May I suggest that we also move the IPSec logging into its own file? It seems to me that, even with verbosity reduced, having it in /var/log/messages makes it a pain to locate anything else in the kernel log.
Tom
On 02/05/2020 6:24 AM, Michael Tremer wrote:
Charon has some verbose logging enabled by default. This clutters the logs a lot.
This patch disables debug logging but still lets charon log important messages like tunnels that are going up or down.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
html/cgi-bin/vpnmain.cgi | 3 +++ 1 file changed, 3 insertions(+)
diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi index b3cd3e51e..d2bc70a27 100644 --- a/html/cgi-bin/vpnmain.cgi +++ b/html/cgi-bin/vpnmain.cgi @@ -266,6 +266,9 @@ sub writeipsecfiles { flock CONF, 2; flock SECRETS, 2; print CONF "version 2\n\n";
- print CONF "config setup\n";
- print CONF "\tcharondebug="dmn 0, mgr 0, ike 0, chd 0, job 0, cfg 0, knl 0, net 0, asn 0, enc 0, lib 0, esp 0, tls 0, tnc 0, imc 0, imv 0, pts 0"\n";
- print CONF "\n"; print CONF "conn %default\n"; print CONF "\tkeyingtries=%forever\n"; print CONF "\n";