IPsec Kernel Module Error Logging
These system administration enhancements are new in the Solaris Express 5/06 release.
Starting with this release, all IPsec kernel module policy failures and other errors will be logged using the ipsec_rl_strlog() function. The ipsec_rl_strlog() function also has the ability to limit number of error messages sent to the system log. This ability prevents the system log from being overloaded.
The minimum interval between messages can be viewed or configured using the ndd command:
# ndd -get /dev/ip ipsec_policy_log_interval |
The value returned is in milliseconds.
The ipsec_policy_log_interval now consolidates all IPsec-related error logging into a single function. This function also enables administrators to completely disable the error logging, as follows:
# ndd -set /dev/ip ipsec_policy_log_interval 0 |
Note –
After rebooting the system, you need to disable the IPsec logging again.
- © 2010, Oracle Corporation and/or its affiliates