[Swan-dev] better log content

Andrew Cagney andrew.cagney at gmail.com
Tue Sep 17 21:40:45 UTC 2019


Several things I've noticed while trying to use the log files to track
down problems:

- tracking a connection instance's IKE and CHILD SAs is painful
I've an awk script to do this, but the mere existence of this script
should act as a red flag :-).  For instance, to match an IKE_SA with
its first CHILD_SA the script:
  -> matches /#[0-9]*: Authenticated using RSA/ - the line contains
both the "connection instance" + #IKE_SA; this is used to map
"connection instance"->#IKE_SA
  -> matches /#[0-9]*: negotiated connection/ - the line contains
"connection instance" + #CHILD_SA; combining this with above gets
#IKE_SA<->#CHILD_SA
yuck!

- the connection prefix seems like far too much information,
especially when it is constantly repeated and redacted; for instance
<ip-address> in:
    ... "my-connection"[1234] <ip-address> #100: ...
is just wasted real estate; would it be better to dump all the
connection instance details once as a line

- as a follow-on it would be nice if the connection instance prefix
stopped changing between log lines
because the prefix is generated dynamically it evolves as the
connection information gets changed; again a log line once one all
changes are done

Andrew


More information about the Swan-dev mailing list