Logging

ProL2TP includes comprehensive logging.

ProL2TP daemons log to syslog by default, using message log levels as per syslog(7):

Level Use
critical critical conditions which prevent the daemon from operating.
error messages about things that should not happen in normal use, e.g. unexpected error.
warning unexpected conditions that the operator should be aware of.
notice low verbosity logging of normal activity, e.g. tunnel or session created.
info more detailed activity, e.g. L2TP messages sent and received.
debug verbose logging for debugging problems

Messages are filtered by their level at output.

The default log level for prol2tpd and propppd is notice. Log messages at levels notice through to critical will be logged, while messages of info or debug levels will be ignored.

The default log level for proacd is info.

Logging to a file

All the ProL2TP daemons may optionally log to a file if started with the -o argument:

prol2tpd -o /var/log/prol2tpd.log

When logging to a file, each message is prefixed with a timestamp.

Log messages are buffered internally in order not to stall the thread logging the message. Once the buffers are full they are flushed to disk: they are not periodically flushed.

To flush the log buffers manually, use the SIGUSR1 signal:

root@lns:~# kill -SIGUSR1 `cat /var/run/prol2tp/prol2tpd.pid`

If using logrotate, use its copytruncate mode for rotating logs. ProL2TP daemons do not reopen their log file on SIGUSR1 or SIGHUP.

prol2tpd

Using the default log level, the prol2tpd log shows tunnels and sessions created and destroyed.

root@lns:~# cat /var/log/prol2tpd.log
Thu Nov 29 17:45:08 2018 ProL2TP v1.8.6 (unlicensed)
Thu Nov 29 17:45:08 2018 (c) Copyright 2004-2017 Katalix Systems Ltd.
Thu Nov 29 17:45:08 2018 missing router_id in config file: derived a value from system IP address
Thu Nov 29 17:45:08 2018 L2TPv3 router-id 3232289561
Thu Nov 29 17:45:08 2018 lsnr: listening on IPv4 UDP socket 192.168.211.25/1701
Thu Nov 29 17:45:08 2018 lsnr: listening on IPv4 L2TPIP socket 192.168.211.25
Thu Nov 29 17:45:14 2018 tunl 22462: net tunnel create to peer 192.168.211.20/44853
Thu Nov 29 17:45:14 2018 tunl 22462: tunnel up: peer 192.168.211.20, L2TPv2, UDP
Thu Nov 29 17:45:15 2018 sess 22462/37209: net session create
Thu Nov 29 17:45:15 2018 sess 22462/29279: net session create
Thu Nov 29 17:45:15 2018 sess 22462/37: net session create
Thu Nov 29 17:45:18 2018 sess 22462/37209: session up: PPP, interface ppp0, user 'u1@example.com'
Thu Nov 29 17:45:18 2018 sess 22462/37: session up: PPP, interface ppp2, user 'u3@example.com'
Thu Nov 29 17:45:18 2018 sess 22462/29279: session up: PPP, interface ppp1, user 'u2@example.com'

The log level of prol2tpd can be changed using command line arguments, configuration file settings, or on the fly using the prol2tp command.

Command line arguments

The log level can be changed by starting prol2tpd with the -d argument.

Specifying -d multiple times increases the verbosity of the logging.

Configuration file settings

The daemon log level can be set using the log_level parameter in the system block:

system {
    log_level debug
}

In addition, individual tunnels and sessions can have their log levels specified in the configuration file:

tunnel profile "tp0" {
    log_level error
}
session profile "sp0" {
    log_level info
}
tunnel "t0" {
    log_level warning
    session "t0s0" {
        log_level debug
    }
}

On-the-fly changes

The prol2tp tool allows prol2tpd log level to be changed on demand using the debug command:

root@lns:~# prol2tp debug system info
root@lns:~# prol2tp show system
ProL2TP V1.8.6, build Nov 28 2018 [16:13:10]
  (c) Copyright 2004-2017 Katalix Systems Ltd.

L2TP configuration:
  listening on: 192.168.211.25:1701 (UDP), 192.168.211.25 (L2TPIP)
  hostname: lns
  router id: 3232289561
  log level: INFO
L2TP service status:
  tunnels: 0, sessions: 0

Sample logs

These sample log files are taken from an L2TPv2 LNS running at various log levels:

prol2tpd-warning.log
prol2tpd-notice.log
prol2tpd-info.log
prol2tpd-debug.log

propppd

Using the default log level, the log shows basic information about PPP sessions being created and destroyed:

