Dear maintainer,
as promised, please find attached the strongswan ignore file that I
concocted for my own use. It works for me, but it will most certainly need
some "massaging" to make it more general.
Also, it is rather inelegant: probably due to the way systemd works, all
charon messages to syslog get echoed verbatim also from ipsec, so they
appear twice and both must be caught by the ignore regexp. Therefore, due to
laziness, I made a copy of all charon regexps and substituted "charon:" with
ipsec[[[:digit:]]+]:
Of course, a better alternative would be to build a common regexp which
allows for both, but I am no regexp wizard and did not have the time to go
through the docs to find out how to do it more elegantly.
I hope it can be useful.
Bye
Giacomo
--
_________________________________________________________________
Giacomo Mulas <gmu...@oa-cagliari.inaf.it>
_________________________________________________________________
INAF - Osservatorio Astronomico di Cagliari
via della scienza 5 - 09047 Selargius (CA)
tel. +39 070 71180244
mob. : +39 329 6603810
_________________________________________________________________
"When the storms are raging around you, stay right where you are"
(Freddy Mercury)
_________________________________________________________________
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[CFG\]
certificate status is not available
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[CFG\] checking
certificate status of
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[CFG\] looking
for peer configs matching
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[CFG\] reached
self-signed root ca with a path length of
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[CFG\] selected
peer config
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[CFG\] using
trusted ca certificate
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[CFG\] using
trusted certificate
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[ENC\] generating
IKE_AUTH response
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[ENC\] generating
IKE_AUTH request
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[ENC\] parsed
IKE_AUTH request
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[ENC\] parsed
IKE_AUTH response
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[ENC\] generating
IKE_SA_INIT response
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[ENC\] generating
IKE_SA_INIT request
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[ENC\] parsed
IKE_SA_INIT request
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[ENC\] parsed
IKE_SA_INIT response
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[ENC\] generating
INFORMATIONAL response
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[ENC\] generating
INFORMATIONAL request
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[ENC\] generating
CREATE_CHILD_SA request
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[ENC\] generating
CREATE_CHILD_SA response
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[ENC\] parsed
INFORMATIONAL response
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[ENC\] parsed
CREATE_CHILD_SA response
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[ENC\] parsed
CREATE_CHILD_SA request
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[ENC\] parsed
INFORMATIONAL request
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[IKE\]
authentication of .* with RSA signature successful
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[IKE\] CHILD_SA
.* established with SPIs
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[IKE\] IKE_SA .*
established between
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[IKE\] maximum
IKE_SA lifetime
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[IKE\] peer
supports MOBIKE
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[IKE\] sending
cert request for
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[IKE\] received
cert request for
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[IKE\] received
end entity cert
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[IKE\] scheduling
reauthentication in
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[IKE\] sending
end entity cert
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[IKE\] deleting
IKE_SA
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[IKE\] IKE_SA
deleted
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[IKE\] received
DELETE for IKE_SA
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[IKE\]
establishing CHILD_SA
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[IKE\] closing
CHILD_SA
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[IKE\] sending
DELETE for ESP CHILD_SA with SPI
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[IKE\] .* is
initiating an IKE_SA
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[IKE\] CHILD_SA
closed
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[IKE\] received
DELETE for ESP CHILD_SA with SPI
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[IKE\] received
AUTH_LIFETIME of
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[IKE\] initiating
IKE_SA
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[IKE\] restarting
CHILD_SA
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[IKE\]
reauthenticating IKE_SA
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[IKE\] sending
DELETE for IKE_SA
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[KNL\] creating
rekey job for ESP CHILD_SA with SPI
