Hello,
Since upgrading to 07.11 the logs are filled every 7 seconds with messages like:
2024-11-26T13:26:12+01:00 lgrrutx ipsec: 13[CFG] vici client 3 connected
2024-11-26T13:26:12+01:00 lgrrutx ipsec: 06[CFG] vici client 3 registered for: list-sa
2024-11-26T13:26:12+01:00 lgrrutx ipsec: 07[CFG] vici client 3 requests: list-sas
2024-11-26T13:26:12+01:00 lgrrutx ipsec: 07[CFG] vici client 3 unregistered for: list-sa
2024-11-26T13:26:12+01:00 lgrrutx ipsec: 14[CFG] vici client 3 disconnected
Is there a solution to disable them ?
Regards,
Hello,
To disable these log messages, you can adjust the IPsec debug settings using the following commands:
uci set ipsec.@ipsec[0].debug='0'
uci commit ipsec
Best regards,
No, that doesn’t work. The logs are still spammed:
2024-11-28T08:06:46+01:00 lgrrutx ipsec: 03[CFG] vici client 4 connected
2024-11-28T08:06:46+01:00 lgrrutx ipsec: 12[CFG] vici client 4 registered for: list-sa
2024-11-28T08:06:46+01:00 lgrrutx ipsec: 05[CFG] vici client 4 requests: list-sas
2024-11-28T08:06:46+01:00 lgrrutx ipsec: 10[CFG] vici client 4 unregistered for: list-sa
2024-11-28T08:06:46+01:00 lgrrutx ipsec: 13[CFG] vici client 4 disconnected
It seems that this log flooding behavior is reproducible only when the user is on the Services → VPN → IPSec page. When left on that page, the logs continue to spam. This log-gathering feature was added intentionally; however, the issue with not being able to disable them has been forwarded to our RnD team for further investigation.
Best regards,
Yes, and each time swanmon list-sas is executed.
For the moment I have disabled the logs in strongswan-mod-vici using the following patch:
--- a/src/libstrongswan/utils/debug.h 2023-06-08 12:35:17.000000000 +0200
+++ b/src/libstrongswan/utils/debug.h 2024-11-26 18:48:33.664305415 +0100
@@ -104,7 +104,7 @@
};
#ifndef DEBUG_LEVEL
-# define DEBUG_LEVEL 4
+# define DEBUG_LEVEL 1
#endif /* DEBUG_LEVEL */
/** debug macros, they call the dbg function hook */
Added in package/network/services/strongswan/patches.