Cannot view and filter firewall logs?

Hi all,
I did some port forwards (turris omnia)and it does not seem forwarded from WAN port.
Is there any possibility to see firewall logs like in Fortigate where I can search and filter traffic and see what was passed through via which rule or dropped, etc.?
I did some search and this Iptables log disappeared? seems like there is not even possibility to see for us/users such info about what was forwarded or not.
That sentinel is only to build dynamic firewall and sends data to another parties to analyze.

Is that correct or we can see the logs somehow?


I think from cmd line you can add rules like below to the predefined chains, which will log all and can be useful for debugging, then you can remove(this is not persistent, will not survive firewall restart or reboot):

iptables -I input_lan_rule 1 -m limit --limit 10/sec -m comment --comment "!lan in logging" -j LOG --log-prefix "LAN IN: "
iptables -I forwarding_lan_rule 1 -m limit --limit 10/sec -m comment --comment "!lan forward logging" -j LOG --log-prefix "LAN FORWARD: "
iptables -I output_lan_rule 1 -m limit --limit 10/sec -m comment --comment "!lan out logging" -j LOG --log-prefix "LAN OUT: "

In similar way you can add for other zones as well such as for “input_wan_rule” etc

And if you want it to be persistent add it at Luci - Firewall - Custom Rules tab.

Additionally Luci can add rules for logging rejected. So when you enable logging in Luci Firewall from certain zone(edit) it should log rejected packets for that zone. And general settings(at top) should have default policy “reject” for Input Output Forward.

Logging dropped is complicated, since Luci doesn’t do it automatically like above, you need to create new chains add logging rule, jump there from where needed. Actually default firewall drops only invalid and syn-flood(if detected), most is reject. So I don’t think you will need to log the dropped.

I tried these commands on my Omnia but then I could not find where these loggings get written into at all, any help? Thanks.

Edit: welp, stupid question it seems since I found out by little digging that all of that logging goes into /var/log/messages sorry to bother.