Home / server / Questions / 1025331
In Process
sunknudsen
Asked: 2020-07-16 05:50:28 +0800 CST

How to disable all strongSwan logging?

  • 772

Tried the following but that didn’t work.

config setup
  charondebug="ike -1, knl -1, cfg -1"

My gut feeling is it has something to do with /etc/strongswan.d/charon-logging.conf?

I have read the docs but want to make sure I don’t miss something.

Currently, I have the following which appears to disable most (if not all) logging.

charon {
    filelog {
        charon {
            default = -1
        }
    }
    syslog {
        auth {
            default = -1
        }
    }
}
strongswan

1 Answers

  1. According to the StrongSwan documentation:

    By default, the IKE daemon charon logs via syslog(3) using the LOG_AUTHPRIV (only messages on log level 0) and LOG_DAEMON (all log levels) facilities. The default log level for all subsystems is 1.

    <...>

    Unlike charon, charon-systemd logs to the systemd journal and not syslog, by default.

    Which means that unless you've configured additional loggers (like a charon file logger), all you need is:

    charon {
    syslog {
        daemon {
            default = -1
       }
   }
}

    If you're using systemd, add this to avoid logging to the journal:

    charon-systemd : charon {
    journal {
        default = -1
   }
}

    I'll repeat for anyone stumbling on this: do not do this unless you have very specific privacy concerns, it hinders security auditing, debugging and post-compromise analysis.

    • 2