Rockhopper VPN (Command-line Event-log tool)

Usage examples of rockhopper_log command (Event-log tool).

rockhopper_log (/usr/local/sbin/rockhopper_log) is a command-line tool to manage event log.
[Version 0.2.b1-019 -- ]

- Show usage (HELP)

$ rockhopper_log -h
[ Usage ]
% rockhopper_log <command> ...
 [-admin <admin_id> -password <password>]
 [-xml] [-no_pager] [-summary] [-h]

 [-port <admin_port>]

 command:
  help <command>  Show help info.

  show         Show event log.
  save         Save event log.
  follow       Follow event log.
  clear        Clear old event records.
  xml2txt      Convert log file(xml) to formatted text.

% rockhopper_log <command> -h   Show help info.

$ rockhopper_log help show
$ rockhopper_log show -h
[ Usage ]
% rockhopper_log show 
 [-no_pager] [-one_line] [-summary]
 [-match <substring/regex>]
 [-max_records <num>]
 [-admin <admin_id> -password <password>]
 [-port <admin_port>]

- Save event log as a text file.

$ rockhopper_log save -h
[ Usage ]
% rockhopper_log save 
 -file <saved_file_name> [-max_records <num>]
 [-match <substring/regex>]
 [-one_line] [-summary]
 [-dont_overwrite]
 [-admin <admin_id> -password <password>]
 [-port <admin_port>]

$
$ rockhopper_log save -file ./rockhopper_log.txt
 Name(Admin): admin
 Password:

- Show event log.

$ rockhopper_log show -h
[ Usage ]
% rockhopper_log show 
 [-no_pager] [-one_line] [-summary]
 [-match <substring/regex>]
 [-max_records <num>]
 [-admin <admin_id> -password <password>]
 [-port <admin_port>]

$
$ rockhopper_log show
 Name(Admin): admin
 Password: 

*Showing information by 'less' command.
Enter 'q' to quit.

[1] 2015-05-17 13:36:34.408964 ikev2(3) Rlm:500 INFO(4) [IKEv2 IKE_SA_REKEY] IKE SA 
was successfully rekeyed as initiator.

  2001:db8:10::5:4500 --> 2001:db8:2:0:614d:5a8d:de4c:47bf:4500
  [RESPONDER]
  CREATE_CHILD_SA(36)(RESP) ID:8
  SPI_I: 150595094649127196(0x02170570d17a411c)
  SPI_R: 16511936204066630647(0xe5262e7e5d4dabf7)
  
vpn:

  Realm: 500
  remotehost1@sales.example.com[email]:- [2001:db8:2:0:614d:5a8d:de4c:47bf] 
  --> gateway1.example.com[fqdn]:-(alt: gateway1.example.com[fqdn]) [2001:db8:10::5]
  UID: 0x00000000000000009d4752df7f45895e
  
new_ikesa:

  IKE_INITIATOR(0)
  SPI_I: 10474408513099148933(0x915c930bff9a2e85)
  SPI_R: 15767363012863507406(0xdad0ed1f025cbbce)
  ESTABLISHED(5) REKEY: 1
  
  REKEYED_IKESA_INITIATOR(333) 
  
[2] 2015-05-17 13:36:34.531655 ikev2(3) Rlm:500 INFO(4) [IKEv2 DELETE_IKE_SA] Rx 
resp: Deleting IKE SA.

  2001:db8:10::5:4500 --> 2001:db8:2:0:614d:5a8d:de4c:47bf:4500
  [RESPONDER]
  INFORMATIONAL(37)(RESP) ID:9
  SPI_I: 150595094649127196(0x02170570d17a411c)
  SPI_R: 16511936204066630647(0xe5262e7e5d4dabf7)
  
 vpn: 

  Realm: 500
  remotehost1@sales.example.com[email]:- [2001:db8:2:0:614d:5a8d:de4c:47bf] 
  --> gateway1.example.com[fqdn]:-(alt: gateway1.example.com[fqdn]) [2001:db8:10::5]
  UID: 0x00000000000000009d4752df7f45895e
  
 ikesa: 

  IKE_INITIATOR(0)
  SPI_I: 150595094649127196(0x02170570d17a411c)
  SPI_R: 16511936204066630647(0xe5262e7e5d4dabf7)
  DELETE_WAIT(8) REKEY: 0
 
  RX_DELETE_IKESA_RESP(432) 
q
$
(Output is narrowed down by '-match REKEY'.)
$ rockhopper_log show -match REKEY
 Name(Admin): admin
 Password: 

*Showing information by 'less' command.
Enter 'q' to quit.

[1] 2015-05-17 13:36:34.408964 ikev2(3) Rlm:500 INFO(4) [IKEv2 IKE_SA_REKEY] IKE SA 
was successfully rekeyed as initiator.

  2001:db8:10::5:4500 --> 2001:db8:2:0:614d:5a8d:de4c:47bf:4500
  [RESPONDER]
  CREATE_CHILD_SA(36)(RESP) ID:8
  SPI_I: 150595094649127196(0x02170570d17a411c)
  SPI_R: 16511936204066630647(0xe5262e7e5d4dabf7)
  
vpn:

  Realm: 500
  remotehost1@sales.example.com[email]:- [2001:db8:2:0:614d:5a8d:de4c:47bf] 
  --> gateway1.example.com[fqdn]:-(alt: gateway1.example.com[fqdn]) [2001:db8:10::5]
  UID: 0x00000000000000009d4752df7f45895e
  
new_ikesa:

  IKE_INITIATOR(0)
  SPI_I: 10474408513099148933(0x915c930bff9a2e85)
  SPI_R: 15767363012863507406(0xdad0ed1f025cbbce)
  ESTABLISHED(5) REKEY: 1
  
  REKEYED_IKESA_INITIATOR(333)
q

$
(Output is narrowed down by '-match REKEY'.)
$ rockhopper_log show -summary -match REKEY
 Name(Admin): admin
 Password: 

*Showing information by 'less' command.
Enter 'q' to quit.

[4] 2015-05-17 13:35:20.343274 ikev2(3) Rlm:500 INFO(4) [IKEv2 CHILD_SA_REKEY] Child 
SA was successfully rekeyed as initiator. REKEYED_CHILDSA_INITIATOR(336) 

[8] 2015-05-17 13:36:34.408964 ikev2(3) Rlm:500 INFO(4) [IKEv2 IKE_SA_REKEY] IKE SA 
was successfully rekeyed as initiator. REKEYED_IKESA_INITIATOR(333) 
q

$
$ rockhopper_log show -one_line
 Name(Admin): admin
 Password: 

*Showing information by 'less' command.
Enter 'q' to quit.


[1] 2015-05-17 13:56:13.512420 ikev2(3) Rlm:500 INFO(4) [IKEv2 IKE_SA_REKEY] IKE SA was 
successfully rekeyed as initiator.  2001:db8:10::5:4500 --> 2001:db8:2:0:614d:5a8d:de4c:
47bf:4500 [RESPONDER] CREATE_CHILD_SA(36)(RESP) ID:5 SPI_I: 3623945028638561144
(0x324ad6cd958b5378) SPI_R: 15796041053662227797(0xdb36cfa5b5062d55)  vpn:  Realm: 500 
remotehost1@sales.example.com[email]:- [2001:db8:2:0:614d:5a8d:de4c:47bf] --> 
gateway1.example.com[fqdn]:-(alt: gateway1.example.com[fqdn]) [2001:db8:10::5] UID: 
0x00000000000000009d4752df7f45895e  new_ikesa:  IKE_INITIATOR(0) SPI_I: 
7416805207508994515(0x66edc90a51d749d3) SPI_R: 15729252681727258706(0xda4987fa14b6b052) 
ESTABLISHED(5) REKEY: 7    REKEYED_IKESA_INITIATOR(333) 

[2] 2015-05-17 13:56:13.616010 ikev2(3) Rlm:500 INFO(4) [IKEv2 DELETE_IKE_SA] Rx resp: 
Deleting IKE SA.  2001:db8:10::5:4500 --> 2001:db8:2:0:614d:5a8d:de4c:47bf:4500 [RESPONDER] 
INFORMATIONAL(37)(RESP) ID:6 SPI_I: 3623945028638561144(0x324ad6cd958b5378) SPI_R: 
15796041053662227797(0xdb36cfa5b5062d55)   vpn:   Realm: 500 remotehost1@sales.example.com
[email]:- [2001:db8:2:0:614d:5a8d:de4c:47bf] --> gateway1.example.com[fqdn]:-(alt: 
gateway1.example.com[fqdn]) [2001:db8:10::5] UID: 0x00000000000000009d4752df7f45895e   
ikesa:   IKE_INITIATOR(0) SPI_I: 3623945028638561144(0x324ad6cd958b5378) SPI_R: 
15796041053662227797(0xdb36cfa5b5062d55) DELETE_WAIT(8) REKEY: 6 
RX_DELETE_IKESA_RESP(432) 

$
(If you want to use a shell's pipeline, '-no_pager', '-admin' and '-password' may be useful.)
$ rockhopper_log show -no_pager -admin admin -password secret |grep REKEY |less

