UFW Log – How To Check Firewall Logs in Ubuntu

Ubuntu saves information from the Firewall to ufw.log in the /var/log/ directory. The full path to the ufw log is /var/log/ufw.log.

There are a couple of commands that you can use to check the UFW log. The most useful one is the tail command which shows the last ten lines of the log by default.

tail /var/log/ufw.log

To check the firewall log in realtime, run the tail -f, as follows:

tail -f /var/log/ufw.log

Use the -n option to view a specific number of lines:

tail -n 1 /var/log/ufw.log

If you want to read the entire log, then use the less command as follows:

less /var/log/ufw.log

To filter the firewall logs, use the grep command:

grep -i allow /var/log/ufw.log

Logging Levels

The default logging level is low, which logs all blocked packets and packets matching logged rules.

Ubuntu Firewall supports the following logging levels: off, low, medium, high, and full.

Use the ufw logging command to change the log level:

ufw logging medium

For more information about these options, run the man ufw command.