Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
IPSEC_BARF(8)		      Executable programs		 IPSEC_BARF(8)

NAME
       ipsec_barf - spew out collected IPsec debugging information

SYNOPSIS

       ipsec barf [--short]

DESCRIPTION
       Barf outputs (on	standard output) a collection of debugging information
       (contents of files, selections from logs, etc.) related to the IPsec
       encryption/authentication system. It is primarily a convenience for
       remote debugging, a single command that packages	up (and	labels)	all
       information that	might be relevant to diagnosing	a problem in IPsec.

       The --short option limits the length of the log portion of barf's
       output, which can otherwise be extremely	voluminous if debug logging is
       turned on.

       On systems with systemd,	ipsec barf will	look for logs using the
       journalctl command. If the logfile= option is used, logs	will also not
       be found	by the ipsec barf command.

       Barf censors its	output,	replacing keys and secrets with	brief
       checksums to avoid revealing sensitive information.

       Beware that the output of both commands is aimed	at humans, not
       programs, and the output	format is subject to change without warning.

       Barf has	to figure out which files in /var/log contain the IPsec	log
       messages. It looks for general log messages first in messages and
       syslog, and for Pluto messages first in secure, auth.log, and debug. In
       both cases, if it does not find what it is looking for in one of	those
       "likely"	places,	it will	resort to a brute-force	search of most
       (non-compressed)	files in /var/log.

FILES
	   /proc/net/*
	   /var/log/*
	   /etc/ipsec.conf
	   /usr/local/etc/ipsec.secrets

HISTORY
       Written for the Linux FreeS/WAN project <https://www.freeswan.org> by
       Henry Spencer.

BUGS
       Barf uses heuristics to try to pick relevant material out of the	logs,
       and relevant messages that are not labelled with	any of the tags	that
       barf looks for will be lost. We think we've eliminated the last such
       case, but one never knows...

       Finding updown scripts (so they can be included in output) is, in
       general,	difficult.  Barf uses a	very simple heuristic that is easily
       fooled.

       The brute-force search for the right log	files can get expensive	on
       systems with a lot of clutter in	/var/log.

AUTHOR
       Paul Wouters
	   placeholder to suppress warning

libreswan			  05/13/2025			 IPSEC_BARF(8)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=ipsec_barf&sektion=8&manpath=FreeBSD+Ports+14.3.quarterly>

home | help