Ubuntu 16 UFW未登录/var/log/UFW.log或其他位置
UFW未登录到任何位置 ufw配置:Ubuntu 16 UFW未登录/var/log/UFW.log或其他位置,ubuntu,ubuntu-16.04,ufw,Ubuntu,Ubuntu 16.04,Ufw,UFW未登录到任何位置 ufw配置: root@localhost:/var/log# ufw status verbose Status: active Logging: on (full) Default: deny (incoming), allow (outgoing), deny (routed) New profiles: skip To Action From -- ----
root@localhost:/var/log# ufw status verbose
Status: active
Logging: on (full)
Default: deny (incoming), allow (outgoing), deny (routed)
New profiles: skip
To Action From
-- ------ ----
2022/tcp ALLOW IN Anywhere
80 ALLOW IN Anywhere
2022/tcp (v6) ALLOW IN Anywhere (v6)
80 (v6) ALLOW IN Anywhere (v6)
root@localhost:/var/log#
rsyslog配置:
root@localhost:/var/log# service rsyslog status
● rsyslog.service - System Logging Service
Loaded: loaded (/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2017-02-21 18:43:33 CET; 5min ago
Docs: man:rsyslogd(8)
http://www.rsyslog.com/doc/
Main PID: 283 (rsyslogd)
CGroup: /system.slice/rsyslog.service
└─283 /usr/sbin/rsyslogd -n
Feb 21 18:43:33 localhost systemd[1]: Starting System Logging Service...
Feb 21 18:43:33 localhost systemd[1]: Started System Logging Service.
root@localhost:/var/log#
root@localhost:/var/log# cat /etc/rsyslog.d/20-ufw.conf
# Log kernel generated UFW log messages to file
:msg,contains,"[UFW " /var/log/ufw.log
# Uncomment the following to stop logging anything that matches the last rule.
# Doing this will stop logging kernel generated UFW log messages to the file
# normally containing kern.* messages (eg, /var/log/kern.log)
#& stop
没有/var/log/ufw.log文件,也没有在/var/log/syslog或/var/log/kern.log中提到ufw(最后一个文件不存在)
为什么UFW没有记录?在以下位置找到解决方案: 编辑
/etc/rsyslog.conf
并取消注释行:
module(load="imklog") # provides kernel logging support
然后,
sudo服务rsyslog restart
在以下位置找到解决方案:
编辑/etc/rsyslog.conf
并取消注释行:
module(load="imklog") # provides kernel logging support
然后,
sudo服务rsyslog重启
这里的实际问题看起来是权限问题。系统日志用户没有
没有在/var/log中创建文件的权限
日志目录属于syslog组,但是
组的权限设置为读取/执行。因此,rsyslogd是
无法在目录中创建新文件,但可以更新/写入现有文件
具有适当组权限的文件
因此,请修复整个文件夹的权限,或者只执行以下操作:
touch/var/log/ufw.log&&chown syslog:syslog/var/log/ufw.log
这里的实际问题看起来是权限问题。系统日志用户没有
没有在/var/log中创建文件的权限
日志目录属于syslog组,但是
组的权限设置为读取/执行。因此,rsyslogd是
无法在目录中创建新文件,但可以更新/写入现有文件
具有适当组权限的文件
因此,请修复整个文件夹的权限,或者只执行以下操作:
touch/var/log/ufw.log&&chown syslog:syslog/var/log/ufw.log