Pluto uses syslog by default, so the answer is, wherever syslogd.conf says to put them.
For Redhat-ish systems (and SuSE), syslogd.conf usually puts the auth.* logs into /var/log/secure. Only root can read them.
For Debian systems, it's /var/log/auth.log
Yes, you can set: <pre> config setup
plutostderrlog=/var/log/pluto.log
</pre>
and the logs will go to that file. However, the logs there are not time-stamped (except when some debug options are on), and there is no way to roll them. This feature is for debugging!
to be written.
