[strongSwan-dev] logging: unique connection IDs?

Tobias Brunner tobias at strongswan.org
Fri Aug 30 10:05:15 CEST 2019

Hi Harald,

>>> if I restart charon, then the connection IDs in the logfile start
>>> by 1 again, making logfile analysis pretty difficult. The IDs are
>>> not unique.
>> Couldn't you e.g. split the log based on messages referring to the
>> daemon's restart before analyzing it (or consider the timestamps in your
>> analysis).
> Doesn't really help: The log files are already rotated. I would have
> to distinguish between "old" and "new" log files, i.e. introduce my
> own connection ids.

I think I don't understand your use case (or problem) here.

> Maybe it would be possible to use an alphanumerical identifier similar
> to the connection identifiers in sendmail's log file, e.g.
> "x7J7j1kb2487133". Could be generated using something like
> echo $n $remoteIP $remoteport $localIP $localport `date` | md5sum
> or another cryptographic function. I am sure you get the idea. $n
> is the current incremental connection id, still starting at 1 with
> each restart.

Theoretically possible (with considerable overhead), but definitely not
something I'll be rushing to add.


More information about the Dev mailing list