Thu Oct 17 12:37:25 2019 propppd 2.0.0 started
Thu Oct 17 12:37:25 2019 Created event connection on fd 14
Thu Oct 17 12:37:25 2019 Created mgmt connection on fd 15
Thu Oct 17 12:37:25 2019 ProPPP licensed to Katalix Systems Ltd
Thu Oct 17 12:37:25 2019 inform mgmt of max session limit of 0
Thu Oct 17 12:37:25 2019 mgmt : processing license update
Thu Oct 17 12:37:25 2019 propppd features: pppoe pppol2tp radius
Thu Oct 17 12:37:25 2019 propppd initialisation done
Thu Oct 17 12:38:14 2019 session-1 : Connect: ppp0 <-->
Thu Oct 17 12:38:14 2019 session-1 : local  IP address 10.90.0.11
Thu Oct 17 12:38:14 2019 session-1 : remote IP address 10.90.0.10
Thu Oct 17 12:54:38 2019 session-1 : Connection terminated.

The log level can be controlled using the command line arguments, or by changing settings in the config file.

Command Line arguments

The log level can be changed by starting propppd with the -d argument.

Specifying -d multiple times increases the verbosity of the logging.

Configuration file settings

The daemon log level can be set using the log_targets block in the system block:

system {
    log_targets {
        main {
            log_level debug
        }
    }
}

This sets a system-wide log level for the daemon.

In addition, the log levels for specific categories can be altered using the log_categories block:

system {
    log_categories {
        event info
        mgmt debug
    }
}

Log categories provide more fine-grained control of log levels where a daemon-wide setting is producing overwhelming output.

Finally, profiles in the configuration file can control logging of individual sessions or groups of sessions:

profile "t0s29_ppp" {
    log_level debug
}

Sample logs

These sample log files show the level of detail available at each log level:

propppd-warning.log
propppd-notice.log
propppd-info.log
propppd-debug.log

proacd

The default log level is info, which shows basic daemon information and lifetime information about routes as they are created and destroyed:

Oct 17 19:00:49 Start
Oct 17 19:00:49 ProL2TP Access Concentrator V2.0.0, (c) Copyright 2008-2018 Katalix Systems Ltd.
Oct 17 19:00:49 Unable to open license file /etc/proac/license.dat
Oct 17 19:00:49 Using config file: /etc/proac/proacd.conf
Oct 17 19:00:49 Opening log file: /var/log/proacd.log
Oct 17 19:00:49 Maximum routes: 5
Oct 17 19:00:49 Licensed modules: L2TP PPPoE RADIUS PPPD ProPPPD
Oct 17 19:00:49 Trial mode, expires in 30 minutes
Oct 17 19:00:49 PPPD destination module init: succeeded
Oct 17 19:00:49 RADIUS destination module init: succeeded
Oct 17 19:00:49 L2TP destination module init: succeeded
Oct 17 19:00:49 Providing PPPoE service on 1 interface
Oct 17 19:00:49 PPPoE source module init: succeeded
Oct 17 19:03:07 Selected route 'r1', ID 14383 (PPPoE enp0s8 11317 -> L2TP)
Oct 17 19:03:08 Completed route 'r1' 14383 (PPPoE enp0s8 11317 -> L2TP 23354/17620)
Oct 17 19:06:10 Selected route 'r2', ID 1284 (PPPoE enp0s8 5222 -> RADIUS)
Oct 17 19:06:10 Rerouting existing route ID 1284, new route ID 24717
Oct 17 19:06:10 Deleted route 'r2', ID 1284
Oct 17 19:06:10 Completed route 'r2' 24717 (PPPoE enp0s8 5222 -> L2TP 60395/2390)

Logging in proacd can be controlled using command line arguments, the configuration file, and on the fly using traces.

Command line arguments

The log level can be changed by starting proacd with the -D and -d arguments.

The -D argument is a boolean flag which enables more verbose logging.

The -d argument takes a set of categories for which debug is enabled. For example to enable debug in all categories:

proacd -D -d all

Or to selectively enable debug from the PPP and RADIUS categories:

proacd -D -d ppp,radius

Refer to the proacd man page for information about all the available categories.

Configuration file settings

The log level can be changed using the debug parameter in the system block in the configuration file:

system {
    debug route,l2tp,radius
}

Refer to the proacd.conf man page for information about all the available categories.

On-the-fly changes

In addition to per-category logging, proacd has a trace mechanism which allows debug to be toggled for a specific route instance. Log messages pertaining to that route from all categories are then enabled in the log output. For example, to enable tracing for route r2:

root@lac proac_trace on -r r2

and to disable tracing for that route:

root@lac proac_trace off -r r2

It is also possible to enable tracing on the basis of route source and/or destination: refer to the proac_trace man page for more information about the different modes of operation.

Sample logs

This sample log shows proacd debug logging:

proacd-debug.log

You are reading the manual of ProL2TP: enterprise class L2TP software for Linux systems

Learn more about ProL2TP and register for a free trial

Go