October 9, 2015

ubuntu 14.04 strongswan not logging

It turns out that ubuntu uses "AppArmor" to limit where strongswan can write files. You can install apparmor-utils and use the command "aa-complain" to turn strongswan binaries from "enforce" mode to "complain" mode:

# apt-get install apparmor-utils
# aa-status
# aa-complain /usr/lib/ipsec/charon
Setting /usr/lib/ipsec/charon to complain mode.

Just for reference,a strongswan conf file for logging:

charon {
    reuse_ikesa = no
        threads = 32

        load_modular = yes
        plugins {
                include strongswan.d/charon/*.conf
         }

       filelog {
               /var/log/charon.log {
                time_format = %b %e %T
                append = yes
                default = 1
               }
        }
}

This link is where I got the inspiration:
https://lists.strongswan.org/pipermail/users/2014-July/006351.html

No comments:

Post a Comment