Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSEC Logging

    Scheduled Pinned Locked Moved IPsec
    2 Posts 1 Posters 9.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      peterclark4
      last edited by

      I've managed to get the IPSEC logs on 2.2.4 to look similar to the logs in 2.1.5 by setting the following in Advanced settings:

      SA Manager - Control
      IKE SA - Control
      IKE Child SA - Control
      Job Processing - Control

      All the rest I leave as silent. Click Save and there is no need to re-start the IPSEC service.

      This duplicates each log entry but gets rid of all of the DPD traffic being logged.

      My main problem is that the settings don't persist a re-boot. I gather that this is because it it putting IPSEC in debug mode, so after a re-boot you have to go back to VPN > IPSEC > Advanced Settings and click Save for the logging to follow the settings on screen. Is there anyway to set the default logging options so that you don't have to start IPSEC in Debug mode?

      Also is there any way to remove the duplicate log entries?

      Regards

      Peter

      PS: I really miss the [P1 Description] near the beginning of each line!  :'(

      1 Reply Last reply Reply Quote 0
      • P
        peterclark4
        last edited by

        I've now upgraded to 2.2.5 and the IPSEC logging seems to work slightly differently.

        To stop all of the DPD traffic logging I've had to set the following Logging Levels in IPSEC Advanced settings to Audit from the default of Control:

        IPSEC SA
        Networking
        Message Encoding

        Also, the settings are now preserved between re-boots.

        Is there anyway to get the IPSEC logging to show [P1 Description] (like pre 2.2) as this would make reading the log a lot easier?

        Regards

        Peter

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.