Page MenuHomeVyOS Platform

Improving Firewall Logs
Open, WishlistPublic

Description

Hi, are there already plans to improve the firewall logging? Especially now, after the refactor? Further, I'm seeing 3 specific improvements which could be done to it, espcially for troubleshooting:

  1. Store all of the FW logs in a separate file (for example in / var/ log/ firewall instead of /var /log /messages via 'kernel'). In the docs, this problem has been adressed for some time now...
  1. Ability to set specific log-files for certain rules. For example in troubleshootings: set firewall ipv4 forward filter rule 20 log-options file 'access-XY-troubleshooting'
  1. Ability to activate / deactivate default-logging for the new default forwarding/input/output-chains (eg. set firewall ipv4 forwarding filter enable-default-logging)

I'm not too familiar with any obvious restricitions that may exist in nftables tbh., nor could I find any information on this in the forums, dev-portal, docs etc. so please forgive obvious misses.

Also, just for info: creating the task and mentioning the path "/ var/ logs/ messages" without the spaces triggers the cloudflare WAF

Details

Version
-
Is it a breaking change?
Unspecified (possibly destroys the router)