diff options
Diffstat (limited to 'programs/barf/barf.8')
| -rw-r--r-- | programs/barf/barf.8 | 84 |
1 files changed, 84 insertions, 0 deletions
diff --git a/programs/barf/barf.8 b/programs/barf/barf.8 new file mode 100644 index 000000000..e692a4e5f --- /dev/null +++ b/programs/barf/barf.8 @@ -0,0 +1,84 @@ +.TH IPSEC_BARF 8 "17 March 2002" +.\" RCSID $Id: barf.8,v 1.1 2004/03/15 20:35:27 as Exp $ +.SH NAME +ipsec barf \- spew out collected IPsec debugging information +.SH SYNOPSIS +.B ipsec +.B barf +[ +.B \-\-short +] +.sp +.SH DESCRIPTION +.I Barf +outputs (on standard output) a collection of debugging information +(contents of files, selections from logs, etc.) +related to the IPsec encryption/authentication system. +It is primarily a convenience for remote debugging, +a single command which packages up (and labels) all information +that might be relevant to diagnosing a problem in IPsec. +.PP +.PP +The +.B \-\-short +option limits the length of +the log portion of +.IR barf 's +output, which can otherwise be extremely voluminous +if debug logging is turned on. +.PP +.I Barf +censors its output, +replacing keys +and secrets with brief checksums to avoid revealing sensitive information. +.PP +Beware that the output of both commands is aimed at humans, +not programs, +and the output format is subject to change without warning. +.PP +.I Barf +has to figure out which files in +.I /var/log +contain the IPsec log messages. +It looks for KLIPS and general log messages first in +.IR messages +and +.IR syslog , +and for Pluto messages first in +.IR secure , +.IR auth.log , +and +.IR debug . +In both cases, +if it does not find what it is looking for in one of those ``likely'' places, +it will resort to a brute-force search of most (non-compressed) files in +.IR /var/log . +.SH FILES +.nf +/proc/net/* +/var/log/* +/etc/ipsec.conf +/etc/ipsec.secrets +.fi +.SH HISTORY +Written for the Linux FreeS/WAN project +<http://www.freeswan.org> +by Henry Spencer. +.SH BUGS +.I Barf +uses heuristics to try to pick relevant material out of the logs, +and relevant messages +which are not labelled with any of the tags that +.I barf +looks for will be lost. +We think we've eliminated the last such case, but one never knows... +.PP +Finding +.I updown +scripts (so they can be included in output) is, in general, difficult. +.I Barf +uses a very simple heuristic that is easily fooled. +.PP +The brute-force search for the right log files can get expensive on +systems with a lot of clutter in +.IR /var/log . |