logging daemon for wireguard

Go 94%
Shell 6%

Find a file

Nicolas Karolak f071955a00 chore(deps): update https://github.com/renovatebot/github-action action to v46.1.14		2026-05-11 10:00:32 +00:00
.forgejo/workflows	chore(deps): update https://github.com/renovatebot/github-action action to v46.1.14	2026-05-11 10:00:32 +00:00
contrib	chore: replace makefile by taskfile	2024-08-18 16:14:58 +02:00
man	feat: add logging format and destination customization	2024-01-14 13:49:43 +01:00
.cz.toml	bump: version 2.1.11 → 2.1.12	2026-05-09 13:53:45 +02:00
.editorconfig	chore: add editorconfig	2025-04-20 16:51:50 +02:00
.gitignore	chore: replace makefile by taskfile	2024-08-18 16:14:58 +02:00
.goreleaser.yaml	ci: add goreleaser	2026-05-09 23:08:27 +02:00
.pre-commit-config.yaml	ci: add pre-commit config	2025-04-20 16:57:58 +02:00
.renovaterc.json	ci: add renovate config	2026-05-10 13:15:51 +02:00
.yamlfmt.yml	chore: replace makefile by taskfile	2024-08-18 16:14:58 +02:00
.yamllint.yml	chore: replace makefile by taskfile	2024-08-18 16:14:58 +02:00
CHANGELOG.md	bump: version 2.1.11 → 2.1.12	2026-05-09 13:53:45 +02:00
go.mod	chore: update module path	2026-05-09 14:10:23 +02:00
go.sum	fix(deps): update go packages	2026-05-09 13:53:45 +02:00
helpers.go	refactor: remove cobra and viper dependencies	2023-12-29 21:45:56 +01:00
LICENSE	init go rewrite	2022-06-12 17:03:39 +02:00
README.md	docs: fix build command	2026-05-07 12:44:17 +02:00
Taskfile.yml	chore: remove goreleaser config	2025-07-27 00:05:10 +02:00
wirelogd.go	chore: check close result	2025-04-20 16:29:51 +02:00

README.md

Wirelogd

Wirelogd is a logging daemon for WireGuard. Since WireGuard itself does not log the state of its peers (and since it is UDP based so there is no concept of "connection state"), Wirelogd relies on the latest handshake to determine if a peer is active or inactive. While there is trafic the handshake should be renewed every 2 minutes. If there is no trafic handshake is not renewed. Based on this behavior we assume that if there is no new handshake after a while (default Wirelogd timeout value is 5 minutes), the client is probably inactive.

Output in journalctl will look like this:

# journalctl -t wirelogd -f
juin 12 15:19:12 hostname wirelogd[15233]: {"level":"info","time":"2022-06-12T11:29:25+02:00","message":"start wirelogd"}
juin 12 15:19:37 hostname wirelogd[15233]: {"level":"info","peer":{"interface":"wg0","public_key":"xr4lhgUWOQHTWf5rYTr2Ia0710xsCNaKAl8PtNTp3TQ=","endpoint":"203.0.113.162:57891","allowed_ips":"192.0.2.119"},"state":"active","time":"2022-06-12T11:28:01+02:00"}

Usage

# wirelogd -h
Usage of ./build/wirelogd-darwin-arm64:
  -config string
        path to JSON configuration file
  -debug
        enable debug logging
  -log-destination string
        logging destination, could be "stdout", "syslog" or a file path (default "stdout")
  -log-format string
        logging format, could be "json" or "text" (default "json")
  -refresh int
        refresh interval in seconds
  -timeout int
        wireguard handshake timeout in seconds

Installation

Sources

$ git clone <repo-url> <dest-path>
$ cd <dest-path>
$ task build
$ sudo task install
$ sudo mkdir -p /etc/wirelogd
$ sudo cp /usr/local/share/wirelogd/config.json /etc/wirelogd
$ sudo cp /usr/local/share/wirelogd/wirelogd.service /etc/systemd/system/
$ sudo useradd --home-dir /var/run/wirelogd --shell /usr/sbin/nologin --system --user-group wirelogd
$ sudo setfacl -m u:wirelogd:rX,g:wirelogd:rX /etc/wireguard
$ sudo systemctl daemon-reload
$ sudo systemctl enable --now wirelogd.service

Configuration

Wirelogd can take a JSON configuration file via the -config command-line flag.

Here is an exemple configuration file, with the default values:

{
  "debug": false,
  "log_destination": "stdout",
  "log_format": "json",
  "refresh": 5,
  "timeout": 300
}

Configuration precedence is, by lowest (most easily overridden) to highest (overrides all others):

hard-coded defaults
configuration file
command-line arguments