users, it may not always be the ideal choice, especially in situations where you want more control over the firewall logs or prefer to use a dedicated log file.

Method 1: Disable all logging

To prevent UFW from logging anything at all, follow these steps:

Step 1: Open the UFW configuration file:

$ sudo nano /etc/ufw/ufw.conf

Step 2: Locate the following line in the file:

#ENABLE_LOGGING="yes"

Step 3: Uncomment the line by removing the "#" symbol at the beginning and change the value to "no" as follows:

ENABLE_LOGGING="no"

Step 4: Save the changes and exit the editor.

If you want UFW to use a different log file instead of syslog, you can configure it to do so. Here's how:

Step 1: Create a new log file (in case it doesn't exists):

$ sudo touch /var/log/ufw.log
$ sudo chown syslog:adm /var/log/ufw.log

Step 2: Open the rsyslog configuration file:

$ sudo nano /etc/rsyslog.d/20-ufw.conf

Step 3: Uncomment the last line and match the following fragment:

# Uncomment the following to stop logging anything that matches the last rule.
# Doing this will stop logging kernel generated UFW log messages to the file
# normally containing kern.* messages (eg, /var/log/kern.log)
& stop

That's it!

By default, UFW logs its activities to the syslog, but in certain scenarios, you may want to prevent it from doing so and use a different logging file instead. This gives you more control over the firewall logs and allows for better integration with your log management system. Remember to choose a log file location that is easily accessible and properly secured to ensure the confidentiality and integrity of your firewall logs.

Clicky