Project

General

Profile

Issue #1447

how to enable all logs in swanctl

Added by Rahul surya over 9 years ago. Updated over 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Tobias Brunner
Category:
configuration
Affected version:
5.4.0
Resolution:
No change required

Description

swanctl -i --child home and swanctl --log and /var/log/syslog are showing same .i want more logs like complete certificate key client is sending,payload lengths etc.like that not only loaded particular certificate key.

is there any option to show complete logs??

History

#1 Updated by Tobias Brunner over 9 years ago

  • Category set to configuration
  • Status changed from New to Closed
  • Assignee set to Tobias Brunner
  • Priority changed from Immediate to Normal
  • Resolution set to No change required

#2 Updated by Rahul surya over 9 years ago

Tobias Brunner wrote:

LoggerConfiguration

I am asking on swanctl not on strongswan...

#3 Updated by Tobias Brunner over 9 years ago

LoggerConfiguration

I am asking on swanctl not on strongswan...

You mean without changing the log level in general? Then pass the -l/--loglevel option to the swanctl commands that support it (--log is not one of them as that currently follows the log on level 1 only).

#4 Updated by Rahul surya over 9 years ago

if i means to establih tunnel i am using command swanctl -i --child home

so see logs we need to make command swanctl -l -i --child home??

#5 Updated by Tobias Brunner over 9 years ago

so see logs we need to make command swanctl -l -i --child home??

You have to pass the log level you want e.g. -l 2.

#6 Updated by Rahul surya over 9 years ago

i have doubt sir,
i made dpd_delay=20 in swanctl.conf

it is sending dpd request of informational message [] without any payload...

and log thing is working fine.

#7 Updated by Tobias Brunner over 9 years ago

it is sending dpd request of informational message [] without any payload...

Yes, empty INFORMATIONAL exchanges are used for DPD in IKEv2.

#8 Updated by Rahul surya over 9 years ago

so how we can modify as dpd send r_u_there mentioned in rfc

#9 Updated by Rahul surya over 9 years ago

Rahul surya wrote:

so how we can modify as dpd send r_u_there mentioned in rfc

and when tunnel is deletd dpd is not showing any informational message that tunnel is deleted..

#10 Updated by Tobias Brunner over 9 years ago

so how we can modify as dpd send r_u_there mentioned in rfc

There are no such notifies in IKEv2 (RFC 7296). They are not required as every exchange requires a response, unlike with IKEv1 where INFORMATIONAL messages were unidirectional.

and when tunnel is deletd dpd is not showing any informational message that tunnel is deleted..

I don't understand what you mean.