[2] 2015-05-17 13:56:13.512420 ikev2(3) Rlm:500 INFO(4) [IKEv2 IKE_SA_REKEY] IKE SA was 
successfully rekeyed as initiator.
        ESTABLISHED(5) REKEY: 7
        REKEYED_IKESA_INITIATOR(333) 
        DELETE_WAIT(8) REKEY: 6
[5] 2015-05-17 13:57:03.517178 ikev2(3) Rlm:500 INFO(4) [IKEv2 CHILD_SA_REKEY] Child SA 
was successfully rekeyed as initiator.
        MATURE(2) REKEY: 11
        REKEYED_CHILDSA_INITIATOR(336) 
        DELETE_WAIT(5) REKEY: 10
:q

- Follow event log like '$ tail -f /var/log/messages'.

$ rockhopper_log follow -h
[ Usage ]
% rockhopper_log follow 
 [-debug_log <enalble/disable>]
 [-one_line] [-summary]
 [-match <substring/regex>]
 [-admin <admin_id> -password <password>]
 [-port <admin_port>]

$
$ rockhopper_log follow
 Name(Admin): admin
 Password: 

To quit, please enter 'q' and push <ENTER>

[1] 2015-05-17 13:36:34.408964 ikev2(3) Rlm:500 INFO(4) [IKEv2 IKE_SA_REKEY] IKE SA 
was successfully rekeyed as initiator.

  2001:db8:10::5:4500 --> 2001:db8:2:0:614d:5a8d:de4c:47bf:4500
  [RESPONDER]
  CREATE_CHILD_SA(36)(RESP) ID:8
  SPI_I: 150595094649127196(0x02170570d17a411c)
  SPI_R: 16511936204066630647(0xe5262e7e5d4dabf7)
  
vpn:

  Realm: 500
  remotehost1@sales.example.com[email]:- [2001:db8:2:0:614d:5a8d:de4c:47bf] 
  --> gateway1.example.com[fqdn]:-(alt: gateway1.example.com[fqdn]) [2001:db8:10::5]
  UID: 0x00000000000000009d4752df7f45895e
  
new_ikesa:

  IKE_INITIATOR(0)
  SPI_I: 10474408513099148933(0x915c930bff9a2e85)
  SPI_R: 15767363012863507406(0xdad0ed1f025cbbce)
  ESTABLISHED(5) REKEY: 1
  
  REKEYED_IKESA_INITIATOR(333) 

[2] 2015-05-17 13:36:34.531655 ikev2(3) Rlm:500 INFO(4) [IKEv2 DELETE_IKE_SA] Rx resp: 
Deleting IKE SA.

  2001:db8:10::5:4500 --> 2001:db8:2:0:614d:5a8d:de4c:47bf:4500
  [RESPONDER]
  INFORMATIONAL(37)(RESP) ID:9
  SPI_I: 150595094649127196(0x02170570d17a411c)
  SPI_R: 16511936204066630647(0xe5262e7e5d4dabf7)
  
 vpn: 

  Realm: 500
  remotehost1@sales.example.com[email]:- [2001:db8:2:0:614d:5a8d:de4c:47bf] 
  --> gateway1.example.com[fqdn]:-(alt: gateway1.example.com[fqdn]) [2001:db8:10::5]
  UID: 0x00000000000000009d4752df7f45895e
  
 ikesa: 

  IKE_INITIATOR(0)
  SPI_I: 150595094649127196(0x02170570d17a411c)
  SPI_R: 16511936204066630647(0xe5262e7e5d4dabf7)
  DELETE_WAIT(8) REKEY: 0
  
 
  RX_DELETE_IKESA_RESP(432) 
q
$
(The tool outputs debug-level information by '-debug_log enable' and only brief information 
by '-summary'.)
$ rockhopper_log follow -debug_log enable -summary
 Name(Admin): admin
 Password: 

