diff --git a/src/etc/inc/plugins.inc.d/ipsec.inc b/src/etc/inc/plugins.inc.d/ipsec.inc index 47e2f8a48..cf61da854 100644 --- a/src/etc/inc/plugins.inc.d/ipsec.inc +++ b/src/etc/inc/plugins.inc.d/ipsec.inc @@ -394,7 +394,7 @@ function ipsec_parse_phase2($ikeid) } elseif (in_array($ph2ent['mode'], ['tunnel', 'tunnel6'])) { $leftsubnet_data = ipsec_idinfo_to_cidr($ph2ent['localid'], false, $ph2ent['mode']); if (!is_ipaddr($leftsubnet_data) && !is_subnet($leftsubnet_data) && ($leftsubnet_data != "0.0.0.0/0")) { - log_error("Invalid IPsec Phase 2 \"{$ph2ent['descr']}\" - {$ph2ent['localid']['type']} has no subnet."); + log_msg("Invalid IPsec Phase 2 \"{$ph2ent['descr']}\" - {$ph2ent['localid']['type']} has no subnet.", LOG_ERR); continue; } $result['local_ts'][] = $leftsubnet_data; @@ -774,14 +774,14 @@ function ipsec_configure_spd() $tunnel_dst = ipsec_resolve($ph1ent['remote-gateway'], $ph1ent['protocol']); if (empty($tunnel_dst) || empty($tunnel_src)) { - log_error(sprintf( + log_msg(sprintf( "spdadd: skipped for tunnel %s-%s (reqid :%s, local: %s, remote: %s)", $tunnel_src, $tunnel_dst, !empty($reqid_mapping[$ph2ent['uniqid']]) ? $reqid_mapping[$ph2ent['uniqid']] : "", $ph2ent['spd'], ipsec_idinfo_to_cidr($ph2ent['remoteid'], false, $ph2ent['mode']) - )); + ), LOG_ERR); continue; } @@ -1098,7 +1098,7 @@ function ipsec_write_cas() $cafiles[] = $fname; file_put_contents($fname, $cert); } else { - log_error(sprintf('Error: Invalid certificate hash info for %s', $ca['descr'])); + log_msg(sprintf('Error: Invalid certificate hash info for %s', $ca['descr']), LOG_ERR); } } foreach (glob("{$capath}/*.0.crt") as $fname) { @@ -1126,7 +1126,7 @@ function ipsec_write_certs() $cert = lookup_cert($ph1ent['certref']); if (empty($cert)) { - log_error(sprintf('Error: Invalid phase1 certificate reference for %s', $ph1ent['name'])); + log_msg(sprintf('Error: Invalid phase1 certificate reference for %s', $ph1ent['name']), LOG_ERR); continue; } @@ -1685,7 +1685,7 @@ function ipsec_configure_vti($verbose = false, $device = null) || $local_configured != $intf_details['tunnel']['src_addr'] || $remote_configured != $intf_details['tunnel']['dest_addr'] ) { - log_error(sprintf("destroy interface %s", $intf)); + log_msg(sprintf("destroy interface %s", $intf), LOG_DEBUG); legacy_interface_destroy($intf); unset($current_interfaces[$intf]); } else { @@ -1703,12 +1703,12 @@ function ipsec_configure_vti($verbose = false, $device = null) } } if (!$isfound) { - log_error(sprintf( + log_msg(sprintf( "remove tunnel %s %s from interface %s", $addr['ipaddr'], $addr['endpoint'], $intf - )); + ), LOG_DEBUG); mwexecf('/sbin/ifconfig %s %s %s delete', [ $intf, $proto == 'ipv6' ? 'inet6' : 'inet', $addr['ipaddr'], $addr['endpoint'] ]); diff --git a/src/etc/inc/plugins.inc.d/openssh.inc b/src/etc/inc/plugins.inc.d/openssh.inc index fab5756fc..1b88b7f77 100644 --- a/src/etc/inc/plugins.inc.d/openssh.inc +++ b/src/etc/inc/plugins.inc.d/openssh.inc @@ -148,10 +148,10 @@ function openssh_configure_do($verbose = false, $interface = '') } if ($generate_keys) { + /* XXX replace with file lock */ if (is_subsystem_dirty('sshdkeys')) { return; } - log_error('Started creating your SSH keys. SSH startup is being delayed a wee bit.'); mark_subsystem_dirty('sshdkeys'); foreach ($keys as $type => $name) { $file = "/conf/sshd/{$name}"; @@ -160,7 +160,6 @@ function openssh_configure_do($verbose = false, $interface = '') mwexecf('/usr/local/bin/ssh-keygen -t %s -N "" -f %s', array($type, $file)); } clear_subsystem_dirty('sshdkeys'); - log_error('Completed creating your SSH keys. SSH will now be started.'); } $sshport = isset($sshcfg['port']) ? $sshcfg['port'] : 22; @@ -213,7 +212,7 @@ function openssh_configure_do($verbose = false, $interface = '') } if (count($listeners) >= 16) { - log_error("The SSH listening address $tmpaddr cannot be added due to MAX_LISTEN_SOCKS limit reached."); + log_msg("The SSH listening address $tmpaddr cannot be added due to MAX_LISTEN_SOCKS limit reached.", LOG_WARNING); continue; } diff --git a/src/etc/inc/plugins.inc.d/openvpn.inc b/src/etc/inc/plugins.inc.d/openvpn.inc index f5bd0a567..f622f36a3 100644 --- a/src/etc/inc/plugins.inc.d/openvpn.inc +++ b/src/etc/inc/plugins.inc.d/openvpn.inc @@ -946,9 +946,9 @@ function openvpn_restart($mode, $settings, $carp_event = false) if (!mwexecf('/usr/local/sbin/openvpn --config %s', "/var/etc/openvpn/{$mode_id}.conf")) { $pid = waitforpid("/var/run/openvpn_{$mode_id}.pid", 10); if ($pid) { - log_error(sprintf('OpenVPN %s %s instance started on PID %s.', $mode, $vpnid, $pid)); + log_msg(sprintf('OpenVPN %s %s instance started on PID %s.', $mode, $vpnid, $pid), LOG_NOTICE); } else { - log_error(sprintf('OpenVPN %s %s instance start timed out.', $mode, $vpnid)); + log_msg(sprintf('OpenVPN %s %s instance start timed out.', $mode, $vpnid), LOG_WARNING); } } } @@ -1135,12 +1135,12 @@ function openvpn_configure_do($verbose = false, $interface = '', $carp_event = f } if (!empty($interface)) { - log_error(sprintf( + log_msg(sprintf( 'Resyncing OpenVPN instances for interface %s.', convert_friendly_interface_to_friendly_descr($interface) - )); + ), LOG_INFO); } else { - log_error('Resyncing OpenVPN instances.'); + log_msg('Resyncing OpenVPN instances.', LOG_INFO); } service_log('Syncing OpenVPN settings...', $verbose);