Logging via TCP

Werner Koch wk at gnupg.org
Mon Aug 9 18:36:38 CEST 2010


On Windows, GnuPG is not able to log to local socket.  This is a bit
annoying thus I added logging via TCP to GnuPG trunk.

The debugging method of writing log files has two shortcomings: It is
not possible to easily see the interaction between the modules and if a
process crashes the last lines of debug output are not saved to the

To solve this problem GnuPG does now support logging to an arbitrary TCP
address.  This shall only be used for debugging as it might reveal
sensitive information as no encryption is used.  To enable this feature,
put something like

  log-file tcp://

into the respective foo.conf file.  Note that you must use an IP
address.  You may choose any port you like.  Make sure that the host is
reachable to avoid delays due to the long TCP timeouts.  IPv6 is also
supported but not tested; use something like tcp://[::1]:4712.  There is
no resolver code used to avoid extra dependency in the logging code.

To view the logs you may use

  nc -lp 4712

but that has the drawback of only displaying one connection.  It is
better to use watchgnupg:

  watchgnupg --tcp 4712

To build this watchgnupg you may simply build trunk on a Posix platform
or get gnupg/tools/watchgnupg.c and compile it standalone.  watchgnupg
has no ipv6 support, though.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-devel mailing list