I have made some empirical investigation for two systems; setting up
one IPv4 esp-ah-transport and one IPv6 ah-transport, all using RSA
signatures. One machine is left at default logging level "info",
and the other machine gets the entry "log notice" in its configuration.
The result is pure bliss. Using "notice-logging" only five messages
are recorded:
thrice: "WARNING: CERT validation disabled by configuration
twice: "ERROR: such policy does not ..."
The warning message is a bogus artifact caused by the use of RSASIG.
It was recently identified as such by Upstream and has been removed
for this use case in the development branch.
The error message was equally recently brought to the attention of
Upstream by myself and my patch, which reassigned the message as
DEBUG level, was accepted. (The message simply states that a previous
policy did not exists, thus could not be purged!)
Both these changes were timely enough to theoretically be able to
enter the new release 0.8.0, but I have not verified whether they
are present in the release candidate.
Anyway, logging level "notice" clearly satisfies my ideals.
Observe that my other endpoint included 37 [!] messages marked
as "INFO", thereby visibly polluting "/var/log/daemon.log".
The manual page mentions no mechanism to specify a logging level
in a command line option, only a possibility to _increase_ the
level beyond the default "info". Therefore my suggestion is now
to include the directive
# /etc/racoon/racoon.conf
log notice
into the distributed configuration file, and refrain from crafting
some logcheck rules inteded to mask excessive INFO-messages.
It is reasonable that Debian, as a distributor, slightly decreases
the suggested logging level beyond that of a raw install from a
source archive.
Best regards,
Mats E A
<mats.anders...@gisladisker.se>
2459 41E9 C420 3F6D F68B 2E88 F768 4541 F25B 5D41
Abonnerar på: debian-mentors, debian-devel-games, debian-perl,
debian-ipv6, debian-qa
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
