[Pkg-swan-devel] Bug#787156: Acknowledgement (libstrongswan: configuration file for logcheck ignores completely outdated (useless))
Giacomo Mulas
gmulas at oa-cagliari.inaf.it
Sat May 30 15:43:29 UTC 2015
Dear maintainer,
as promised, please find attached the strongswan ignore file that I
concocted for my own use. It works for me, but it will most certainly need
some "massaging" to make it more general.
Also, it is rather inelegant: probably due to the way systemd works, all
charon messages to syslog get echoed verbatim also from ipsec, so they
appear twice and both must be caught by the ignore regexp. Therefore, due to
laziness, I made a copy of all charon regexps and substituted "charon:" with
ipsec[[[:digit:]]+]:
Of course, a better alternative would be to build a common regexp which
allows for both, but I am no regexp wizard and did not have the time to go
through the docs to find out how to do it more elegantly.
I hope it can be useful.
Bye
Giacomo
--
_________________________________________________________________
Giacomo Mulas <gmulas at oa-cagliari.inaf.it>
_________________________________________________________________
INAF - Osservatorio Astronomico di Cagliari
via della scienza 5 - 09047 Selargius (CA)
tel. +39 070 71180244
mob. : +39 329 6603810
_________________________________________________________________
"When the storms are raging around you, stay right where you are"
(Freddy Mercury)
_________________________________________________________________
-------------- next part --------------
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[CFG\] certificate status is not available
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[CFG\] checking certificate status of
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[CFG\] looking for peer configs matching
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[CFG\] reached self-signed root ca with a path length of
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[CFG\] selected peer config
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[CFG\] using trusted ca certificate
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[CFG\] using trusted certificate
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[ENC\] generating IKE_AUTH response
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[ENC\] generating IKE_AUTH request
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[ENC\] parsed IKE_AUTH request
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[ENC\] parsed IKE_AUTH response
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[ENC\] generating IKE_SA_INIT response
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[ENC\] generating IKE_SA_INIT request
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[ENC\] parsed IKE_SA_INIT request
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[ENC\] parsed IKE_SA_INIT response
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[ENC\] generating INFORMATIONAL response
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[ENC\] generating INFORMATIONAL request
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[ENC\] generating CREATE_CHILD_SA request
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[ENC\] generating CREATE_CHILD_SA response
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[ENC\] parsed INFORMATIONAL response
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[ENC\] parsed CREATE_CHILD_SA response
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[ENC\] parsed CREATE_CHILD_SA request
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[ENC\] parsed INFORMATIONAL request
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[IKE\] authentication of .* with RSA signature successful
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[IKE\] CHILD_SA .* established with SPIs
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[IKE\] IKE_SA .* established between
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[IKE\] maximum IKE_SA lifetime
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[IKE\] peer supports MOBIKE
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[IKE\] sending cert request for
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[IKE\] received cert request for
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[IKE\] received end entity cert
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[IKE\] scheduling reauthentication in
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[IKE\] sending end entity cert
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[IKE\] deleting IKE_SA
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[IKE\] IKE_SA deleted
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[IKE\] received DELETE for IKE_SA
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[IKE\] establishing CHILD_SA
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[IKE\] closing CHILD_SA
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[IKE\] sending DELETE for ESP CHILD_SA with SPI
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[IKE\] .* is initiating an IKE_SA
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[IKE\] CHILD_SA closed
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[IKE\] received DELETE for ESP CHILD_SA with SPI
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[IKE\] received AUTH_LIFETIME of
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[IKE\] initiating IKE_SA
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[IKE\] restarting CHILD_SA
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[IKE\] reauthenticating IKE_SA
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[IKE\] sending DELETE for IKE_SA
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[KNL\] creating rekey job for ESP CHILD_SA with SPI
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[NET\] received packet:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[NET\] sending packet:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]: [[:digit:]]+\[CFG\] certificate status is not available
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]: [[:digit:]]+\[CFG\] checking certificate status of
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]: [[:digit:]]+\[CFG\] looking for peer configs matching
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]: [[:digit:]]+\[CFG\] reached self-signed root ca with a path length of
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]: [[:digit:]]+\[CFG\] selected peer config
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]: [[:digit:]]+\[CFG\] using trusted ca certificate
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]: [[:digit:]]+\[CFG\] using trusted certificate
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]: [[:digit:]]+\[ENC\] generating IKE_AUTH response
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]: [[:digit:]]+\[ENC\] generating IKE_AUTH request
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]: [[:digit:]]+\[ENC\] parsed IKE_AUTH response
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]: [[:digit:]]+\[ENC\] parsed IKE_AUTH request
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]: [[:digit:]]+\[ENC\] generating IKE_SA_INIT response
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]: [[:digit:]]+\[ENC\] generating IKE_SA_INIT request
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]: [[:digit:]]+\[ENC\] parsed IKE_SA_INIT request
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]: [[:digit:]]+\[ENC\] parsed IKE_SA_INIT response
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]: [[:digit:]]+\[ENC\] generating INFORMATIONAL response
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]: [[:digit:]]+\[ENC\] generating INFORMATIONAL request
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]: [[:digit:]]+\[ENC\] generating CREATE_CHILD_SA request
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]: [[:digit:]]+\[ENC\] generating CREATE_CHILD_SA response
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]: [[:digit:]]+\[ENC\] parsed INFORMATIONAL response
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]: [[:digit:]]+\[ENC\] parsed CREATE_CHILD_SA request
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]: [[:digit:]]+\[ENC\] parsed CREATE_CHILD_SA response
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]: [[:digit:]]+\[ENC\] parsed INFORMATIONAL request
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]: [[:digit:]]+\[IKE\] authentication of .* with RSA signature successful
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]: [[:digit:]]+\[IKE\] CHILD_SA .* established with SPIs
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]: [[:digit:]]+\[IKE\] IKE_SA .* established between
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]: [[:digit:]]+\[IKE\] maximum IKE_SA lifetime
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]: [[:digit:]]+\[IKE\] peer supports MOBIKE
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]: [[:digit:]]+\[IKE\] sending cert request for
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]: [[:digit:]]+\[IKE\] received cert request for
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]: [[:digit:]]+\[IKE\] received end entity cert
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]: [[:digit:]]+\[IKE\] scheduling reauthentication in
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]: [[:digit:]]+\[IKE\] sending end entity cert
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]: [[:digit:]]+\[IKE\] deleting IKE_SA
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]: [[:digit:]]+\[IKE\] IKE_SA deleted
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]: [[:digit:]]+\[IKE\] received DELETE for IKE_SA
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]: [[:digit:]]+\[IKE\] establishing CHILD_SA
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]: [[:digit:]]+\[IKE\] closing CHILD_SA
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]: [[:digit:]]+\[IKE\] sending DELETE for ESP CHILD_SA with SPI
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]: [[:digit:]]+\[IKE\] .* is initiating an IKE_SA
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]: [[:digit:]]+\[IKE\] CHILD_SA closed
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]: [[:digit:]]+\[IKE\] received DELETE for ESP CHILD_SA with SPI
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]: [[:digit:]]+\[IKE\] received AUTH_LIFETIME of
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]: [[:digit:]]+\[IKE\] initiating IKE_SA
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]: [[:digit:]]+\[IKE\] restarting CHILD_SA
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]: [[:digit:]]+\[IKE\] reauthenticating IKE_SA
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]: [[:digit:]]+\[IKE\] sending DELETE for IKE_SA
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]: [[:digit:]]+\[KNL\] creating rekey job for ESP CHILD_SA with SPI
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]: [[:digit:]]+\[NET\] received packet:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]: [[:digit:]]+\[NET\] sending packet:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ vpn: -
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ vpn: +
More information about the Pkg-swan-devel
mailing list