1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
|
Content-type: text/html
<HTML><HEAD><TITLE>Manpage of IPSEC_BARF</TITLE>
</HEAD><BODY>
<H1>IPSEC_BARF</H1>
Section: Maintenance Commands (8)<BR>Updated: 17 March 2002<BR><A HREF="#index">Index</A>
<A HREF="http://localhost/cgi-bin/man/man2html">Return to Main Contents</A><HR>
<A NAME="lbAB"> </A>
<H2>NAME</H2>
ipsec barf - spew out collected IPsec debugging information
<A NAME="lbAC"> </A>
<H2>SYNOPSIS</H2>
<B>ipsec</B>
<B>barf</B>
[
<B>--short</B>
]
<P>
<A NAME="lbAD"> </A>
<H2>DESCRIPTION</H2>
<I>Barf</I>
outputs (on standard output) a collection of debugging information
(contents of files, selections from logs, etc.)
related to the IPsec encryption/authentication system.
It is primarily a convenience for remote debugging,
a single command which packages up (and labels) all information
that might be relevant to diagnosing a problem in IPsec.
<P>
<P>
The
<B>--short</B>
option limits the length of
the log portion of
<I>barf</I>'s
output, which can otherwise be extremely voluminous
if debug logging is turned on.
<P>
<I>Barf</I>
censors its output,
replacing keys
and secrets with brief checksums to avoid revealing sensitive information.
<P>
Beware that the output of both commands is aimed at humans,
not programs,
and the output format is subject to change without warning.
<P>
<I>Barf</I>
has to figure out which files in
<I>/var/log</I>
contain the IPsec log messages.
It looks for KLIPS and general log messages first in
<I>messages</I>
and
<I>syslog</I>,
and for Pluto messages first in
<I>secure</I>,
<I>auth.log</I>,
and
<I>debug</I>.
In both cases,
if it does not find what it is looking for in one of those ``likely'' places,
it will resort to a brute-force search of most (non-compressed) files in
<I>/var/log</I>.
<A NAME="lbAE"> </A>
<H2>FILES</H2>
<PRE>
/proc/net/*
/var/log/*
/etc/ipsec.conf
/etc/ipsec.secrets
</PRE>
<A NAME="lbAF"> </A>
<H2>HISTORY</H2>
Written for the Linux FreeS/WAN project
<<A HREF="http://www.freeswan.org">http://www.freeswan.org</A>>
by Henry Spencer.
<A NAME="lbAG"> </A>
<H2>BUGS</H2>
<I>Barf</I>
uses heuristics to try to pick relevant material out of the logs,
and relevant messages
which are not labelled with any of the tags that
<I>barf</I>
looks for will be lost.
We think we've eliminated the last such case, but one never knows...
<P>
Finding
<I>updown</I>
scripts (so they can be included in output) is, in general, difficult.
<I>Barf</I>
uses a very simple heuristic that is easily fooled.
<P>
The brute-force search for the right log files can get expensive on
systems with a lot of clutter in
<I>/var/log</I>.
<P>
<HR>
<A NAME="index"> </A><H2>Index</H2>
<DL>
<DT><A HREF="#lbAB">NAME</A><DD>
<DT><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT><A HREF="#lbAD">DESCRIPTION</A><DD>
<DT><A HREF="#lbAE">FILES</A><DD>
<DT><A HREF="#lbAF">HISTORY</A><DD>
<DT><A HREF="#lbAG">BUGS</A><DD>
</DL>
<HR>
This document was created by
<A HREF="http://localhost/cgi-bin/man/man2html">man2html</A>,
using the manual pages.<BR>
Time: 21:40:17 GMT, November 11, 2003
</BODY>
</HTML>
|
