UFW Log – How To Check Firewall Logs in Ubuntu
Ubuntu saves information from the Firewall to
ufw.log in the
/var/log/ directory. The full path to the ufw log is
There are a couple of commands that you can use to check the UFW log. The most useful one is the
tail command which shows the last ten lines of the log by default.
To check the firewall log in realtime, run the tail
-f, as follows:
tail -f /var/log/ufw.log
-n option to view a specific number of lines:
tail -n 1 /var/log/ufw.log
If you want to read the entire log, then use the
less command as follows:
To filter the firewall logs, use the
grep -i allow /var/log/ufw.log
The default logging level is low, which logs all blocked packets and packets matching logged rules.
Ubuntu Firewall supports the following logging levels: off, low, medium, high, and full.
ufw logging command to change the log level:
ufw logging medium
For more information about these options, run the
man ufw command.