To quit, please enter 'q' and push <ENTER>

[1] 2015-05-17 13:49:38.931751 ikev2(3) Rlm:- DEBUG(0) IKE SA's state changed. IKESA_STATE(421) 
[2] 2015-05-17 13:49:38.961852 ikev2(3) Rlm:- DEBUG(0) IKE SA's state changed. IKESA_STATE(421) 
[3] 2015-05-17 13:49:38.961937 ikev2(3) Rlm:- DEBUG(0) IKE SA's state changed. IKESA_STATE(421) 
[4] 2015-05-17 13:49:38.964336 ikev2(3) Rlm:500 DEBUG(0) [IKEv2 CFG] Successfully allocated a CP 
request. TX_CFG_REQ(165) 
[5] 2015-05-17 13:49:39.139008 ikev2(3) Rlm:500 DEBUG(0) [IKEv2 CFG] Received a CP response. 
RX_CFG_RESP_CP_PAYLOAD(180) 
[6] 2015-05-17 13:49:39.139170 ikev2(3) Rlm:500 INFO(4) [IKEv2 CFG] APPLICATION_VERSION 
RX_CFG_RESP_APP_VER(330) 
[7] 2015-05-17 13:49:39.139235 ikev2(3) Rlm:500 DEBUG(0) [IKEv2 CFG] INTERNAL_IP4_ADDRESS 
response RX_CFG_RESP_INTERNAL_ADDRESS(182) 
[8] 2015-05-17 13:49:39.139362 ikev2(3) Rlm:500 DEBUG(0) [IKEv2 CFG] INTERNAL_IP6_ADDRESS 
response RX_CFG_RESP_INTERNAL_ADDRESS_V6(850) 
[9] 2015-05-17 13:49:39.139488 ikev2(3) Rlm:500 DEBUG(0) [IKEv2 CFG] RHP_IPV4_GATEWAY response 
RX_CFG_RESP_INTERNAL_GATEWAY(183) 
[10] 2015-05-17 13:49:39.139643 ikev2(3) Rlm:500 DEBUG(0) [IKEv2 CFG] INTERNAL_IP4_SUBNET 
response RX_CFG_RESP_INTERNAL_SUBNET(184) 
[11] 2015-05-17 13:49:39.139727 ikev2(3) Rlm:500 DEBUG(0) [IKEv2 CFG] INTERNAL_IP4_SUBNET 
response RX_CFG_RESP_INTERNAL_SUBNET(184) 
[12] 2015-05-17 13:49:39.139802 ikev2(3) Rlm:500 DEBUG(0) [IKEv2 CFG] INTERNAL_IP4_SUBNET 
response RX_CFG_RESP_INTERNAL_SUBNET(184) 
[13] 2015-05-17 13:49:39.139871 ikev2(3) Rlm:500 DEBUG(0) [IKEv2 CFG] RHP_IPV6_GATEWAY 
response RX_CFG_RESP_INTERNAL_GATEWAY_V6(852) 
[14] 2015-05-17 13:49:39.141616 ikev2(3) Rlm:500 DEBUG(0) [IKEv2 CFG] INTERNAL_IP6_SUBNET 
response RX_CFG_RESP_INTERNAL_SUBNET_V6(854) 
[15] 2015-05-17 13:49:39.141708 ikev2(3) Rlm:500 DEBUG(0) [IKEv2 CFG] INTERNAL_IP6_SUBNET 
response RX_CFG_RESP_INTERNAL_SUBNET_V6(854) 
[16] 2015-05-17 13:49:39.141858 ikev2(3) Rlm:500 DEBUG(0) [IKEv2 CFG] INTERNAL_IP6_SUBNET 
response RX_CFG_RESP_INTERNAL_SUBNET_V6(854) 
q
$
(Output is narrowed down by '-match 2001:db8:10::5'.)
$ rockhopper_log follow -debug_log enable -match 2001:db8:10::5
 Name(Admin): admin
 Password: 

To quit, please enter 'q' and push <ENTER>

[5] 2015-05-17 13:52:46.175144 ikev2(3) Rlm:500 DEBUG(0) [IKEv2 INFO] Rx Resp: Peer is behind a NAT.

  2001:db8:10::5:4500 --> 2001:db8:2:0:614d:5a8d:de4c:47bf:4500
  [RESPONDER]
  INFORMATIONAL(37)(RESP) ID:4
  SPI_I: 84978896450900431(0x012de7db285c51cf)
  SPI_R: 13111120785408885670(0xb5f40ee37d8983a6)
  
vpn:

  Realm: 500
  remotehost1@sales.example.com[email]:- [2001:db8:2:0:614d:5a8d:de4c:47bf] 
  --> gateway1.example.com[fqdn]:-(alt: gateway1.example.com[fqdn]) [2001:db8:10::5]
  UID: 0x00000000000000009d4752df7f45895e
  
ikesa:

  IKE_INITIATOR(0)
  SPI_I: 84978896450900431(0x012de7db285c51cf)
  SPI_R: 13111120785408885670(0xb5f40ee37d8983a6)
  ESTABLISHED(5) REKEY: 5
 
  RX_INFO_NATT_RESP_PEER_BEHIND_A_NAT(410) 
q

- Clear event log.

$ rockhopper_log clear -h
[ Usage ]
% rockhopper_log clear 
 [-admin <admin_id> -password <password>]
 [-port <admin_port>]

$
$ rockhopper_log clear
 Name(Admin): admin
 Password: