1IPSEC_BARF(8)                 Executable programs                IPSEC_BARF(8)
2
3
4

NAME

6       ipsec_barf - spew out collected IPsec debugging information
7

SYNOPSIS

9       ipsec barf [--short --maxlines <100>]
10

DESCRIPTION

12       Barf outputs (on standard output) a collection of debugging information
13       (contents of files, selections from logs, etc.) related to the IPsec
14       encryption/authentication system. It is primarily a convenience for
15       remote debugging, a single command that packages up (and labels) all
16       information that might be relevant to diagnosing a problem in IPsec.
17
18       The --short option limits the length of the log portion of barf's
19       output, which can otherwise be extremely voluminous if debug logging is
20       turned on.
21
22       --maxlines <100> option sets the length of some bits of information,
23       currently netstat -rn. Useful on boxes where the routing table is
24       thousands of lines long. Default is 100.
25
26       On systems with systemd, ipsec barf will look for logs using the
27       journalctl command. If the logfile= option is used, logs will also not
28       be found by the ipsec barf command.
29
30       Barf censors its output, replacing keys and secrets with brief
31       checksums to avoid revealing sensitive information.
32
33       Beware that the output of both commands is aimed at humans, not
34       programs, and the output format is subject to change without warning.
35
36       Barf has to figure out which files in /var/log contain the IPsec log
37       messages. It looks for KLIPS and general log messages first in messages
38       and syslog, and for Pluto messages first in secure, auth.log, and
39       debug. In both cases, if it does not find what it is looking for in one
40       of those “likely” places, it will resort to a brute-force search of
41       most (non-compressed) files in /var/log.
42

FILES

44           /proc/net/*
45           /var/log/*
46           /etc/ipsec.conf
47           /etc/ipsec.secrets
48

HISTORY

50       Written for the Linux FreeS/WAN project <http://www.freeswan.org> by
51       Henry Spencer.
52

BUGS

54       Barf uses heuristics to try to pick relevant material out of the logs,
55       and relevant messages that are not labelled with any of the tags that
56       barf looks for will be lost. We think we've eliminated the last such
57       case, but one never knows...
58
59       Finding updown scripts (so they can be included in output) is, in
60       general, difficult.  Barf uses a very simple heuristic that is easily
61       fooled.
62
63       The brute-force search for the right log files can get expensive on
64       systems with a lot of clutter in /var/log.
65

AUTHOR

67       Paul Wouters
68           placeholder to suppress warning
69
70
71
72libreswan                         02/01/2019                     IPSEC_BARF(8)
Impressum