Description of problem: Logwatch contain already a check for the output of pluto, the *S/WAN IKE daemon: /etc/log.d/scripts/services/pluto But it doesn't suppress information, which is only informational. Version-Release number of selected component (if applicable): logwatch-5.2.2-1 How reproducible: Always Steps to Reproduce: 1. Setup openswan ipsec 2. Run openswan ipsec 3. Run logwatch Actual Results: Many of such messages: UNKNOWN: Jan 1 04:28:25 *** pluto[6161]: "***" #17: transition from state (null) to state STATE_MAIN_R1 UNKNOWN: Jan 1 04:28:25 *** pluto[6161]: "***" #17: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 UNKNOWN: Jan 1 04:28:25 *** pluto[6161]: "***" #17: Peer ID is ID_IPV6_ADDR: '2001: 6f8:****' UNKNOWN: Jan 1 04:28:25 *** pluto[6161]: "***" #17: I did not send a certificate because I do not have one. UNKNOWN: Jan 1 04:28:25 *** pluto[6161]: "***" #17: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 UNKNOWN: Jan 1 06:15:10 *** pluto[6161]: "***" #18: received Delete SA payload: deleting ISAKMP State #18 Expected Results: Suppressing of such messages Additional info:
/etc/log.d/scripts/services/pluto should scan FreeSWAN log file. FreeSWAN is no longer in active development. So logwatch upstream don't develope pluto script too. So it does not expect openswan log file and create some extra messages. Ivana Varekova