How to check logs for actions like add/delete rule or firewall.?


#1

we have been trying to add/delete firewall rules, assign those to interface(interface based firewall) using set/delete options provided in configure mode but we dont see any relevant logs under /var/log/messages file which can point out that rule has been added or removed.? same goes for firewall is added/ removed.?

we have tried commands like “monitor log”, “show log tail”, “show log firewall name firewall-name” to check logs but we dont see any relevant logs which can log user actions like add/delete rule, add/delete firewall etc.?
are we missing any configuration to have those logs available…? If those logs are available after some configuration then where should we find it.?

FYI,
we are using default system syslog configuration with log level “notice”.?
configuration snapshot-:
system {
syslog {
global {
facility all {
level notice
}
}
}
}

Basically we want to find those logs by looking into it, we can say rule/firewall was added/deleted.?


#2

I don’t think there is a way to log iptables changes. There is some record of configuration revisions in /config/archive which you can diff to see what changed. I have my VyOS routers pushing configs to a git repo every time a commit is run.