[strongSwan] Logging to file

Dan Cook dan.cook at illum.io
Mon Jul 1 23:44:38 CEST 2013 

Noel,

Thank you for the guidance.  I really do appreciate the help.

Below is my amended strongswan.conf file and I am still seeing the
following in the "secure" file under CentOS.
Is the ipsec_starter use a different config section in strongswan.conf?

This is StrongSwan 5.0.4 built under CentOS.

Contents of "secure" in /var/log after changes and restart:
Jul  1 17:33:27 ip-10-170-95-110 ipsec_starter[1410]: charon stopped
after 200 ms
Jul  1 17:33:27 ip-10-170-95-110 ipsec_starter[1410]: ipsec starter stopped
Jul  1 17:33:28 ip-10-170-95-110 ipsec_starter[1511]: Starting
strongSwan 5.0.4 IPsec [starter]...
Jul  1 17:33:28 ip-10-170-95-110 ipsec_starter[1520]: charon (1522)
started after 40 ms


Strongswan.conf contents:
charon {

    # number of worker threads in charon
    threads = 16

    # send strongswan vendor ID?
    # send_vendor_id = yes

    plugins {
    }

    syslog {
        auth {
            default=-1
        }
        daemon {
            default=-1
        }
    }

    # Two defined file loggers. Each subsection is either a file
    # in the filesystem or one of: stdout, stderr.
    filelog {
        /home/ipsec/charon.log {
            # add a timestamp prefix
            time_format = %Y-%m-%dT%T%z
            # loggers to files also accept the append option to open files in
            # append mode at startup (default is yes)
            append = yes
            # the default loglevel for all daemon subsystems (defaults to 1).
            default = 1
            # flush each line to disk
            flush_line = yes
        }
    }
}

On Mon, Jul 1, 2013 at 2:18 PM, Noel Kuntze <noel at familie-kuntze.de> wrote:
> Hello Dan,
>
> With "default = 1" in the "filelog" subsection, you are already telling
> strongswan to do so.
> You should find all the entries in the logfile.
>
> Regards,
> Noel
>
> Am 01.07.2013 23:12, schrieb Dan Cook:
>> Noel,
>>
>> Thank you for your reply.  I am looking to redirect all logging from
>> syslog to a different file using the filelog option in
>> strongswan.conf.  I am OK with the ipsec_starter logging, I just want
>> it to log where I tell it to log ... ;-)
>>
>> Cheers,
>> Dan
>>
>> On Mon, Jul 1, 2013 at 2:08 PM, Noel Kuntze <noel at familie-kuntze.de>
> wrote:
>>>
>> Hello Dan,
>>
>> charon {
>>     # regular blah with threads and such
>>     syslog {
>>                 auth
>>                         {
>>                             default=-1
>>                         }
>>                 daemon
>>                         {
>>                              default=-1
>>                  }
>>    # more blah
>> }
>>
>> Loglevel -1 means, that it's completely silent.
>> I hope this helps.
>>
>> Regards,
>> Noel
>> Am 01.07.2013 23:00, schrieb Dan Cook:
>> >>> I am trying to redirect all logging to a file.
>> >>> I have followed the example listed on docs page, but I am still seeing
>> >>> the following entries in "secure" file on CentOS.
>> >>>
>> >>> Jul  1 16:49:20 ip-10-170-95-110 ipsec_starter[27645]: charon stopped
>> >>> after 200 ms
>> >>> Jul  1 16:49:20 ip-10-170-95-110 ipsec_starter[27645]: ipsec starter
>> stopped
>> >>> Jul  1 16:49:21 ip-10-170-95-110 ipsec_starter[28019]: Starting
>> >>> strongSwan 5.0.4 IPsec [starter]...
>> >>> Jul  1 16:49:21 ip-10-170-95-110 ipsec_starter[28028]: charon (28030)
>> >>> started after 40 ms
>> >>>
>> >>> Is there a way to redirect all logging to a file from all processes?
>> >>>
>> >>> Dan
>> >>>
>> >>> My strongswan.conf:
>> >>>
>> >>> charon {
>> >>>
>> >>> # number of worker threads in charon
>> >>> threads = 16
>> >>>
>> >>> # send strongswan vendor ID?
>> >>> # send_vendor_id = yes
>> >>>
>> >>> plugins {
>> >>> }
>> >>>
>> >>>     # Two defined file loggers. Each subsection is either a file
>> >>>     # in the filesystem or one of: stdout, stderr.
>> >>>     filelog {
>> >>>         /home/ipsec/charon.log {
>> >>>             # add a timestamp prefix
>> >>>             time_format = %Y-%m-%dT%T%z
>> >>>             # loggers to files also accept the append option to open
>> files in
>> >>>             # append mode at startup (default is yes)
>> >>>             append = yes
>> >>>             # the default loglevel for all daemon subsystems (defaults
>> to 1).
>> >>>             default = 1
>> >>>             # flush each line to disk
>> >>>             flush_line = yes
>> >>>         }
>> >>>         stderr {
>> >>>             # more detailed loglevel for a specific subsystem,
>> overriding the
>> >>>             # default loglevel.
>> >>>             ike = 2
>> >>>             knl = 3
>> >>>             # prepend connection name, simplifies grepping
>> >>>             ike_name = yes
>> >>>         }
>> >>>     }
>> >>> # ...
>> >>> }
>> >>>
>> >>> _______________________________________________
>> >>> Users mailing list
>> >>> Users at lists.strongswan.org
>> >>> https://lists.strongswan.org/mailman/listinfo/users
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.strongswan.org
>> https://lists.strongswan.org/mailman/listinfo/users
>
>

More information about the Users mailing list