Re: [PATCH 2/2] ipsec: Silence charon

[Michael Tremer <michael.tremer@ipfire.org>]

[-- Attachment #1: Type: text/plain, Size: 1813 bytes --]

Hi,

Are those logged messages really useful?

I know that there is a ticket open with this matter, but I am not sure if there is any value in the proposed changes.

  https://bugzilla.ipfire.org/show_bug.cgi?id=11001

What are you getting from the logs that you won’t get right now?

I have to enable proper debugging every time I want to have a REALLY detailed look. Otherwise the amount of logs are very verbose and it is hard to find things.

Best,
-Michael

> On 5 Feb 2020, at 15:25, Tom Rymes <trymes(a)rymes.com> wrote:
> 
> May I suggest that we also move the IPSec logging into its own file? It seems to me that, even with verbosity reduced, having it in /var/log/messages makes it a pain to locate anything else in the kernel log.
> 
> Tom
> 
> On 02/05/2020 6:24 AM, Michael Tremer wrote:
>> Charon has some verbose logging enabled by default. This clutters
>> the logs a lot.
>> This patch disables debug logging but still lets charon log important
>> messages like tunnels that are going up or down.
>> Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
>> ---
>>  html/cgi-bin/vpnmain.cgi | 3 +++
>>  1 file changed, 3 insertions(+)
>> diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
>> index b3cd3e51e..d2bc70a27 100644
>> --- a/html/cgi-bin/vpnmain.cgi
>> +++ b/html/cgi-bin/vpnmain.cgi
>> @@ -266,6 +266,9 @@ sub writeipsecfiles {
>>  	flock CONF, 2;
>>  	flock SECRETS, 2;
>>  	print CONF "version 2\n\n";
>> +	print CONF "config setup\n";
>> +	print CONF "\tcharondebug=\"dmn 0, mgr 0, ike 0, chd 0, job 0, cfg 0, knl 0, net 0, asn 0, enc 0, lib 0, esp 0, tls 0, tnc 0, imc 0, imv 0, pts 0\"\n";
>> +	print CONF "\n";
>>  	print CONF "conn %default\n";
>>  	print CONF "\tkeyingtries=%forever\n";
>>  	print CONF "\n";