There are currently two types of loggers:
.TP
.B File loggers
-Log directly to a file and are defined by specifying the full path to the
-file as subsection in the
+Log directly to a file and are defined by specifying an arbitrarily named
+subsection in the
.B charon.filelog
-section. To log to the console the two special filenames
+section. The full path to the file is configured in the \fIpath\fR setting of
+that subsection, however, if it only contains characters permitted in section
+names, the setting may also be omitted and the path specified as name of the
+subsection. To log to the console the two special filenames
.BR stdout " and " stderr
-can be used.
+may be used.
.TP
.B Syslog loggers
Log into a syslog facility and are defined by specifying the facility to log to
libipsec library messages
.TP
.B lib
-libstrongwan library messages
+libstrongswan library messages
.TP
.B tnc
Trusted Network Connect
Very basic auditing logs, (e.g. SA up/SA down)
.TP
.B 1
-Generic control flow with errors, a good default to see whats going on
+Generic control flow with errors, a good default to see what's going on
.TP
.B 2
More detailed debugging control flow
.EX
charon {
filelog {
- /var/log/charon.log {
+ charon {
+ path = /var/log/charon.log
time_format = %b %e %T
append = no
default = 1
identity. For the initiator, each connection attempt uses a different identity
in the form
.BR "\(dqCN=c1-r1, OU=load-test, O=strongSwan\(dq" ,
-where the first number inidicates the client number, the second the
+where the first number indicates the client number, the second the
authentication round (if multiple authentication rounds are used).
.PP
For PSK authentication, FQDN identities are used. The server uses
.BR charon.retransmit_base " [1.8]"
.BR charon.retransmit_timeout " [4.0]"
.BR charon.retransmit_tries " [5]"
+.BR charon.retransmit_jitter " [0]"
+.BR charon.retransmit_limit " [0]"
.fi
.RE
.PP
.PP
Where
.I n
-is the current retransmission count.
+is the current retransmission count. The calculated timeout can't exceed the
+configured retransmit_limit (if any), which is useful if the number of retries
+is high.
+.PP
+If a jitter in percent is configured, the timeout is modified as follows:
+.PP
+.EX
+ relative timeout -= random(0, retransmit_jitter * relative timeout)
+.EE
.PP
Using the default values, packets are retransmitted in: