Skip to content

Commit

Permalink
refactor(userspace/falco): add log level enum
Browse files Browse the repository at this point in the history 
Signed-off-by: Roberto Scolaro <[email protected]>
  • Loading branch information
@therealbobo
therealbobo committed Oct 30, 2023
1 parent 01516fc commit 3e233fd
Show file tree
Hide file tree
Showing 28 changed files with 126 additions and 123 deletions.
18 changes: 9 additions & 9 deletions userspace/falco/app/actions/configure_interesting_sets.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ static void select_event_set(falco::app::state& s, const libsinsp::events::set<p
auto rules_names = libsinsp::events::sc_set_to_event_names(rules_sc_set);
if (!rules_sc_set.empty())
{
falco_logger::log(LOG_DEBUG, "(" + std::to_string(rules_names.size())
falco_logger::log(falco_logger::level::DEBUG, "(" + std::to_string(rules_names.size())
+ ") syscalls in rules: " + concat_set_in_order(rules_names) + "\n");
}

Expand Down Expand Up @@ -100,14 +100,14 @@ static void select_event_set(falco::app::state& s, const libsinsp::events::set<p

// we re-transform from sc_set to names to make
// sure that bad user inputs are ignored
falco_logger::log(LOG_DEBUG, "+(" + std::to_string(user_positive_sc_set_names.size())
falco_logger::log(falco_logger::level::DEBUG, "+(" + std::to_string(user_positive_sc_set_names.size())
+ ") syscalls added (base_syscalls override): "
+ concat_set_in_order(user_positive_sc_set_names) + "\n");
}
auto invalid_positive_sc_set_names = unordered_set_difference(user_positive_names, user_positive_sc_set_names);
if (!invalid_positive_sc_set_names.empty())
{
falco_logger::log(LOG_WARNING, "Invalid (positive) syscall names: warning (base_syscalls override): "
falco_logger::log(falco_logger::level::WARNING, "Invalid (positive) syscall names: warning (base_syscalls override): "
+ concat_set_in_order(invalid_positive_sc_set_names));
}

Expand Down Expand Up @@ -136,14 +136,14 @@ static void select_event_set(falco::app::state& s, const libsinsp::events::set<p

// we re-transform from sc_set to names to make
// sure that bad user inputs are ignored
falco_logger::log(LOG_DEBUG, "-(" + std::to_string(user_negative_sc_set_names.size())
falco_logger::log(falco_logger::level::DEBUG, "-(" + std::to_string(user_negative_sc_set_names.size())
+ ") syscalls removed (base_syscalls override): "
+ concat_set_in_order(user_negative_sc_set_names) + "\n");
}
auto invalid_negative_sc_set_names = unordered_set_difference(user_negative_names, user_negative_sc_set_names);
if (!invalid_negative_sc_set_names.empty())
{
falco_logger::log(LOG_WARNING, "Invalid (negative) syscall names: warning (base_syscalls override): "
falco_logger::log(falco_logger::level::WARNING, "Invalid (negative) syscall names: warning (base_syscalls override): "
+ concat_set_in_order(invalid_negative_sc_set_names));
}

