WireGuard

WireGuard Clients and configurations

Clients applications and configure
Managing WireGuard Logs with Systemd and Logrotate

Clients applications and configure

Windows App

Go to the below link and download the application WireSock Secure Connect.

https://wiresock.net/wiresock-secure-connect/download

Android App

Go to the below link and download the application WG Tunnel.

From Google Play https://play.google.com/store/apps/details?id=com.zaneschepke.wireguardautotunnel

From F-Droid https://f-droid.org/packages/com.zaneschepke.wireguardautotunnel/

macOS

Go to the below link and download the application WireGuard.

App Store https://apps.apple.com/us/app/wireguard/id1441195209

iOS

Go to the below link and download the application wireguard-apple-1.0.16-27.tar.xz or .zip

https://apps.apple.com/us/app/wireguard/id1451685025

Ins0mniA

Managing WireGuard Logs with Systemd and Logrotate

When managing a VPN like WireGuard, logging is crucial for monitoring activity, debugging issues, and ensuring security. But if left unchecked, logs can grow rapidly and become unmanageable.

In this guide, we’ll set up Systemd to capture WireGuard logs dynamically and use Logrotate to keep them under control automatically.

Setup a Systemd file to store logs

Step 1: Create a Systemd Service to Store Logs

First, we need to create a Systemd service that continuously logs WireGuard activity.

Open a new Systemd service file:

nano /etc/systemd/system/wireguard-log.service

Add the following configuration:

[Unit]
Description=WireGuard Dynamic Debug Logging
After=network.target

[Service]
ExecStart=/bin/bash -c 'dmesg -wT | grep wireguard >> /var/log/wireguard-dyndbg.log'
Restart=always
RestartSec=5
StandardOutput=null
StandardError=null

[Install]
WantedBy=multi-user.target

Reload and restart Systemd to apply changes:

sudo systemctl daemon-reload
sudo systemctl restart wireguard-log.service
sudo systemctl enable wireguard-log.service

or if you are ROOT then run without SUDO:

systemctl daemon-reload
systemctl restart wireguard-log.service
systemctl enable wireguard-log.service

Verify that the service is running:

sudo systemctl status wireguard-log.service

or if you are ROOT then run without SUDO:

systemctl status wireguard-log.service

Set Up Logrotate for Automatic Log Management

Now, let’s ensure our logs don’t grow indefinitely by setting up Logrotate.

Install Logrotate (if not already installed):

sudo apt update && sudo apt install logrotate -y

or if you are ROOT then run without SUDO:

apt update && apt install logrotate -y

Create a Logrotate configuration file:

nano /etc/logrotate.d/wireguard

Add the following configuration to manage log rotation:

/var/log/wireguard-dyndbg.log {
    daily
    rotate 7
    compress
    delaycompress
    missingok
    notifempty
    create 0640 root root
    postrotate
        systemctl restart wireguard-log.service > /dev/null 2>&1 || true
    endscript
}

Test Your Log Rotation Setup

sudo logrotate -v /etc/logrotate.d/wireguard

or if you are ROOT then run without SUDO:

logrotate -v /etc/logrotate.d/wireguard

To force log rotation manually:

sudo rm -f /var/lib/logrotate/status
sudo logrotate -f /etc/logrotate.d/wireguard

or if you are ROOT then run without SUDO:

rm -f /var/lib/logrotate/status
logrotate -f /etc/logrotate.d/wireguard

Check your logs

ls -lh /var/log/wireguard-dyndbg.log*

Your DONE.

Ins0mniA