[Swan-dev] Logging changes proposal

[Paul Wouters]

Hi,

As more people are looking at ways not to use journald to find their
logs, more people want to tell pluto to log to a file. These people
are surprised to find out that we log without timestamps per default
and that we overwrite and not append to a logfile on restart.

I wrote a patch to change this behaviour:

For ipsec.conf:

 	plutostderrlog= is renamed to logfile= with an alias for the old name
 	plutostderrlogtime= is rename to logtime= with alias for the old name
 	logappend=yes|no is a no option, defaulting to yes.

For pluto daemon options:

 	--plutostderrlogtime obsoleted
 	--log-no-time added
 	--log-no-append added


These changes mean that people (or packaged config files) specifying
just logfile=/some/file get what the would expect, an appended log
file with timestamps that doesn't get wiped on service restart/crash.

This means for our test cases we will probably want to add:

 	logappend=no
 	logtime=no

to our config setup section. While the first isn't strictly required,
as our tests ensure there are no old logfiles, we often restart within
a VM to rerun a test manually, and it would be quite annoying to have
it append in that case.

This sadly makes it incompatible with openswan's config setup so we
cannot easilly re-use the same tests, but I felt that was a losing battle
anyway and the only person it really affects is me as RHEL6 openswan
maintainer. I might possibly backport it if a new release would happen
in a RHEL 6.8 branch but we already have issues testing openswan now
due to unknown new keywords coming in through ipsec.conf.common (like
addresspool=)

Paul