[Swan-dev] Logging changes proposal
Paul Wouters
paul at nohats.ca
Wed Feb 4 19:18:29 EET 2015
Hi,
As more people are looking at ways not to use journald to find their
logs, more people want to tell pluto to log to a file. These people
are surprised to find out that we log without timestamps per default
and that we overwrite and not append to a logfile on restart.
I wrote a patch to change this behaviour:
For ipsec.conf:
plutostderrlog= is renamed to logfile= with an alias for the old name
plutostderrlogtime= is rename to logtime= with alias for the old name
logappend=yes|no is a no option, defaulting to yes.
For pluto daemon options:
--plutostderrlogtime obsoleted
--log-no-time added
--log-no-append added
These changes mean that people (or packaged config files) specifying
just logfile=/some/file get what the would expect, an appended log
file with timestamps that doesn't get wiped on service restart/crash.
This means for our test cases we will probably want to add:
logappend=no
logtime=no
to our config setup section. While the first isn't strictly required,
as our tests ensure there are no old logfiles, we often restart within
a VM to rerun a test manually, and it would be quite annoying to have
it append in that case.
This sadly makes it incompatible with openswan's config setup so we
cannot easilly re-use the same tests, but I felt that was a losing battle
anyway and the only person it really affects is me as RHEL6 openswan
maintainer. I might possibly backport it if a new release would happen
in a RHEL 6.8 branch but we already have issues testing openswan now
due to unknown new keywords coming in through ipsec.conf.common (like
addresspool=)
Paul
More information about the Swan-dev
mailing list