[Swan-dev] better log content
Andrew Cagney
andrew.cagney at gmail.com
Tue Sep 17 21:40:45 UTC 2019
Several things I've noticed while trying to use the log files to track
down problems:
- tracking a connection instance's IKE and CHILD SAs is painful
I've an awk script to do this, but the mere existence of this script
should act as a red flag :-). For instance, to match an IKE_SA with
its first CHILD_SA the script:
-> matches /#[0-9]*: Authenticated using RSA/ - the line contains
both the "connection instance" + #IKE_SA; this is used to map
"connection instance"->#IKE_SA
-> matches /#[0-9]*: negotiated connection/ - the line contains
"connection instance" + #CHILD_SA; combining this with above gets
#IKE_SA<->#CHILD_SA
yuck!
- the connection prefix seems like far too much information,
especially when it is constantly repeated and redacted; for instance
<ip-address> in:
... "my-connection"[1234] <ip-address> #100: ...
is just wasted real estate; would it be better to dump all the
connection instance details once as a line
- as a follow-on it would be nice if the connection instance prefix
stopped changing between log lines
because the prefix is generated dynamically it evolves as the
connection information gets changed; again a log line once one all
changes are done
Andrew
More information about the Swan-dev
mailing list