[Swan] How to let pluto write little log ? We have 312 IPSec connections

Paul Wouters paul at nohats.ca
Wed Dec 23 20:09:00 UTC 2015


That's really strange. 

Can you show a snippet of log entries that happen a lot?

Sent from my iPhone

> On Dec 23, 2015, at 13:39, ChenHao <earthlovepython at outlook.com> wrote:
> 
> Do not use rsyslog. 
> 
> After set "plutodebug=none" and "klipsdebug=none" in /etc/ipsec.conf, no significant change.   Now we set “plutostderrlog”  to “/dev/null” in /etc/ipsec.conf.   Then no /var/log/pluto.log any more.
> 
> But /var/log/secure is still increasing. Does anybody know how to disable it also ?
> 
> Thanks 
> 
> 
> Subject: Re: [Swan] How to let pluto write little log ? We have 312 IPSec connections
> To: earthlovepython at outlook.com; swan at lists.libreswan.org
> From: nick at howitts.co.uk
> Date: Wed, 23 Dec 2015 09:30:45 +0000
> 
> That seems excessive. I am getting about 70kB/d/conn for a LAN-LAN connection with key lives of 1h and 8h. What do you have in "conn setup" in ipsec.conf?
> 
> As a secondary question, does your system use rsyslog?
> 
> Nick
> 
> On 22/12/2015 22:46, ChenHao wrote:
> We have 312 IPSec connections. Unfortunately, pluto write about 45G data every day.
> 
> 
> 
> Is there any parameter to disable the writing? I have cleared all debug option from /etc/sysconfig/pluto ?
> 
> 
> Thanks
> 
> 
> [root at pa6 log]# df -h
> 
> Filesystem                     Size  Used Avail Use% Mounted on
> 
> /dev/mapper/vg_-vg_root   30G  1.8G   27G   7% /
> 
> devtmpfs                        32G     0   32G   0% /dev
> 
> tmpfs                           32G   54M   32G   1% /dev/shm
> 
> tmpfs                           32G  3.2G   29G  10% /run
> 
> tmpfs                           32G     0   32G   0% /sys/fs/cgroup
> 
> /dev/mapper/vg_-vg_home  9.8G  2.2G  7.1G  24% /home
> 
> /dev/sda1                      477M   82M  366M  19% /boot
> 
> /dev/mapper/vg_-vg_temp  2.0G  6.1M  1.8G   1% /tmp
> 
> /dev/sda2                      500M     0  500M   0% /boot/efi
> 
> /dev/mapper/vg_-vg_var   113G   68G   40G  64% /var
> 
> [root at pa6 log]#
> 
>  
> 
>  
> 
> [root at pa6 ~]# cd /var/log
> 
> [root at pa6 log]# ls -ltr secure*
> 
> -rw------- 1 root root  2159190212 Dec 20 04:15 secure-20151220.gz
> 
> -rw------- 1 root root 21283501386 Dec 22 11:51 secure
> 
> [root at pa6 log]# ls -lh secure
> 
> -rw------- 1 root root 20G Dec 22 11:52 secure
> 
> [root at pa6 log]# ls -ltr pluto*
> 
> -rw-r--r-- 1 root root        1129 Dec 16 17:09 pluto.log-20151216.gz
> 
> -rw-r--r-- 1 root root        1129 Dec 17 03:28 pluto.log-20151217.gz
> 
> -rw-r--r-- 1 root root     4447840 Dec 18 03:32 pluto.log-20151218.gz
> 
> -rw-r--r-- 1 root root   648411592 Dec 19 03:28 pluto.log-20151219.gz
> 
> -rw-r--r-- 1 root root           0 Dec 21 03:16 pluto.log-20151220.gz
> 
> -rw-r--r-- 1 root root 47953328593 Dec 22 03:46 pluto.log-20151222
> 
> -rw-r--r-- 1 root root 47955774844 Dec 22 11:52 pluto.log
> 
>  
> 
> pluto:
> 
> total 4
> 
> drwx------ 2 root root 4096 Dec 16 07:53 peer
> 
> [root at pa6 log]# ls -lh pluto.log-20151222
> 
> -rw-r--r-- 1 root root 45G Dec 22 03:46 pluto.log-20151222
> 
> 
> 
> 
> 
> 
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
> 
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20151223/bf198625/attachment-0001.html>


More information about the Swan mailing list