Windows Log Output to Event Viewer or Text File
Frank Wayne
frank.wayne at northwestern.edu
Wed Oct 13 13:29:58 UTC 2021
>> On Tue, Oct 12, 2021 at 3:39 PM Frank Wayne <frank.wayne at northwestern.edu> wrote:
>> That's pretty awful. It is only possible to get the last 2048 events and no way to get just the events since the last update. There is no way for an aggregator to simply collect WireGuard logs on Windows.
> Your "that's pretty awful" aside, is what you're asking for some kind of CLI "follow" mode that doesn't terminate and spits out logs to stdout perpetually?
> Jason
No. I'm not sure that would be much of an improvement.
In Linux (under systemd), kernel logs are accessible in journald, can be forwarded to (r)syslog, and from there to a text file or external syslog or wherever.
In Windows, logs would ideally get sent to Event Logging into a WireGuard log. That way, the user or administrator can use Event Viewer to view the log, forward the log, or use a collector (like Splunk) to retrieve and aggregate the events. Using a proprietary log makes it difficult to monitor this or any other app.
I'm not sure why WireGuard doesn't use Windows Event Logging. I can't imagine that a proprietary log format would fly in Linux, or even be contemplated. Is there something that precludes the use of Event Logging by WireGuard?
Frank Wayne
More information about the WireGuard
mailing list