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[NET\] received
packet:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ charon: [[:digit:]]+\[NET\] sending
packet:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]:
[[:digit:]]+\[CFG\] certificate status is not available
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]:
[[:digit:]]+\[CFG\] checking certificate status of
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]:
[[:digit:]]+\[CFG\] looking for peer configs matching
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]:
[[:digit:]]+\[CFG\] reached self-signed root ca with a path length of
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]:
[[:digit:]]+\[CFG\] selected peer config
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]:
[[:digit:]]+\[CFG\] using trusted ca certificate
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]:
[[:digit:]]+\[CFG\] using trusted certificate
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]:
[[:digit:]]+\[ENC\] generating IKE_AUTH response
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]:
[[:digit:]]+\[ENC\] generating IKE_AUTH request
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]:
[[:digit:]]+\[ENC\] parsed IKE_AUTH response
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]:
[[:digit:]]+\[ENC\] parsed IKE_AUTH request
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]:
[[:digit:]]+\[ENC\] generating IKE_SA_INIT response
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]:
[[:digit:]]+\[ENC\] generating IKE_SA_INIT request
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]:
[[:digit:]]+\[ENC\] parsed IKE_SA_INIT request
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]:
[[:digit:]]+\[ENC\] parsed IKE_SA_INIT response
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]:
[[:digit:]]+\[ENC\] generating INFORMATIONAL response
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]:
[[:digit:]]+\[ENC\] generating INFORMATIONAL request
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]:
[[:digit:]]+\[ENC\] generating CREATE_CHILD_SA request
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]:
[[:digit:]]+\[ENC\] generating CREATE_CHILD_SA response
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]:
[[:digit:]]+\[ENC\] parsed INFORMATIONAL response
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]:
[[:digit:]]+\[ENC\] parsed CREATE_CHILD_SA request
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]:
[[:digit:]]+\[ENC\] parsed CREATE_CHILD_SA response
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]:
[[:digit:]]+\[ENC\] parsed INFORMATIONAL request
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]:
[[:digit:]]+\[IKE\] authentication of .* with RSA signature successful
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]:
[[:digit:]]+\[IKE\] CHILD_SA .* established with SPIs
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]:
[[:digit:]]+\[IKE\] IKE_SA .* established between
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]:
[[:digit:]]+\[IKE\] maximum IKE_SA lifetime
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]:
[[:digit:]]+\[IKE\] peer supports MOBIKE
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]:
[[:digit:]]+\[IKE\] sending cert request for
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]:
[[:digit:]]+\[IKE\] received cert request for
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]:
[[:digit:]]+\[IKE\] received end entity cert
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]:
[[:digit:]]+\[IKE\] scheduling reauthentication in
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]:
[[:digit:]]+\[IKE\] sending end entity cert
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]:
[[:digit:]]+\[IKE\] deleting IKE_SA
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]:
[[:digit:]]+\[IKE\] IKE_SA deleted
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]:
[[:digit:]]+\[IKE\] received DELETE for IKE_SA
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]:
[[:digit:]]+\[IKE\] establishing CHILD_SA
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]:
[[:digit:]]+\[IKE\] closing CHILD_SA
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]:
[[:digit:]]+\[IKE\] sending DELETE for ESP CHILD_SA with SPI
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]:
[[:digit:]]+\[IKE\] .* is initiating an IKE_SA
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]:
[[:digit:]]+\[IKE\] CHILD_SA closed
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]:
[[:digit:]]+\[IKE\] received DELETE for ESP CHILD_SA with SPI
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]:
[[:digit:]]+\[IKE\] received AUTH_LIFETIME of
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]:
[[:digit:]]+\[IKE\] initiating IKE_SA
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]:
[[:digit:]]+\[IKE\] restarting CHILD_SA
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]:
[[:digit:]]+\[IKE\] reauthenticating IKE_SA
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]:
[[:digit:]]+\[IKE\] sending DELETE for IKE_SA
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]:
[[:digit:]]+\[KNL\] creating rekey job for ESP CHILD_SA with SPI
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]:
[[:digit:]]+\[NET\] received packet:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ipsec[[[:digit:]]+]:
[[:digit:]]+\[NET\] sending packet:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ vpn: -
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ vpn: +