How to capture logs from nftables

Hi, I’m new to Fedora and was wondering how to capture logs from nftables. I’ve used nftables on Ubuntu and could capture logs with ulog2, but ulog2 is not available on Fedora so I’m at a loss for what to do.

I can’t find anything with journalctl -k, I’ve tried to install rsyslog but can’t find anything in the standard logs it produces either.

Part of the ruleset I’ve used, which worked fine on Ubuntu looks like this:

table inet filter {
        chain input {
                type filter hook input priority filter; policy drop;
                iifname "lo" accept
                ct state established,related accept
                (...)
                tcp dport 22 ct state new accept
                ct state invalid log group 0 drop
                log group 0 drop

with anything not matching a pass rule getting logged. Do I need to change the group in the rules, or is there something I need to change in syslog to capture this?

Thanks

From firewalld generated nft ruleset

        chain filter_INPUT {
                type filter hook input priority filter + 10; policy accept;
                ct state { established, related } accept
                ct status dnat accept
                iifname "lo" accept
                ct state invalid log prefix "STATE_INVALID_DROP: "
                ct state invalid drop
                jump filter_INPUT_POLICIES
                log prefix "FINAL_REJECT: "
                reject with icmpx admin-prohibited
        }

You may want to do something similar, that is “log” and “drop” are on separate lines.

Thanks for the reply! I noticed you didn’t have “group 0” in your rules, and when I removed that from mine logging started working!

You can both log and have an action on the same line, by the way. So

tcp dport 22 ct state new log accept
ct state invalid log drop
log drop

works