I see allot of logs from the IPsec module being writen to /var/log/auth.log
Sample:
Mar 24 01:59:05 ut pluto[9944]: "UT0_ORG-10-13-252-224-28---10-7-175-0-24" #14317748: max number of retransmissions (2) reached STATE_QUICK_I1
Mar 24 01:59:05 ut pluto[9944]: "UT0_ORG-10-13-252-224-28---10-7-175-0-24" #14317748: starting keying attempt 1520 of an unlimited number
Mar 24 01:59:05 ut pluto[9944]: "UT0_ORG-10-13-252-224-28---10-7-175-0-24" #14323503: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW to replace #14317748 {using isakmp#14321094 msgid:203d3fe3 proposal=defaults pfsgroup=OAKLEY_GROUP_MODP1536}
The auth.log.1 sometimes grows to about 40-50 GB and then i have to manually delete it just because I don't want to Disc space to run out.
I am sure that there are cleanjobs that will remove the logs before it creates a real issue but the question is if all the logs are needed :-P
Sample:
Quote:
Mar 24 01:59:05 ut pluto[9944]: "UT0_ORG-10-13-252-224-28---10-7-175-0-24" #14317748: max number of retransmissions (2) reached STATE_QUICK_I1
Mar 24 01:59:05 ut pluto[9944]: "UT0_ORG-10-13-252-224-28---10-7-175-0-24" #14317748: starting keying attempt 1520 of an unlimited number
Mar 24 01:59:05 ut pluto[9944]: "UT0_ORG-10-13-252-224-28---10-7-175-0-24" #14323503: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW to replace #14317748 {using isakmp#14321094 msgid:203d3fe3 proposal=defaults pfsgroup=OAKLEY_GROUP_MODP1536}
I am sure that there are cleanjobs that will remove the logs before it creates a real issue but the question is if all the logs are needed :-P
