--- west.console.txt	2019-08-24 18:12:56.322672198 +0000
+++ OUTPUT/west.console.txt	2019-08-26 18:28:41.959332297 +0000
@@ -14,8 +14,7 @@
  # confirm clear text does not get through
 west #
  ../../pluto/bin/ping-once.sh --down -I 192.0.1.254 192.0.2.254
-[ 00.00] IN=eth1 OUT= MAC=12:00:00:64:64:45:12:00:00:64:64:23:08:00 SRC=192.0.2.254 DST=192.0.1.254 LEN=XXXX TOS=0x00 PREC=0x00 TTL=64 ID=XXXXX PROTO=ICMP TYPE=0 CODE=0 ID=XXXX SEQ=1 
-down
+up UNEXPECTED
 west #
  ipsec start
 Redirecting to: [initsystem]
@@ -42,8 +41,6 @@
 target     prot opt source               destination         
 Chain LOGDROP (1 references)
 target     prot opt source               destination         
-LOG        all  --  0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 4
-DROP       all  --  0.0.0.0/0            0.0.0.0/0           
 west #
  ipsec auto --up westnet-eastnet-nflog
 002 "westnet-eastnet-nflog" #1: initiating Main Mode
@@ -70,8 +67,6 @@
 NFLOG      all  --  192.0.1.0/24         192.0.2.0/24         policy match dir out pol ipsec nflog-prefix  westnet-eastnet-nflog nflog-group 13
 Chain LOGDROP (1 references)
 target     prot opt source               destination         
-LOG        all  --  0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 4
-DROP       all  --  0.0.0.0/0            0.0.0.0/0           
 west #
  ipsec auto --up west-east-nflog
 002 "west-east-nflog" #3: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO
@@ -93,8 +88,6 @@
 NFLOG      all  --  192.0.1.0/24         192.0.2.0/24         policy match dir out pol ipsec nflog-prefix  westnet-eastnet-nflog nflog-group 13
 Chain LOGDROP (1 references)
 target     prot opt source               destination         
-LOG        all  --  0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 4
-DROP       all  --  0.0.0.0/0            0.0.0.0/0           
 west #
  rm -fr /tmp/nflog-50.pcap
 west #
@@ -157,8 +150,6 @@
 NFLOG      all  --  192.1.2.45           192.1.2.23           policy match dir out pol ipsec nflog-prefix  west-east-nflog nflog-group 50
 Chain LOGDROP (1 references)
 target     prot opt source               destination         
-LOG        all  --  0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 4
-DROP       all  --  0.0.0.0/0            0.0.0.0/0           
 west #
  ipsec auto --down west-east-nflog
 002 "west-east-nflog": terminating SAs using this connection
@@ -176,21 +167,11 @@
 target     prot opt source               destination         
 Chain LOGDROP (1 references)
 target     prot opt source               destination         
-LOG        all  --  0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 4
-DROP       all  --  0.0.0.0/0            0.0.0.0/0           
 west #
  cp  /tmp/nflog-50.pcap OUTPUT/nflog-50.pcap
 west #
  tcpdump -n -r OUTPUT/nflog-50.pcap
-reading from file OUTPUT/nflog-50.pcap, link-type NFLOG (Linux netfilter log messages)
-IP 192.1.2.45 > 192.1.2.23: ICMP echo request, id XXXX, seq 1, length 64
-IP 192.1.2.23 > 192.1.2.45: ICMP echo reply, id XXXX, seq 1, length 64
-IP 192.1.2.45 > 192.1.2.23: ICMP echo request, id XXXX, seq 2, length 64
-IP 192.1.2.23 > 192.1.2.45: ICMP echo reply, id XXXX, seq 2, length 64
-IP 192.1.2.45 > 192.1.2.23: ICMP echo request, id XXXX, seq 1, length 64
-IP 192.1.2.23 > 192.1.2.45: ICMP echo reply, id XXXX, seq 1, length 64
-IP 192.1.2.45 > 192.1.2.23: ICMP echo request, id XXXX, seq 2, length 64
-IP 192.1.2.23 > 192.1.2.45: ICMP echo reply, id XXXX, seq 2, length 64
+tcpdump: truncated dump file; tried to read 4 file header bytes, only got 0
 west #
  echo done
 done
@@ -222,6 +203,8 @@
 west #
  ipsec stop
 Redirecting to: [initsystem]
+Shutting down pluto IKE daemon
+002 shutting down
 west #
  # show no nflog left behind
 west #
@@ -236,8 +219,6 @@
 target     prot opt source               destination         
 Chain LOGDROP (1 references)
 target     prot opt source               destination         
-LOG        all  --  0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 4
-DROP       all  --  0.0.0.0/0            0.0.0.0/0           
 west #
  ../bin/check-for-core.sh
 west #