Question

Does StrongSwan or Ubuntu itself log traffic info?

Connected Tutorial
This question is a follow-up to this tutorial:

Does StrongSwan or Ubuntu itself log traffic info?


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

Hi @CuriousUser,

By default, the IKE daemon charon logs via syslog(3) using the LOG_AUTHPRIV (only messages on log level 0) and LOG_DAEMON (all log levels) facilities. The default log level for all subsystems is 1.

Where the log messages eventually end up depends on how syslog is configured on your system. Common places are /var/log/daemon, /var/log/syslog, or /var/log/messages.

Unlike charon, charon-systemd logs to the systemd journal and not syslog, by default. The log levels are configurable in a separate section in strongswan.conf, which is not described here.

Levels and Subsystems/Groups The IKE daemon knows different numerical levels of logging, ranging from -1 to 4:

-1: Absolutely silent 0: Very basic auditing logs, (e.g. SA up/SA down) 1: Generic control flow with errors, a good default to see whats going on 2: More detailed debugging control flow 3: Including RAW data dumps in hex 4: Also include sensitive material in dumps, e.g. keys Each logging message also has a source from which subsystem in the daemon the log came from:

app: applications other than daemons asn: Low-level encoding/decoding (ASN.1, X.509 etc.) cfg: Configuration management and plugins chd: CHILD_SA/IPsec SA dmn: Main daemon setup/cleanup/signal handling enc: Packet encoding/decoding encryption/decryption operations esp: libipsec library messages ike: IKE_SA/ISAKMP SA imc: Integrity Measurement Collector imv: Integrity Measurement Verifier job: Jobs queuing/processing and thread pool management knl: IPsec/Networking kernel interface lib: libstrongswan library messages mgr: IKE_SA manager, handling synchronization for IKE_SA access net: IKE network communication pts: Platform Trust Service tls: libtls library messages tnc: Trusted Network Connect

You can read more about it here:

https://wiki.strongswan.org/projects/strongswan/wiki/LoggerConfiguration

Hope this helps!

Regards, KFSys