On Wednesday, December 11th, 2024, Stuart Henderson wrote:
 
> How many is "many"? If it's really very bad then ratecheck(9) can help.

I like this idea. It is about 12-14 msgs/minute. But I have no qualms with
eliminating the message either.

On Wednesday, December 11th, 2024, Claudio Jeker wrote:

> But it triggers probably for every portscan or similar attempt. It does
> not report the IP addrs it does not give any useful info. So I think it is
> not useful for anyone.

On the contrary, it echos when the tunnel is down. It functions mostly as a
"not in use" buzzer.

Really the issue is that Wireguard provides no logging function for failed or
attempted connections outside of the debugging interface. Which I am okay with,
as long as the debugging does not flood the console with nuisance messages.

Would syslog(3) be appropriate in this context? If so, could one of the link
flags be used to enable/disable syslog function? Keeping it enabled all the time
and sending only rejected connection attempts to syslog would be fine as well.

Regards
Lloyd