[Swan] How to let pluto write little log ? We have 312 IPSec connections
Paul Wouters
paul at nohats.ca
Wed Dec 23 20:09:00 UTC 2015
That's really strange.
Can you show a snippet of log entries that happen a lot?
Sent from my iPhone
> On Dec 23, 2015, at 13:39, ChenHao <earthlovepython at outlook.com> wrote:
>
> Do not use rsyslog.
>
> After set "plutodebug=none" and "klipsdebug=none" in /etc/ipsec.conf, no significant change. Now we set “plutostderrlog” to “/dev/null” in /etc/ipsec.conf. Then no /var/log/pluto.log any more.
>
> But /var/log/secure is still increasing. Does anybody know how to disable it also ?
>
> Thanks
>
>
> Subject: Re: [Swan] How to let pluto write little log ? We have 312 IPSec connections
> To: earthlovepython at outlook.com; swan at lists.libreswan.org
> From: nick at howitts.co.uk
> Date: Wed, 23 Dec 2015 09:30:45 +0000
>
> That seems excessive. I am getting about 70kB/d/conn for a LAN-LAN connection with key lives of 1h and 8h. What do you have in "conn setup" in ipsec.conf?
>
> As a secondary question, does your system use rsyslog?
>
> Nick
>
> On 22/12/2015 22:46, ChenHao wrote:
> We have 312 IPSec connections. Unfortunately, pluto write about 45G data every day.
>
>
>
> Is there any parameter to disable the writing? I have cleared all debug option from /etc/sysconfig/pluto ?
>
>
> Thanks
>
>
> [root at pa6 log]# df -h
>
> Filesystem Size Used Avail Use% Mounted on
>
> /dev/mapper/vg_-vg_root 30G 1.8G 27G 7% /
>
> devtmpfs 32G 0 32G 0% /dev
>
> tmpfs 32G 54M 32G 1% /dev/shm
>
> tmpfs 32G 3.2G 29G 10% /run
>
> tmpfs 32G 0 32G 0% /sys/fs/cgroup
>
> /dev/mapper/vg_-vg_home 9.8G 2.2G 7.1G 24% /home
>
> /dev/sda1 477M 82M 366M 19% /boot
>
> /dev/mapper/vg_-vg_temp 2.0G 6.1M 1.8G 1% /tmp
>
> /dev/sda2 500M 0 500M 0% /boot/efi
>
> /dev/mapper/vg_-vg_var 113G 68G 40G 64% /var
>
> [root at pa6 log]#
>
>
>
>
>
> [root at pa6 ~]# cd /var/log
>
> [root at pa6 log]# ls -ltr secure*
>
> -rw------- 1 root root 2159190212 Dec 20 04:15 secure-20151220.gz
>
> -rw------- 1 root root 21283501386 Dec 22 11:51 secure
>
> [root at pa6 log]# ls -lh secure
>
> -rw------- 1 root root 20G Dec 22 11:52 secure
>
> [root at pa6 log]# ls -ltr pluto*
>
> -rw-r--r-- 1 root root 1129 Dec 16 17:09 pluto.log-20151216.gz
>
> -rw-r--r-- 1 root root 1129 Dec 17 03:28 pluto.log-20151217.gz
>
> -rw-r--r-- 1 root root 4447840 Dec 18 03:32 pluto.log-20151218.gz
>
> -rw-r--r-- 1 root root 648411592 Dec 19 03:28 pluto.log-20151219.gz
>
> -rw-r--r-- 1 root root 0 Dec 21 03:16 pluto.log-20151220.gz
>
> -rw-r--r-- 1 root root 47953328593 Dec 22 03:46 pluto.log-20151222
>
> -rw-r--r-- 1 root root 47955774844 Dec 22 11:52 pluto.log
>
>
>
> pluto:
>
> total 4
>
> drwx------ 2 root root 4096 Dec 16 07:53 peer
>
> [root at pa6 log]# ls -lh pluto.log-20151222
>
> -rw-r--r-- 1 root root 45G Dec 22 03:46 pluto.log-20151222
>
>
>
>
>
>
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
>
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20151223/bf198625/attachment-0001.html>
More information about the Swan
mailing list