Does StrongSwan or Ubuntu itself log traffic info?

Posted September 13, 2021 48 views
UbuntuSecurityVPNLoggingUbuntu 20.04

Does StrongSwan or Ubuntu itself log traffic info?

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
1 answer

Hi @CuriousUser,

By default, the IKE daemon charon logs via syslog(3) using the LOGAUTHPRIV (only messages on log level 0) and LOGDAEMON (all log levels) facilities. The default log level for all subsystems is 1.

Where the log messages eventually end up depends on how syslog is configured on your system. Common places are /var/log/daemon, /var/log/syslog, or /var/log/messages.

Unlike charon, charon-systemd logs to the systemd journal and not syslog, by default. The log levels are configurable in a separate section in strongswan.conf, which is not described here.

Levels and Subsystems/Groups
The IKE daemon knows different numerical levels of logging, ranging from -1 to 4:

-1: Absolutely silent
0: Very basic auditing logs, (e.g. SA up/SA down)
1: Generic control flow with errors, a good default to see whats going on
2: More detailed debugging control flow
3: Including RAW data dumps in hex
4: Also include sensitive material in dumps, e.g. keys
Each logging message also has a source from which subsystem in the daemon the log came from:

app: applications other than daemons
asn: Low-level encoding/decoding (ASN.1, X.509 etc.)
cfg: Configuration management and plugins
dmn: Main daemon setup/cleanup/signal handling
enc: Packet encoding/decoding encryption/decryption operations
esp: libipsec library messages
ike: IKE
imc: Integrity Measurement Collector
imv: Integrity Measurement Verifier
job: Jobs queuing/processing and thread pool management
knl: IPsec/Networking kernel interface
lib: libstrongswan library messages
mgr: IKESA manager, handling synchronization for IKESA access
net: IKE network communication
pts: Platform Trust Service
tls: libtls library messages
tnc: Trusted Network Connect

You can read more about it here:

Hope this helps!