UFW Log – How To Check Firewall Logs in Ubuntu
Ubuntu saves information from the Firewall to ufw.log
in the /var/log/
directory. The full path to the ufw log is /var/log/ufw.log
.
There are a couple of commands that you can use to check the UFW log. The most useful one is the tail
command which shows the last ten lines of the log by default.
tail /var/log/ufw.log
To check the firewall log in realtime, run the tail -f
, as follows:
tail -f /var/log/ufw.log
Use the -n
option to view a specific number of lines:
tail -n 1 /var/log/ufw.log
If you want to read the entire log, then use the less
command as follows:
less /var/log/ufw.log
To filter the firewall logs, use the grep
command:
grep -i allow /var/log/ufw.log
Logging Levels
The default logging level is low, which logs all blocked packets and packets matching logged rules.
Ubuntu Firewall supports the following logging levels: off, low, medium, high, and full.
Use the ufw logging
command to change the log level:
ufw logging medium
For more information about these options, run the man ufw
command.