Re: [strongSwan] Duplicate log entries using default configuration
Thanks for this.
I suspect I might have been unclear. The systemd service I'm using is the
one installed by the EPEL package is the traditional charon called using
/usr/libexec/strongswan/starter, not the newer charon-systemd variant.
The service file for this is:
[Unit]
Description=strongSwan IPsec IKEv1/IKEv2 daemon using ipsec.conf
After=syslog.target
[Service]
ExecStart=/usr/sbin/strongswan start --nofork
StandardOutput=syslog
[Install]
WantedBy=multi-user.target
What is the purpose of StandardOutput=syslog in this unit file? This
version of charon does do its own logging to syslog (which is also stored
in the journal when using systemd). But having StandardOutput=syslog in the
unit file is causing the duplicate log entries (one written directly to
syslog, the other written to stdout and then copied to syslog by systemd).
I think it would be helpful to change this to StandardOutput=null to avoid
these duplicate log entries in the default installed configuration.
Using charon-systemd would be a better long-term solution, I'd just rather
use the EPEL package than build my own package that uses charon-systemd and
keep it up to date with security fixes etc.
Thanks again,
James Birkett
On 13 October 2016 at 00:29, Andreas Steffen wrote:
> Hi James,
>
> yes, with systemd and journalctl active you have to remove the
> syslog daemon section from strongswan.conf. If you want to change
> the defaults of the systemd logging you can do this in a charon.journal
> section in strongswan.conf. And I personally prefer an additional
> level 0 output going to auth.log. Here is an example of mine:
>
> charon-systemd {
> journal {
> default = 1
> tnc = 2
> imv = 2
> pts = 2
> }
> syslog {
> auth {
> default = 0
> }
> }
> }
>
> Best regards
>
> Andreas
>
>
> On 12.10.2016 08:48, James Birkett wrote:
>
>> Out of the box I seem to get every log message from strongswan
>> duplicated, once logged by "charon", then again by "strongswan" after a
>> delay, e.g.
>>
>> Oct 10 12:26:32 sapphire charon: 05[ENC] generating INFORMATIONAL_V1
>> request 1411728704 [ HASH N(DPD) ]
>>
>> followed later by:
>>
>> Oct 10 12:29:32 sapphire strongswan[19104]: 05[ENC] generating
>> INFORMATIONAL_V1 request 1411728704 [ HASH N(DPD) ]
>>
>> I believe this is because the systemd unit file (strongswan.service) has
>> the line:
>> StandardOutput=syslog, causing systemd to relay everything to syslog,
>> but the default /etc/strongswan/strongswan.d/charon-logging.conf also
>> has a syslog section so charon logs directly to syslog itself as well.
>>
>> I suspect the delay between the two copies of the log entries may be
>> related to buffering on standard out, since the logs from "strongswan"
>> always appear in batches with the same timestamp, but I'm not sure.
>>
>> In my case I'm using strongswan-5.4.0 on Centos 7 from EPEL
>> http://koji.fedoraproject.org/koji/buildinfo?buildID=774748 but I have
>> checked the strongswan 5.5 tarball and it appears the systemd unit file
>> and charon-logging.conf are unchanged.
>>
>> I'm not really sure if this is a bug or something specific to my syslog
>> configuration, but given that charon is logging to syslog itself in the
>> default configuration, would it make more sense to set "StandardOutput =
>> null" from the unit file instead? I have made this change on my own
>> system and it appears to have the desired result.
>>
>> Thanks,
>>
>> James Birkett
>>
>>
>>
>> Scanned by CyberHound
Re: [strongSwan] Duplicate log entries using default configuration
Hi James,
yes, with systemd and journalctl active you have to remove the
syslog daemon section from strongswan.conf. If you want to change
the defaults of the systemd logging you can do this in a charon.journal
section in strongswan.conf. And I personally prefer an additional
level 0 output going to auth.log. Here is an example of mine:
charon-systemd {
journal {
default = 1
tnc = 2
imv = 2
pts = 2
}
syslog {
auth {
default = 0
}
}
}
Best regards
Andreas
On 12.10.2016 08:48, James Birkett wrote:
Out of the box I seem to get every log message from strongswan
duplicated, once logged by "charon", then again by "strongswan" after a
delay, e.g.
Oct 10 12:26:32 sapphire charon: 05[ENC] generating INFORMATIONAL_V1
request 1411728704 [ HASH N(DPD) ]
followed later by:
Oct 10 12:29:32 sapphire strongswan[19104]: 05[ENC] generating
INFORMATIONAL_V1 request 1411728704 [ HASH N(DPD) ]
I believe this is because the systemd unit file (strongswan.service) has
the line:
StandardOutput=syslog, causing systemd to relay everything to syslog,
but the default /etc/strongswan/strongswan.d/charon-logging.conf also
has a syslog section so charon logs directly to syslog itself as well.
I suspect the delay between the two copies of the log entries may be
related to buffering on standard out, since the logs from "strongswan"
always appear in batches with the same timestamp, but I'm not sure.
In my case I'm using strongswan-5.4.0 on Centos 7 from EPEL
http://koji.fedoraproject.org/koji/buildinfo?buildID=774748 but I have
checked the strongswan 5.5 tarball and it appears the systemd unit file
and charon-logging.conf are unchanged.
I'm not really sure if this is a bug or something specific to my syslog
configuration, but given that charon is logging to syslog itself in the
default configuration, would it make more sense to set "StandardOutput =
null" from the unit file instead? I have made this change on my own
system and it appears to have the desired result.
Thanks,
James Birkett
Scanned by CyberHound
[strongSwan] Duplicate log entries using default configuration
Out of the box I seem to get every log message from strongswan duplicated, once logged by "charon", then again by "strongswan" after a delay, e.g. Oct 10 12:26:32 sapphire charon: 05[ENC] generating INFORMATIONAL_V1 request 1411728704 [ HASH N(DPD) ] followed later by: Oct 10 12:29:32 sapphire strongswan[19104]: 05[ENC] generating INFORMATIONAL_V1 request 1411728704 [ HASH N(DPD) ] I believe this is because the systemd unit file (strongswan.service) has the line: StandardOutput=syslog, causing systemd to relay everything to syslog, but the default /etc/strongswan/strongswan.d/charon-logging.conf also has a syslog section so charon logs directly to syslog itself as well. I suspect the delay between the two copies of the log entries may be related to buffering on standard out, since the logs from "strongswan" always appear in batches with the same timestamp, but I'm not sure. In my case I'm using strongswan-5.4.0 on Centos 7 from EPEL http://koji.fedoraproject.org/koji/buildinfo?buildID=774748 but I have checked the strongswan 5.5 tarball and it appears the systemd unit file and charon-logging.conf are unchanged. I'm not really sure if this is a bug or something specific to my syslog configuration, but given that charon is logging to syslog itself in the default configuration, would it make more sense to set "StandardOutput = null" from the unit file instead? I have made this change on my own system and it appears to have the desired result. Thanks, James Birkett Scanned by CyberHound (http://cyberhound.com/) Confidentiality Notice: This email, including any attachments, is confidential and may be privileged. If you are not the intended recipient please notify the sender immediately and delete it. You should not copy it or use it for any purpose or disclose its contents to any other person without CyberHound's prior written permission. CyberHound Pty Ltd reserves the right to monitor all email communications passing through its networks and devices. ___ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users
