[Swan] How to let pluto write little log ? We have 312 IPSec connections

Tuomo Soini tis at foobar.fi
Fri Dec 25 15:03:52 UTC 2015

On Wed, 23 Dec 2015 10:39:46 -0800
ChenHao <earthlovepython at outlook.com> wrote:

> Do not use rsyslog. 
> After set "plutodebug=none" and "klipsdebug=none" in /etc/ipsec.conf,
> no significant change.   Now we set “plutostderrlog”  to “/dev/null”
> in /etc/ipsec.conf.   Then no /var/log/pluto.log any more.
> But /var/log/secure is still increasing. Does anybody know how to
> disable it also ? Thanks 

Please, inform us what did you have for plutodebug= setting before.

Anything but plutodebug=none (the default) increases logging a lot -
How did you measure the amount of logging generated?

Design of whole pluto is that plutodebug and klipsdebug should
always be none for non-developers. Everything necessary to solve
configuration issues are non-debug so normal logging is enough to find
out configuration mismatches.

Ff you use non-syslog method for logging you must make sure you
do log rotation by yourself, normally syslog handles log rotate which
doesn't happen on direct logging so log grows up without limit...

Tuomo Soini <tis at foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <http://foobar.fi/>

More information about the Swan mailing list