NAME
ipsec_barf - spew out collected IPsec debugging information
SYNOPSIS
ipsec barf [--short --maxlines <100>]
DESCRIPTION
Barf outputs (on standard output) a collection of debugging information
(contents of files, selections from logs, etc.) related to the IPsec
encryption/authentication system. It is primarily a convenience for
remote debugging, a single command which packages up (and labels) all
information that might be relevant to diagnosing a problem in IPsec.
The --short option limits the length of the log portion of barf’s
output, which can otherwise be extremely voluminous if debug logging is
turned on.
--maxlines <100> option sets the length of some bits of information,
currently netstat -rn. Useful on boxes where the routing table is
thousands of lines long. Default is 100.
Barf censors its output, replacing keys and secrets with brief
checksums to avoid revealing sensitive information.
Beware that the output of both commands is aimed at humans, not
programs, and the output format is subject to change without warning.
Barf has to figure out which files in /var/log contain the IPsec log
messages. It looks for KLIPS and general log messages first in messages
and syslog, and for Pluto messages first in secure, auth.log, and
debug. In both cases, if it does not find what it is looking for in one
of those “likely” places, it will resort to a brute-force search of
most (non-compressed) files in /var/log.
FILES
/proc/net/*
/var/log/*
/etc/ipsec.conf
/etc/ipsec.secrets
HISTORY
Written for the Linux FreeS/WAN project <http://www.freeswan.org> by
Henry Spencer.
BUGS
Barf uses heuristics to try to pick relevant material out of the logs,
and relevant messages which are not labelled with any of the tags that
barf looks for will be lost. We think we’ve eliminated the last such
case, but one never knows...
Finding updown scripts (so they can be included in output) is, in
general, difficult. Barf uses a very simple heuristic that is easily
fooled.
The brute-force search for the right log files can get expensive on
systems with a lot of clutter in /var/log.