Forums

Resolved
0 votes
Having just bumped into your ClearOS guides, I've noticed a probable error in the IPSec guide here. To me most of the interesting logs go into /var/log/secure and not messages.

FWIW, I'd like to see a change to the logging and have proposed to Tim:
I would love to see logging go into a separate file. I have a patch supplied to me to do this in 2.6.38 but each time you restart ipsec, the log file restarts which is not ideal. I now have a better solution as I've tried playing around with rsyslog in 6.x (not available in 5.2 which uses syslog). I've added a file /etc/rsyslog.d/openswan.conf with the following contents:

# Reference = http://wiki.rsyslog.com/index.php/Filtering_by_program_name
if $programname == 'pluto' then -/var/log/openswan
& ~

And I've created a logrotate function /etc/logrotate.d/openswan:

# rotate the Openswan log
/var/log/openswan {
# size 10k
notifempty
missingok
weekly
copytruncate
create 0664 root root
rotate 4
}

Now most of the Openswan logs go to /var/log/openswan rather than /var/log/secure. The exception is for a few start up lines where the kernel logs the messages instead of pluto.
Thursday, December 06 2012, 10:19 PM
Share this post:
Responses (1)
  • Accepted Answer

    Friday, December 07 2012, 02:54 PM - #Permalink
    Resolved
    0 votes
    Hi Nick,

    The log file was changed in the IPsec guide - thanks for pointing it out. As for the log change, I'm all for it. When the new IPsec app is available, it will just be a matter of adding the rsyslog configlet to the app and dropping it into /etc/rsyslog.d/openswan.conf.
    The reply is currently minimized Show
Your Reply