151 lines
3.0 KiB
HTML
151 lines
3.0 KiB
HTML
Content-type: text/html
|
|
|
|
<HTML><HEAD><TITLE>Manpage of IPSEC_BARF</TITLE>
|
|
</HEAD><BODY>
|
|
<H1>IPSEC_BARF</H1>
|
|
Section: Maintenance Commands (8)<BR>Updated: 17 March 2002<BR><A HREF="#index">Index</A>
|
|
<A HREF="http://localhost/cgi-bin/man/man2html">Return to Main Contents</A><HR>
|
|
|
|
|
|
<A NAME="lbAB"> </A>
|
|
<H2>NAME</H2>
|
|
|
|
ipsec barf - spew out collected IPsec debugging information
|
|
<A NAME="lbAC"> </A>
|
|
<H2>SYNOPSIS</H2>
|
|
|
|
<B>ipsec</B>
|
|
|
|
<B>barf</B>
|
|
|
|
[
|
|
<B>--short</B>
|
|
|
|
]
|
|
<P>
|
|
<A NAME="lbAD"> </A>
|
|
<H2>DESCRIPTION</H2>
|
|
|
|
<I>Barf</I>
|
|
|
|
outputs (on standard output) a collection of debugging information
|
|
(contents of files, selections from logs, etc.)
|
|
related to the IPsec encryption/authentication system.
|
|
It is primarily a convenience for remote debugging,
|
|
a single command which packages up (and labels) all information
|
|
that might be relevant to diagnosing a problem in IPsec.
|
|
<P>
|
|
|
|
<P>
|
|
|
|
The
|
|
<B>--short</B>
|
|
|
|
option limits the length of
|
|
the log portion of
|
|
<I>barf</I>'s
|
|
|
|
output, which can otherwise be extremely voluminous
|
|
if debug logging is turned on.
|
|
<P>
|
|
|
|
<I>Barf</I>
|
|
|
|
censors its output,
|
|
replacing keys
|
|
and secrets with brief checksums to avoid revealing sensitive information.
|
|
<P>
|
|
|
|
Beware that the output of both commands is aimed at humans,
|
|
not programs,
|
|
and the output format is subject to change without warning.
|
|
<P>
|
|
|
|
<I>Barf</I>
|
|
|
|
has to figure out which files in
|
|
<I>/var/log</I>
|
|
|
|
contain the IPsec log messages.
|
|
It looks for KLIPS and general log messages first in
|
|
<I>messages</I>
|
|
|
|
and
|
|
<I>syslog</I>,
|
|
|
|
and for Pluto messages first in
|
|
<I>secure</I>,
|
|
|
|
<I>auth.log</I>,
|
|
|
|
and
|
|
<I>debug</I>.
|
|
|
|
In both cases,
|
|
if it does not find what it is looking for in one of those ``likely'' places,
|
|
it will resort to a brute-force search of most (non-compressed) files in
|
|
<I>/var/log</I>.
|
|
|
|
<A NAME="lbAE"> </A>
|
|
<H2>FILES</H2>
|
|
|
|
<PRE>
|
|
/proc/net/*
|
|
/var/log/*
|
|
/etc/ipsec.conf
|
|
/etc/ipsec.secrets
|
|
</PRE>
|
|
|
|
<A NAME="lbAF"> </A>
|
|
<H2>HISTORY</H2>
|
|
|
|
Written for the Linux FreeS/WAN project
|
|
<<A HREF="http://www.freeswan.org">http://www.freeswan.org</A>>
|
|
by Henry Spencer.
|
|
<A NAME="lbAG"> </A>
|
|
<H2>BUGS</H2>
|
|
|
|
<I>Barf</I>
|
|
|
|
uses heuristics to try to pick relevant material out of the logs,
|
|
and relevant messages
|
|
which are not labelled with any of the tags that
|
|
<I>barf</I>
|
|
|
|
looks for will be lost.
|
|
We think we've eliminated the last such case, but one never knows...
|
|
<P>
|
|
|
|
Finding
|
|
<I>updown</I>
|
|
|
|
scripts (so they can be included in output) is, in general, difficult.
|
|
<I>Barf</I>
|
|
|
|
uses a very simple heuristic that is easily fooled.
|
|
<P>
|
|
|
|
The brute-force search for the right log files can get expensive on
|
|
systems with a lot of clutter in
|
|
<I>/var/log</I>.
|
|
|
|
<P>
|
|
|
|
<HR>
|
|
<A NAME="index"> </A><H2>Index</H2>
|
|
<DL>
|
|
<DT><A HREF="#lbAB">NAME</A><DD>
|
|
<DT><A HREF="#lbAC">SYNOPSIS</A><DD>
|
|
<DT><A HREF="#lbAD">DESCRIPTION</A><DD>
|
|
<DT><A HREF="#lbAE">FILES</A><DD>
|
|
<DT><A HREF="#lbAF">HISTORY</A><DD>
|
|
<DT><A HREF="#lbAG">BUGS</A><DD>
|
|
</DL>
|
|
<HR>
|
|
This document was created by
|
|
<A HREF="http://localhost/cgi-bin/man/man2html">man2html</A>,
|
|
using the manual pages.<BR>
|
|
Time: 21:40:17 GMT, November 11, 2003
|
|
</BODY>
|
|
</HTML>
|