Provided by: libreswan_3.29-2_amd64 bug


       ipsec_barf - spew out collected IPsec debugging information


       ipsec barf [--short]


       Barf outputs (on standard output) a collection of debugging information (contents of
       files, selections from logs, etc.) related to the IPsec encryption/authentication system.
       It is primarily a convenience for remote debugging, a single command that packages up (and
       labels) all information that might be relevant to diagnosing a problem in IPsec.

       The --short option limits the length of the log portion of barf's output, which can
       otherwise be extremely voluminous if debug logging is turned on.

       --maxlines <100> option sets the length of some bits of information, currently netstat
       -rn. Useful on boxes where the routing table is thousands of lines long. Default is 100.

       On systems with systemd, ipsec barf will look for logs using the journalctl command. If
       the logfile= option is used, logs will also not be found by the ipsec barf command.

       Barf censors its output, replacing keys and secrets with brief checksums to avoid
       revealing sensitive information.

       Beware that the output of both commands is aimed at humans, not programs, and the output
       format is subject to change without warning.

       Barf has to figure out which files in /var/log contain the IPsec log messages. It looks
       for KLIPS and general log messages first in messages and syslog, and for Pluto messages
       first in secure, auth.log, and debug. In both cases, if it does not find what it is
       looking for in one of those “likely” places, it will resort to a brute-force search of
       most (non-compressed) files in /var/log.




       Written for the Linux FreeS/WAN project <> by Henry Spencer.


       Barf uses heuristics to try to pick relevant material out of the logs, and relevant
       messages that are not labelled with any of the tags that barf looks for will be lost. We
       think we've eliminated the last such case, but one never knows...

       Finding updown scripts (so they can be included in output) is, in general, difficult.
       Barf uses a very simple heuristic that is easily fooled.

       The brute-force search for the right log files can get expensive on systems with a lot of
       clutter in /var/log.


       Paul Wouters
           placeholder to suppress warning