Wireguard: how to log network activity?

Question

How to enable network activity logging in wireguard?

I searched for ways to view the logs on the server but don't see anything under /var/log.

As it's running as a systemd service I can see some minimal info with

sudo systemctl status wg-quick@wg0

but this provides very little info.

Also tried:

journalctl -u wg-quick@wg0

but this does not show much more than the previous command.

Ideally I would like to be able to see peer connections and (optionally) the requests that are being made.

So far the only helpful diagnostic command I've found is sudo wg show wg0 (or just sudo wg) but I wish there was a way to increase the verbosity level and have it display in real time.

Update:

It is possible to get some sense of what connections are initiated by using third-party network tools such as tcpdump | grep 10.66.66 (given that the tunnel is set up on 10.66.66.x) and nethogs, but that still does not answer the question how to do it directly via wireguard.

Answer 1

If all you need is peer "connection", i wrote this: https://github.com/nikaro/wirelogd

Wirelogd is a logging daemon for WireGuard. Since WireGuard itself does not log the state of its peers (and since it is UDP based so there is no concept of "connection state"), Wirelogd relies on the latest handshake to determine if a peer is active or inactive. While there is trafic the handshake should be renewed every 2 minutes. If there is no trafic handshake is not renewed. Based on this behavior we assume that if there is no new handshake after a while (default Wirelogd timeout value is 5 minutes), the client is probably inactive.

Answer 2

My version of logging users, script in crontab every 3 munutes (10.0 - your private network). If inactivity less then 180 sec, nothing doing, else writing to log

wg show all dump | grep 10.0 | awk 'BEGIN {}; {if (systime()-$6 <180 ) print strftime("%m-%d-%Y %H:%M:%S", systime()),$5, $4, (systime()-$6) "sec" } ; END {}' >> /var/log/wg.log

Answer 3

From kernel 5.6 on, you can use dynamic debugging feature like this:

# modprobe wireguard 
# echo module wireguard +p > /sys/kernel/debug/dynamic_debug/control

Then you can just use dmesg or journalctl to see the results with commands like dmesg -wH(-w follow, -H human readable) or journalctl -kf.
Your kernel should be compiled with CONFIG_DYNAMIC_DEBUG flag, you can check by looking at files like /boot/config-$(uname -r) or /proc/config.gz or /boot/config(taken from [here])(https://superuser.com/questions/287371/obtain-kernel-config-from-currently-running-linux-system)

Based on this answer