On 31/03/2025 13:06, Bo Berglund wrote:
>
> Now I have looked around in searches and found that apparently my server and
> serverlocal services are controlled by systemd using this common file for the
> services:
>
> /usr/lib/systemd/system/openvpn-server@.service
>
> And on my new system that file contains this:
>
> ExecStart=/usr/sbin/openvpn --status %t/openvpn-server/status-%i.log
> --status-version 2 --suppress-timestamps --config %i.conf
>
> Notice the --suppress-timestamps item, which I belive is what removes the
> timestamp output.
Since I was involved back in the days introducing the systemd unit
files, I can't let this pass ;)
First, yes - --supress-timestamps is needed otherwise the default
logging (not using files) will have timestamps doubled up. One from the
syslog (or journald) when receiving the log event and the second one in
the log event line from the OpenVPN process.
Secondly, I would generally strongly recommend AGAINST using the --log
option when having a syslog service or journald running on the system.
If OpenVPN gets under heavy load and need to do lots of logging, that
will impact the performance - since it will need to also do the file
operations to write log entries to the disk. By letting OpenVPN using
the syslog API instead - it's the responsibility of the logging service
to handle everything related to storing to data properly disk.
Other advantages using the syslog API is that the syslog/journald
service handles log rotation on its own. With rsyslog, syslog-ng (and
many others) you can also filter out openvpn log entries into a
dedicated log file, if you want that.
Since you use the systemd service files, you have journald enabled by
default today. That does a very good job at ensuring the disk isn't
filled up with log data. OpenVPN with --log can fill up the disks if
nobody pays attention to the disk consumption. And the journalctl
command is a powerful tool to extract all the details you would want.
Just a very quick example:
# journalctl --since yesterday \
--until today \
-u openvpn-server@vpn0.service \
-g "Control Channel:"
The --since and --until lines will extract only log events which
happened yesterday. The -u is the systemd unit file to extract log
files from. This only works when you don't have --log in the OpenVPN
config. And the -g is "grep", so it extracts only log lines containing
"Control Channel:". That also supports regex for more advanced filtering.
You can also add additional filtering on meta data not listed in the
"normal" view. By adding -o json-pretty, you can get an idea of what
might be availabe. So for example, if you want to look at the log
entries for a specific PID ... journalctl _PID=12345. To add more
filters, you use the + sign.
Other options I also commonly use are -f and -b. With -b you can give
-1 to get log entries happening from the previous boot. -2 gives you
the boot before that again. --list-boots will list all available boots
in the journal.
The systemd-journal stores a lot more information about processes than
the normal syslog and can also keep the log data compressed on disk,
providing mechanisms to detect external log mangling, etc ... it is
generally the recommended way.
By default on most distributions today, you need to manually create the
/var/log/journal directory to enable persistent logging - or set
Storage=persistent in /etc/systemd/journald.conf. Without this, the
logging happens only in memory and is wiped across boots.
So I strongly recommend you to use the systemd-journal. It will give
you access to all the log entries you're looking for incredibly quickly.
And it's a tool you have available out-of-the-box.
--
kind regards,
David Sommerseth
OpenVPN Inc
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
