[Swan] How to let pluto write little log ? We have 312 IPSec connections
ChenHao
earthlovepython at outlook.com
Wed Dec 23 18:39:46 UTC 2015
Do not use rsyslog.
After set "plutodebug=none" and "klipsdebug=none" in /etc/ipsec.conf, no significant change. Now we set “plutostderrlog” to “/dev/null” in /etc/ipsec.conf. Then no /var/log/pluto.log any more.
But /var/log/secure is still increasing. Does anybody know how to disable it also ?
Thanks
Subject: Re: [Swan] How to let pluto write little log ? We have 312 IPSec connections
To: earthlovepython at outlook.com; swan at lists.libreswan.org
From: nick at howitts.co.uk
Date: Wed, 23 Dec 2015 09:30:45 +0000
That seems excessive. I am getting about 70kB/d/conn for a LAN-LAN
connection with key lives of 1h and 8h. What do you have in "conn
setup" in ipsec.conf?
As a secondary question, does your system use rsyslog?
Nick
On 22/12/2015 22:46, ChenHao wrote:
We have 312 IPSec connections. Unfortunately, pluto write about
45G data every day.
Is there any
parameter to disable the writing? I have cleared all debug
option from /etc/sysconfig/pluto ?
Thanks
[root at pa6 log]# df -h
Filesystem
Size Used Avail Use% Mounted on
/dev/mapper/vg_-vg_root 30G
1.8G 27G 7% /
devtmpfs
32G 0 32G 0% /dev
tmpfs
32G 54M 32G 1% /dev/shm
tmpfs
32G 3.2G 29G 10% /run
tmpfs
32G
0 32G 0% /sys/fs/cgroup
/dev/mapper/vg_-vg_home 9.8G 2.2G
7.1G 24% /home
/dev/sda1
477M 82M 366M 19% /boot
/dev/mapper/vg_-vg_temp 2.0G 6.1M
1.8G 1% /tmp
/dev/sda2
500M 0 500M 0% /boot/efi
/dev/mapper/vg_-vg_var
113G
68G 40G 64% /var
[root at pa6 log]#
[root at pa6 ~]# cd /var/log
[root at pa6 log]# ls -ltr secure*
-rw------- 1 root root 2159190212 Dec 20
04:15
secure-20151220.gz
-rw-------
1 root root 21283501386 Dec 22 11:51 secure
[root at pa6 log]# ls -lh secure
-rw-------
1 root root 20G Dec 22 11:52 secure
[root at pa6 log]# ls -ltr pluto*
-rw-r--r-- 1 root
root 1129 Dec 16 17:09
pluto.log-20151216.gz
-rw-r--r-- 1 root
root 1129 Dec 17 03:28
pluto.log-20151217.gz
-rw-r--r-- 1 root root 4447840 Dec
18 03:32 pluto.log-20151218.gz
-rw-r--r-- 1 root root 648411592 Dec 19
03:28
pluto.log-20151219.gz
-rw-r--r-- 1 root
root 0 Dec 21 03:16
pluto.log-20151220.gz
-rw-r--r--
1 root root 47953328593 Dec 22 03:46 pluto.log-20151222
-rw-r--r--
1 root root 47955774844 Dec 22 11:52 pluto.log
pluto:
total 4
drwx------ 2 root root 4096 Dec 16 07:53
peer
[root at pa6 log]# ls -lh pluto.log-20151222
-rw-r--r--
1 root root 45G Dec 22 03:46 pluto.log-20151222
_______________________________________________
Swan mailing list
Swan at lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20151223/313c5b96/attachment.html>
More information about the Swan
mailing list