[Swan-dev] why are IKE SA initiator OE logs suppressed?
Paul Wouters
paul at nohats.ca
Tue Dec 10 22:47:28 UTC 2019
On Tue, 10 Dec 2019, Andrew Cagney wrote:
> On Tue, 10 Dec 2019 at 16:51, Paul Wouters <paul at nohats.ca> wrote:
>>
>> On Mon, 2 Dec 2019, Andrew Cagney wrote:
>>
>>> Subject: [Swan-dev] why are IKE SA initiator OE logs suppressed?
>>>
>>> For instance, in ikev2_parent_outI1()?
>>>
>>> I can understand the rationale behind suppressing the responder, but
>>> not the initiator - should I do something to trigger an OE connection
>>> from my local machine I'd like to know about it.
>>
>> If you have 10000+ connections, it causes a LOT of logs. We tried to
>> minimize it for OE.
>
> Like I said, I can understand that for the IKE SA responder. But for
> the IKE SA initiator that is just trying to establish an SA is that
> really true?
In a large mesh network, yes? These are all one-to-one connections, and
not many clients to one server connections.
The idea for OE logging was that per default, we try to only log a
single success/failure message and if one is tracking an issue, to
have to enable debuglog specifically. Whether that is still the best
option or not in a world with systemd and logging and rate limits,
I'm not entirely sure.
Paul
More information about the Swan-dev
mailing list