[Swan] How to let pluto write little log ? We have 312 IPSec connections

ChenHao earthlovepython at outlook.com
Wed Dec 23 18:39:46 UTC 2015


Do not use rsyslog. 
After set "plutodebug=none" and "klipsdebug=none" in /etc/ipsec.conf, no significant change.   Now we set “plutostderrlog”  to “/dev/null” in /etc/ipsec.conf.   Then no /var/log/pluto.log any more.
But /var/log/secure is still increasing. Does anybody know how to disable it also ?
Thanks 

Subject: Re: [Swan] How to let pluto write little log ? We have 312 IPSec connections
To: earthlovepython at outlook.com; swan at lists.libreswan.org
From: nick at howitts.co.uk
Date: Wed, 23 Dec 2015 09:30:45 +0000


  
    
  
  
    That seems excessive. I am getting about 70kB/d/conn for a LAN-LAN
    connection with key lives of 1h and 8h. What do you have in "conn
    setup" in ipsec.conf?

    

    As a secondary question, does your system use rsyslog?

    

    Nick

    

    On 22/12/2015 22:46, ChenHao wrote:

    
    
      
      
        We have 312 IPSec connections. Unfortunately, pluto write about
            45G data every day.
        

          
        Is there any
            parameter to disable the writing? I have cleared all debug
            option from /etc/sysconfig/pluto ?
        

        
        Thanks
        

        
        [root at pa6 log]# df -h
        Filesystem                    
          Size  Used Avail Use% Mounted on
        /dev/mapper/vg_-vg_root   30G 
          1.8G   27G   7% /
        devtmpfs                       
          32G     0   32G   0% /dev
        tmpfs                          
          32G   54M   32G   1% /dev/shm
        tmpfs                          
          32G  3.2G   29G  10% /run
        tmpfs                 
                   32G    
          0   32G   0% /sys/fs/cgroup
        /dev/mapper/vg_-vg_home  9.8G  2.2G 
          7.1G  24% /home
        /dev/sda1                     
          477M   82M  366M  19% /boot
        /dev/mapper/vg_-vg_temp  2.0G  6.1M 
          1.8G   1% /tmp
        /dev/sda2                     
          500M     0  500M   0% /boot/efi
        /dev/mapper/vg_-vg_var  
113G  
            68G   40G  64% /var
        [root at pa6 log]#
         
         
        [root at pa6 ~]# cd /var/log
        [root at pa6 log]# ls -ltr secure*
        -rw------- 1 root root  2159190212 Dec 20
          04:15
          secure-20151220.gz
        -rw-------
            1 root root 21283501386 Dec 22 11:51 secure
        [root at pa6 log]# ls -lh secure
        -rw-------
            1 root root 20G Dec 22 11:52 secure
        [root at pa6 log]# ls -ltr pluto*
        -rw-r--r-- 1 root
          root        1129 Dec 16 17:09
          pluto.log-20151216.gz
        -rw-r--r-- 1 root
          root        1129 Dec 17 03:28
          pluto.log-20151217.gz
        -rw-r--r-- 1 root root     4447840 Dec
          18 03:32 pluto.log-20151218.gz
        -rw-r--r-- 1 root root   648411592 Dec 19
          03:28
          pluto.log-20151219.gz
        -rw-r--r-- 1 root
          root           0 Dec 21 03:16
          pluto.log-20151220.gz
        -rw-r--r--
            1 root root 47953328593 Dec 22 03:46 pluto.log-20151222
        -rw-r--r--
            1 root root 47955774844 Dec 22 11:52 pluto.log
         
        pluto:
        total 4
        drwx------ 2 root root 4096 Dec 16 07:53
          peer
        [root at pa6 log]# ls -lh pluto.log-20151222
        -rw-r--r--
            1 root root 45G Dec 22 03:46 pluto.log-20151222
        

          
        

        
      
      

      
      

      _______________________________________________
Swan mailing list
Swan at lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan

    
    
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20151223/313c5b96/attachment.html>


More information about the Swan mailing list