1IPSEC_BARF(8)                                                    IPSEC_BARF(8)
2
3
4

NAME

6       ipsec barf - spew out collected IPsec debugging information
7

SYNOPSIS

9       ipsec barf [--short --maxlines <100>]
10
11

DESCRIPTION

13       Barf outputs (on standard output) a collection of debugging information
14       (contents of files, selections from logs, etc.) related  to  the  IPsec
15       encryption/authentication system. It is primarily a convenience for re‐
16       mote debugging, a single command which packages up (and labels) all in‐
17       formation that might be relevant to diagnosing a problem in IPsec.
18
19
20       The  --short option limits the length of the log portion of barf's out‐
21       put, which can otherwise be extremely voluminous if  debug  logging  is
22       turned on.
23
24
25       --maxlines  <100>  option  sets the length of some bits of information,
26       currently netstat -rn. Usefull on boxes  where  the  routing  table  is
27       thousands of lines long. Default is 100.
28
29
30       Barf  censors  its output, replacing keys and secrets with brief check‐
31       sums to avoid revealing sensitive information.
32
33
34       Beware that the output of both commands is aimed at  humans,  not  pro‐
35       grams, and the output format is subject to change without warning.
36
37
38       Barf  has  to  figure out which files in /var/log contain the IPsec log
39       messages. It looks for KLIPS and general log messages first in messages
40       and  syslog,  and for Pluto messages first in secure, auth.log, and de‐
41       bug. In both cases, if it does not find what it is looking for  in  one
42       of  those  “likely”  places,  it will resort to a brute-force search of
43       most (non-compressed) files in /var/log.
44
45

FILES

47       /proc/net/*
48       /var/log/*
49       /etc/ipsec.conf
50       /etc/ipsec.secrets
51
52
53

HISTORY

55       Written  for  the  Linux  FreeS/WAN  project  <http://www.freeswan.org:
56       http://www.freeswan.org> by Henry Spencer.
57
58

BUGS

60       Barf  uses heuristics to try to pick relevant material out of the logs,
61       and relevant messages which are not labelled with any of the tags  that
62       barf  looks  for  will be lost. We think we've eliminated the last such
63       case, but one never knows...
64
65
66       Finding updown scripts (so they can be included in output) is, in  gen‐
67       eral,  difficult.  Barf  uses  a  very  simple heuristic that is easily
68       fooled.
69
70
71       The brute-force search for the right log files  can  get  expensive  on
72       systems with a lot of clutter in /var/log.
73
74
75
76
77                                 17 March 2002                   IPSEC_BARF(8)
Impressum