Bug #224

Output of ipsec starter

Added by Christian Liebscher almost 10 years ago. Updated almost 10 years ago.

Target version:
Start date:
Due date:
Estimated time:
Affected version:


I'm currently trying to start ipsec from a C program, which is providing a command line interface on my embedded system.

Using a system("/sbin/ipsec start &> /tmp/ipsec.start") to start strongSwan and having configured a file logger in /etc/strongswan.conf i hoped i could redirect all output from the daemons to a file.
I figured that this would result in a silent startup, but it didn't. I guess the redirect isn't working because ipsec starter does a fork. The configured logfile is filled with everything I expected, so there seems to be no problem. But there are still a couple of messages left that appear on my CLI:

ipsec_starter[334]: Starting strongSwan 5.0.0 IPsec [starter]...
ipsec_starter[348]: listening on interfaces:
ipsec_starter[348]:   eth0
... and a couple more interfaces ...
ipsec_starter[348]: charon (349) started after 100 ms
ipsec_starter[348]: 'PSKTest' routed

My strongswan.conf looks like this:

charon {
        filelog {
                /tmp/ipsec.log {
                time_format = %b %e %T
                append = no
                default = 2
                flush_line = yes

So currently there seems to be no way to silence strongSwan completely, or did I miss something?
In short, I need strongSwan to log everything to a file and not to put anything to stdout or stderr...

You can try this yourself, just by executing "ipsec start &> /tmp/ipsec.start" on your shell. This behaves exactly like calling it with system() from a program written in C. Note that /tmp/ipsec.start isn't empty, I guess this is the output before the fork...

Thanks in advance
PS: I know this seems not very important. But with "a couple more interfaces" I mean about 200 in my case. So this is really annoying...

Associated revisions

Revision dc80ef0c (diff)
Added by Tobias Brunner almost 10 years ago

starter: Added --nolog option to suppress logging in starter itself

Fixes #224.


#1 Updated by Tobias Brunner almost 10 years ago

  • Status changed from New to Feedback
  • Assignee set to Tobias Brunner
  • Target version set to 5.0.1

This list of detected interfaces was printed by starter because it loaded the kernel-netlink plugin. I recently changed this, so that starter will not load that plugin when it is started. Actually, I also increased the debug level for these messages to 2 so starter will normally not print them (unless started with --debug...) and charon will only do so if the debug level for the knl log group is at least 2.

Also note that charon.filelog, well, only affects charon. Starter currently logs to stderr (until it forks, or if started with --nofork) and via syslog(3).

I suppose we could add a --quiet option to starter that would set the log level to 0, which would suppress the log messages without any need to redirect the output. But since this would only have an effect on starter, such an option might be confusing when used with ipsec start.

#2 Updated by Christian Liebscher almost 10 years ago

Well, I suppose a --quiet option would really be confusing. What about --quiet-starter or a starter.filelog section in strongswan.conf?

#3 Updated by Tobias Brunner almost 10 years ago

  • Status changed from Feedback to Resolved
  • Resolution set to Fixed

The associated patch adds the --nolog option (analogous to --nofork) to starter which suppresses any log messages generated by starter itself.

#4 Updated by Tobias Brunner almost 10 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF