{"id":3636,"date":"2022-12-20T17:09:13","date_gmt":"2022-12-20T20:09:13","guid":{"rendered":"http:\/\/lode.uno\/linux-man\/index.php\/2022\/12\/20\/ipsec_barf-man8\/"},"modified":"2022-12-20T17:09:13","modified_gmt":"2022-12-20T20:09:13","slug":"ipsec_barf-man8","status":"publish","type":"post","link":"https:\/\/lode.uno\/linux-man\/2022\/12\/20\/ipsec_barf-man8\/","title":{"rendered":"IPSEC_BARF (man8)"},"content":{"rendered":"

IPSEC_BARF<\/h1>\n

NAME<\/a>
SYNOPSIS<\/a>
DESCRIPTION<\/a>
FILES<\/a>
HISTORY<\/a>
BUGS<\/a>
AUTHOR<\/a> <\/p>\n

\n

NAME <\/a> <\/h2>\n

ipsec_barf \u2212 spew out collected IPsec debugging information<\/p>\n

SYNOPSIS <\/a> <\/h2>\n\n\n
<\/td>\n\n

ipsec<\/b> barf<\/i> [\u2212\u2212short]<\/p>\n<\/td>\n

 <\/td>\n<\/tr>\n<\/table>\n

DESCRIPTION <\/a> <\/h2>\n

Barf<\/i> outputs (on standard output) a collection of debugging information (contents of files, selections from logs, etc.) related to the IPsec encryption\/authentication system. It is primarily a convenience for remote debugging, a single command that packages up (and labels) all information that might be relevant to diagnosing a problem in IPsec.<\/p>\n

The \u2212\u2212short<\/b> option limits the length of the log portion of barf<\/i>‘s output, which can otherwise be extremely voluminous if debug logging is turned on.<\/p>\n

On systems with systemd, ipsec barf will look for logs using the journalctl command. If the logfile= option is used, logs will also not be found by the ipsec barf command.<\/p>\n

Barf<\/i> censors its output, replacing keys and secrets with brief checksums to avoid revealing sensitive information.<\/p>\n

Beware that the output of both commands is aimed at humans, not programs, and the output format is subject to change without warning.<\/p>\n

Barf<\/i> has to figure out which files in \/var\/log contain the IPsec log messages. It looks for general log messages first in messages<\/i> and syslog<\/i>, and for Pluto messages first in secure<\/i>, auth.log<\/i>, and debug<\/i>. In both cases, if it does not find what it is looking for in one of those \u201clikely\u201d places, it will resort to a brute\u2212force search of most (non\u2212compressed) files in \/var\/log.<\/p>\n

FILES <\/a> <\/h2>\n

\/proc\/net\/*
\/var\/log\/boot.log \/var\/log\/boot.log.1 \/var\/log\/boot.log.2.gz \/var\/log\/btmp \/var\/log\/chrony \/var\/log\/cups \/var\/log\/dnf.librepo.log \/var\/log\/dnf.log \/var\/log\/dnf.rpm.log \/var\/log\/firebird \/var\/log\/hawkey.log \/var\/log\/hp \/var\/log\/journal \/var\/log\/lastlog \/var\/log\/lightdm \/var\/log\/mpd \/var\/log\/msec.log \/var\/log\/netprofile.log \/var\/log\/partimaged.log \/var\/log\/pluto \/var\/log\/ppp \/var\/log\/private \/var\/log\/README \/var\/log\/samba \/var\/log\/security \/var\/log\/security.log \/var\/log\/shorewall6-init.log \/var\/log\/shorewall-init.log \/var\/log\/tallylog \/var\/log\/wtmp \/var\/log\/Xorg.0.log \/var\/log\/Xorg.0.log.old
\/etc\/ipsec.conf
\/etc\/ipsec.secrets<\/p>\n

HISTORY <\/a> <\/h2>\n

Written for the Linux FreeS\/WAN project <https:\/\/www.freeswan.org<\/font><\/b>> by Henry Spencer.<\/font><\/p>\n

BUGS <\/a> <\/h2>\n

Barf<\/i> uses heuristics to try to pick relevant material out of the logs, and relevant messages that are not labelled with any of the tags that barf<\/i> looks for will be lost. We think we’ve eliminated the last such case, but one never knows…<\/font><\/p>\n

Finding updown<\/i> scripts (so they can be included in output) is, in general, difficult. Barf<\/i> uses a very simple heuristic that is easily fooled.<\/font><\/p>\n

The brute\u2212force search for the right log files can get expensive on systems with a lot of clutter in \/var\/log.<\/font><\/p>\n

AUTHOR <\/a> <\/h2>\n

Paul Wouters<\/b><\/font><\/p>\n

placeholder to suppress warning<\/font><\/p>\n

\n","protected":false},"excerpt":{"rendered":"

ipsec_barf \u2212 spew out collected IPsec debugging information <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[5,52,752,4],"class_list":["post-3636","post","type-post","status-publish","format-standard","hentry","category-8-administracion-del-sistema","tag-5","tag-administracion","tag-ipsec_barf","tag-man8"],"gutentor_comment":0,"_links":{"self":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/posts\/3636","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/comments?post=3636"}],"version-history":[{"count":0,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/posts\/3636\/revisions"}],"wp:attachment":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/media?parent=3636"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/categories?post=3636"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/tags?post=3636"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}