Enabling Logs with firewalld
Even if your distro comes pre-installed with firewalld, the logging is disabled by default. Sure, the service is up and running but won't capture any log to suggest who's trying to get inside of your network.
Strange but true.
So in this tutorial, I will walk you through two ways to enable logging in firewalld:
- Using the configuration file
- Using the
firewall-cmd
command (easy and quick)
How to enable logging in firewalld using the configuration file
To enable logging in firewalld, open the firewalld.conf
file using the following command:
sudo nano /etc/firewalld/firewalld.conf
Once you open the configuration file through the above command, find the following line:
LogDenied=off
Change it with the desired logging level:
LogDenied=<Logging_level>
You get 4 different logging levels:
all
: Logs all dropped packets (unicast, broadcast, multicast).unicast
: Records packets of only one-to-one communication.broadcast
: Logs packets of only one-to-many communication.multicast
: Records packets of only one-to-many communications but only for a specific group.
For example, if you want to change your logging level to all
, then you'll be using the following:
LogDenied=all
Once done, save changes and exit from the nano editor.
But to take effect from the changes you've made, you'd need to reload the firewall using the following command:
sudo firewall-cmd --reload
How to enable logging using the firewall-cmd
command
This is the easiest way to enable logging as you don't have to deal with the configuration files. Execute one command and that's it.
To use the firewall-cmd
command to enable logging, it needs to be executed in the following manner:
sudo firewall-cmd --set-log-denied=<Logging_level>
For example, if I want to set my logging level to broadcast
, then I'll be using the following:
sudo firewall-cmd --set-log-denied=broadcast
Once done, you can check the current logging level using the following:
sudo firewall-cmd --get-log-denied
Wrapping Up...
In this quick tutorial, I went through how you can enable firewalld logging using two different methods.
I'm in favor of the first method as I love to set things manually in the configuration so I can be more aware of the tweaks I make to the system. But that's totally up to you.
I hope you will find this guide helpful.