You can enable logging for a single firewall rule. Reasons could be just to verify things are working as part of trouble shooting or you have some specific access to monitor. In this example all outbound traffic is allowed, but we add a specific rule for logging destination port 8443.
Here is the rule we add:
config rule
option name 'FW LOG TEST'
option src 'lan'
option proto 'tcp'
option dest_port '8443'
option target 'ACCEPT'
option family 'ipv4'
option log 'Firewall Log to port 8443'
option dest 'vpn'
Then reload the firewall.
/etc/init.d/firewall reload
Next we visit a web site to test traffic to the rule.
http://portquiz.net:8443/
Now, check the log.
logread -f
Sat Apr 15 17:21:11 2023 kern.warn kernel: [ 2533.394182] FW LOG TEST: IN=br-lan OUT=wg0 MAC=60:32:b1:2f:36:c2:74:70:fd:d0:fd:3b:08:00 SRC=192.168.2.151 DST=35.180.139.74 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=54038 DF PROTO=TCP SPT=42292 DPT=8443 WINDOW=64240 RES=0x00 SYN URGP=0
Sat Apr 15 17:21:11 2023 kern.warn kernel: [ 2533.505185] FW LOG TEST: IN=br-lan OUT=wg0 MAC=60:32:b1:2f:36:c2:74:70:fd:d0:fd:3b:08:00 SRC=192.168.2.151 DST=35.180.139.74 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=3981 DF PROTO=TCP SPT=42302 DPT=8443 WINDOW=64240 RES=0x00 SYN URGP=0
You see that we have logs with DPT=8443. The name from our rule is included in the log. You can change that by putting a text string in the option log config. It looks like this (note extra space at the end):
option log 'Firewall Log outbound to port 8443 '
Discuss it on the OpenWrt forum.
Or, check out the traffic logging doc.