Hi. With debugging enabled you can log all kinds of stuff like malformed or replayed packets. However, debugging only tells you that something went wrong but it does not really show the cause. It would be really nice if you could log those packets so you know exactly which packet caused an issue. Wireguard already knows about those. With external tools you would need to do lots of extra parsing and basically do everything twice. Also, I don't know to which extend tools like tcpdump/wireshark/iptables for logging traffic could handle all possible wireguard errors.
Regards.
