Internet Key-Exchange logging

You can enable logging of Internet Key-Exchange events to the SYSLOG facility with the isakmpd daemon.

For the isakmpd daemon, you enable logging using the ike cmd=log command. You can set the logging level in the /etc/isakmpd.conf configuration file with the log_level parameter. Depending on the amount of information that you want to log, you can set the level to none, errors, isakmp_events, or information.

log_level=INFORMATION

The isakmpd daemon starts one of two processes: it sends a proposal, or it evaluates a proposal. If the proposal is accepted, a security association is created and the tunnel is set up. If the proposal is not accepted or the connection ends before the negotiation completes, the isakmpd daemon indicates an error. The entries in the SYSLOG facility from tmd indicate whether the negotiation succeeded. A failure caused by a certificate that was not valid is logged to the SYSLOG facility. To determine the exact cause of a failed negotiation, review the data in the logging file that is specified in /etc/syslog.conf.

The SYSLOG facility adds a prefix to each line of the log, noting the date and time, the machine, and the program. The following example uses googly as the machine name and isakmpd as the program name:

Nov 20 09:53:50 googly isakmpd: ISAKMP_MSG_HEADER
Nov 20 09:53:50 googly isakmpd:  Icookie : 0xef06a77488f25315, Rcookie :0x0000000000000000
Nov 20 09:53:51 googly isakmpd:  Next Payload : 1(SA), Maj Ver : 1, Min Ver : 0
Nov 20 09:53:51 googly isakmpd:  Xchg Type : 2 (ID protected), Flag= 0, Encr : No,COMMIT : No
Nov 20 09:53:51 googly isakmpd:  Msg ID  : 0x00000000

To improve clarity, use the grep command to extract log lines of interest (such as all isakmpd logging) and the cut command to remove the prefix from each line.