On Tue, 10 Dec 2019, Andrew Cagney wrote:
On Tue, 10 Dec 2019 at 16:51, Paul Wouters <[email protected]> wrote:
On Mon, 2 Dec 2019, Andrew Cagney wrote:
Subject: [Swan-dev] why are IKE SA initiator OE logs suppressed?
For instance, in ikev2_parent_outI1()?
I can understand the rationale behind suppressing the responder, but
not the initiator - should I do something to trigger an OE connection
from my local machine I'd like to know about it.
If you have 10000+ connections, it causes a LOT of logs. We tried to
minimize it for OE.
Like I said, I can understand that for the IKE SA responder. But for
the IKE SA initiator that is just trying to establish an SA is that
really true?
In a large mesh network, yes? These are all one-to-one connections, and
not many clients to one server connections.
The idea for OE logging was that per default, we try to only log a
single success/failure message and if one is tracking an issue, to
have to enable debuglog specifically. Whether that is still the best
option or not in a world with systemd and logging and rate limits,
I'm not entirely sure.
Paul
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
