From mboxrd@z Thu Jan 1 00:00:00 1970 From: Tom Rymes To: development@lists.ipfire.org Subject: Re: [PATCH 2/2] ipsec: Silence charon Date: Wed, 05 Feb 2020 12:16:57 -0500 Message-ID: In-Reply-To: <1A805D74-9F8F-4844-82D7-F3B7FDDC9C3B@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============3711485734005979676==" List-Id: --===============3711485734005979676== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable I have no issue with reducing the amount of verbosity of the current=20 IPSec logging. It has been helpful in the past when troubleshooting a=20 new tunnel, but it's not a major deal. I was just hoping that whatever remaining messages are left after=20 reducing the verbosity could be directed to /var/log/ipsec instead of=20 /var/log/messages, as the IPSec messages can clutter up the kernel log,=20 which can be annoying. We have 20+ tunnels on two different machines, so=20 it can be quite extensive. Tom On 02/05/2020 11:55 AM, Michael Tremer wrote: > Hi, >=20 > Are those logged messages really useful? >=20 > I know that there is a ticket open with this matter, but I am not sure if t= here is any value in the proposed changes. >=20 > https://bugzilla.ipfire.org/show_bug.cgi?id=3D11001 >=20 > What are you getting from the logs that you won=E2=80=99t get right now? >=20 > I have to enable proper debugging every time I want to have a REALLY detail= ed look. Otherwise the amount of logs are very verbose and it is hard to find= things. >=20 > Best, > -Michael >=20 >> On 5 Feb 2020, at 15:25, Tom Rymes wrote: >> >> May I suggest that we also move the IPSec logging into its own file? It se= ems to me that, even with verbosity reduced, having it in /var/log/messages m= akes it a pain to locate anything else in the kernel log. >> >> Tom >> >> On 02/05/2020 6:24 AM, Michael Tremer wrote: >>> Charon has some verbose logging enabled by default. This clutters >>> the logs a lot. >>> This patch disables debug logging but still lets charon log important >>> messages like tunnels that are going up or down. >>> Signed-off-by: Michael Tremer >>> --- >>> html/cgi-bin/vpnmain.cgi | 3 +++ >>> 1 file changed, 3 insertions(+) >>> diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi >>> index b3cd3e51e..d2bc70a27 100644 >>> --- a/html/cgi-bin/vpnmain.cgi >>> +++ b/html/cgi-bin/vpnmain.cgi >>> @@ -266,6 +266,9 @@ sub writeipsecfiles { >>> flock CONF, 2; >>> flock SECRETS, 2; >>> print CONF "version 2\n\n"; >>> + print CONF "config setup\n"; >>> + print CONF "\tcharondebug=3D\"dmn 0, mgr 0, ike 0, chd 0, job 0, cfg 0,= knl 0, net 0, asn 0, enc 0, lib 0, esp 0, tls 0, tnc 0, imc 0, imv 0, pts 0\= "\n"; >>> + print CONF "\n"; >>> print CONF "conn %default\n"; >>> print CONF "\tkeyingtries=3D%forever\n"; >>> print CONF "\n"; >=20 --===============3711485734005979676==--