Provided by: openswan_2.4.4-3ubuntu1_i386 bug


       ipsec barf - spew out collected IPsec debugging information


       ipsec barf [ --short --maxlines <100> ]


       Barf outputs (on standard output) a collection of debugging information
       (contents of files, selections from logs, etc.)  related to  the  IPsec
       encryption/authentication  system.   It  is primarily a convenience for
       remote debugging, a single command which packages up (and  labels)  all
       information that might be relevant to diagnosing a problem in IPsec.

       The  --short  option  limits  the  length  of the log portion of barf’s
       output, which can otherwise be extremely voluminous if debug logging is
       turned on.

       --maxlines  <100>  option  sets the length of some bits of information,
       currently netstat -rn.  Usefull on boxes where  the  routing  table  is
       thousands of lines long.  Default is 100.

       Barf  censors  its  output,  replacing  keys  and  secrets  with  brief
       checksums to avoid revealing sensitive information.

       Beware that the output  of  both  commands  is  aimed  at  humans,  not
       programs, and the output format is subject to change without warning.

       Barf  has  to  figure out which files in /var/log contain the IPsec log
       messages.  It looks  for  KLIPS  and  general  log  messages  first  in
       messages  and syslog, and for Pluto messages first in secure, auth.log,
       and debug.  In both cases, if it does not find what it is  looking  for
       in  one  of  those  ‘‘likely’’  places, it will resort to a brute-force
       search of most (non-compressed) files in /var/log.




       Written for the Linux FreeS/WAN  project  <>  by
       Henry Spencer.


       Barf  uses heuristics to try to pick relevant material out of the logs,
       and relevant messages which are not labelled with any of the tags  that
       barf  looks  for will be lost.  We think we’ve eliminated the last such
       case, but one never knows...

       Finding updown scripts (so they can  be  included  in  output)  is,  in
       general,  difficult.   Barf uses a very simple heuristic that is easily

       The brute-force search for the right log files  can  get  expensive  on
       systems with a lot of clutter in /var/log.

                                 17 March 2002                   IPSEC_BARF(8)