From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [PATCH 2/2] ipsec: Silence charon
Date: Wed, 05 Feb 2020 16:55:55 +0000
Message-ID: <1A805D74-9F8F-4844-82D7-F3B7FDDC9C3B@ipfire.org>
In-Reply-To: <3492ce27-f15e-3154-ad42-f2e4a1857ef9@rymes.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============8791467197719122475=="
List-Id: <development.lists.ipfire.org>

--===============8791467197719122475==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Hi,

Are those logged messages really useful?

I know that there is a ticket open with this matter, but I am not sure if the=
re is any value in the proposed changes.

  https://bugzilla.ipfire.org/show_bug.cgi?id=3D11001

What are you getting from the logs that you won=E2=80=99t get right now?

I have to enable proper debugging every time I want to have a REALLY detailed=
 look. Otherwise the amount of logs are very verbose and it is hard to find t=
hings.

Best,
-Michael

> On 5 Feb 2020, at 15:25, Tom Rymes <trymes(a)rymes.com> wrote:
>=20
> May I suggest that we also move the IPSec logging into its own file? It see=
ms to me that, even with verbosity reduced, having it in /var/log/messages ma=
kes it a pain to locate anything else in the kernel log.
>=20
> Tom
>=20
> On 02/05/2020 6:24 AM, Michael Tremer wrote:
>> Charon has some verbose logging enabled by default. This clutters
>> the logs a lot.
>> This patch disables debug logging but still lets charon log important
>> messages like tunnels that are going up or down.
>> Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
>> ---
>>  html/cgi-bin/vpnmain.cgi | 3 +++
>>  1 file changed, 3 insertions(+)
>> diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
>> index b3cd3e51e..d2bc70a27 100644
>> --- a/html/cgi-bin/vpnmain.cgi
>> +++ b/html/cgi-bin/vpnmain.cgi
>> @@ -266,6 +266,9 @@ sub writeipsecfiles {
>>  	flock CONF, 2;
>>  	flock SECRETS, 2;
>>  	print CONF "version 2\n\n";
>> +	print CONF "config setup\n";
>> +	print CONF "\tcharondebug=3D\"dmn 0, mgr 0, ike 0, chd 0, job 0, cfg 0, =
knl 0, net 0, asn 0, enc 0, lib 0, esp 0, tls 0, tnc 0, imc 0, imv 0, pts 0\"=
\n";
>> +	print CONF "\n";
>>  	print CONF "conn %default\n";
>>  	print CONF "\tkeyingtries=3D%forever\n";
>>  	print CONF "\n";


--===============8791467197719122475==--