14

I've successfully set up a WireGuard VPN on my Debian 10 server. It was incredibly straight forward compared to the setup of OpenVPN, and it's working fine.

However, I can't see any logs beyond those from journalctl -u wg-quick@wg0.service. I'd like to know, for example, when there are failed authentication attempts. Is there a way to monitor that? e.g. with openvpn I could use fail2ban based on auth attempts.

artfulrobot
  • 2,547
  • 11
  • 30
  • 55

1 Answers1

18

Assuming you are running a 5.6 kernel which supports dynamic debugging, you can enable debug logs by executing:

# modprobe wireguard 
# echo module wireguard +p > /sys/kernel/debug/dynamic_debug/control

The logs can than be consumed via dmesg or journalctl. With dmesg, just use following command:

$ dmesg -wH

(-H, --human enables user-friendly features like colors, relative time)

(-w, --follow)

Also on systems with systemd you can use:

$ journalctl -kf
Andrew Schulman
  • 8,341
  • 21
  • 29
  • 46
Henrik Pingel
  • 8,386
  • 2
  • 23
  • 38
  • Alas I'm on Debian buster 4.19 kernel. Thanks though. – artfulrobot Jun 07 '20 at 13:50
  • @artfulrobot The newer kernel version could be installed easily via the buster-backports channel if you don't mind a reboot. – Arnie97 Aug 06 '20 at 07:04
  • How do you reverse `+p` thing once I'm done? I'm trying to debug a WireGuard client issue, how do I point `journalctl` to consume the appropriate log? – Oxwivi Mar 08 '21 at 07:53
  • 3
    For CONFIG_DYNAMIC_DEBUG kernels, any settings given at boot-time (or enabled by -DDEBUG flag during compilation) can be disabled later via the sysfs interface if the debug messages are no longer needed: `echo "module module_name -p" > /dynamic_debug/control`. You can read the docs [here](https://www.kernel.org/doc/html/v4.11/admin-guide/dynamic-debug-howto.html) – Henrik Pingel Mar 08 '21 at 10:01
  • worth mentioning that in minimal setups or containers you may need to enable the `debugfs` via `sudo mount -t debugfs none /sys/kernel/debug/` – Treviño Dec 03 '21 at 13:27