Logrotate conf for auth.log is missing
Closed, ResolvedPublic


Strange behavior observed on systems which have IPSec with Meraki devices

Connectivity works as expected but there is excessive logging from strongswan
with messages like

Dec 16 12:39:52 myVyOS pluto[3877]: "peer-" #13020: starting keying attempt 209 of an unlimited number
Dec 16 12:39:52 myVyOS pluto[3877]: "peer-" #13099: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP to replace #13020 {using isakmp#5}
Dec 16 12:39:52 myVyOS pluto[3877]: "peer-" #13019: max number of retransmissions (2) reached STATE_QUICK_I1.  No acceptable response to our first Quick Mode message: perhaps peer likes no proposal

just a few strange conditions met together

Looking into workaround now


Difficulty level
Hard (possibly days)
syncer created this task.Dec 18 2016, 2:17 PM
syncer removed syncer as the assignee of this task.Dec 23 2016, 9:00 AM
syncer added subscribers: UnicronNL, dmbaturin.

So, after investigating further, it seems that rotation is broken for auth.log
We hade conversation with @UnicronNL about this matter
and agreed that we need to define logrotate conf for auth log similar to provided below

rotate 10

@dmbaturin i guess we need to push this into 1.1.8

syncer added a comment.EditedDec 27 2016, 8:33 PM

Looks like copytruncate not works as expected,
so my proposal will be to use reload command instead
also, I added compress and delaycompress
i think it make sense for systems where space limited for any reason

rotate 10
                /etc/init.d/rsyslog reload >/dev/null 2>&1 
syncer renamed this task from strongSwan ipsec interworking issue with Cisco Meraki to Logrotate conf for auth.log is missing.Dec 27 2016, 8:47 PM
syncer updated the task description. (Show Details)
UnicronNL claimed this task.EditedApr 27 2017, 8:13 PM

used 10MB for size and 6 rotates, for embedded devices and space...

made some tests with size 1k, and works as expected.

UnicronNL closed this task as Resolved.Apr 27 2017, 8:15 PM