Expand All @@ -154,7 +154,7 @@ static void select_event_set(falco::app::state& s, const libsinsp::events::set<p
if (!non_rules_sc_set.empty() && user_positive_sc_set.empty())
{
auto non_rules_sc_set_names = libsinsp::events::sc_set_to_event_names(non_rules_sc_set);
falco_logger::log(LOG_DEBUG, "+(" + std::to_string(non_rules_sc_set_names.size())
falco_logger::log(falco_logger::level::DEBUG, "+(" + std::to_string(non_rules_sc_set_names.size())
+ ") syscalls (Falco's state engine set of syscalls): "
+ concat_set_in_order(non_rules_sc_set_names) + "\n");
}
Expand All @@ -172,7 +172,7 @@ static void select_event_set(falco::app::state& s, const libsinsp::events::set<p
if (!erased_sc_set.empty())
{
auto erased_sc_set_names = libsinsp::events::sc_set_to_event_names(erased_sc_set);
falco_logger::log(LOG_DEBUG, "-(" + std::to_string(erased_sc_set_names.size())
falco_logger::log(falco_logger::level::DEBUG, "-(" + std::to_string(erased_sc_set_names.size())
+ ") ignored syscalls (-> activate via `-A` flag): "
+ concat_set_in_order(erased_sc_set_names) + "\n");
}
Expand All @@ -192,7 +192,7 @@ static void select_event_set(falco::app::state& s, const libsinsp::events::set<p
if (!repaired_sc_set.empty())
{
auto repaired_sc_set_names = libsinsp::events::sc_set_to_event_names(repaired_sc_set);
falco_logger::log(LOG_INFO, "+(" + std::to_string(repaired_sc_set_names.size())
falco_logger::log(falco_logger::level::INFO, "+(" + std::to_string(repaired_sc_set_names.size())
+ ") repaired syscalls: " + concat_set_in_order(repaired_sc_set_names) + "\n");
}
}
Expand All @@ -207,7 +207,7 @@ static void select_event_set(falco::app::state& s, const libsinsp::events::set<p
if (!s.selected_sc_set.empty())
{
auto selected_sc_set_names = libsinsp::events::sc_set_to_event_names(s.selected_sc_set);
falco_logger::log(LOG_DEBUG, "(" + std::to_string(selected_sc_set_names.size())
falco_logger::log(falco_logger::level::DEBUG, "(" + std::to_string(selected_sc_set_names.size())
+ ") syscalls selected in total (final set): "
+ concat_set_in_order(selected_sc_set_names) + "\n");
}
Expand Down
2 changes: 1 addition & 1 deletion userspace/falco/app/actions/configure_syscall_buffer_num.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ falco::app::run_result falco::app::actions::configure_syscall_buffer_num(falco::

if(s.config->m_cpus_for_each_syscall_buffer > online_cpus)
{
falco_logger::log(LOG_WARNING, "you required a buffer every '" + std::to_string(s.config->m_cpus_for_each_syscall_buffer) + "' CPUs but there are only '" + std::to_string(online_cpus) + "' online CPUs. Falco changed the config to: one buffer every '" + std::to_string(online_cpus) + "' CPUs\n");
falco_logger::log(falco_logger::level::WARNING, "you required a buffer every '" + std::to_string(s.config->m_cpus_for_each_syscall_buffer) + "' CPUs but there are only '" + std::to_string(online_cpus) + "' online CPUs. Falco changed the config to: one buffer every '" + std::to_string(online_cpus) + "' CPUs\n");
s.config->m_cpus_for_each_syscall_buffer = online_cpus;
}
#endif
Expand Down
4 changes: 2 additions & 2 deletions userspace/falco/app/actions/configure_syscall_buffer_size.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ falco::app::run_result falco::app::actions::configure_syscall_buffer_size(falco:
if(page_size <= 0)
{
s.syscall_buffer_bytes_size = DEFAULT_BYTE_SIZE;
falco_logger::log(LOG_WARNING, "Unable to get the system page size through 'getpagesize()'. Try to use the default syscall buffer dimension: " + std::to_string(DEFAULT_BYTE_SIZE) + " bytes\n");
falco_logger::log(falco_logger::level::WARNING, "Unable to get the system page size through 'getpagesize()'. Try to use the default syscall buffer dimension: " + std::to_string(DEFAULT_BYTE_SIZE) + " bytes\n");
return run_result::ok();
}

Expand All @@ -72,7 +72,7 @@ falco::app::run_result falco::app::actions::configure_syscall_buffer_size(falco:
}

s.syscall_buffer_bytes_size = chosen_size;
falco_logger::log(LOG_INFO, "The chosen syscall buffer dimension is: " + std::to_string(chosen_size) + " bytes (" + std::to_string(chosen_size / (uint64_t)(1024 * 1024)) + " MBs)\n");
falco_logger::log(falco_logger::level::INFO, "The chosen syscall buffer dimension is: " + std::to_string(chosen_size) + " bytes (" + std::to_string(chosen_size / (uint64_t)(1024 * 1024)) + " MBs)\n");

#endif // __linux__
return run_result::ok();
Expand Down
6 changes: 3 additions & 3 deletions userspace/falco/app/actions/create_signal_handlers.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@ falco::app::run_result falco::app::actions::create_signal_handlers(falco::app::s
#ifdef __linux__
if (s.options.dry_run)
{
falco_logger::log(LOG_DEBUG, "Skipping signal handlers creation in dry-run\n");
falco_logger::log(falco_logger::level::DEBUG, "Skipping signal handlers creation in dry-run\n");
return run_result::ok();
}

Expand All @@ -88,7 +88,7 @@ falco::app::run_result falco::app::actions::create_signal_handlers(falco::app::s
|| !g_restart_signal.is_lock_free()
|| !g_reopen_outputs_signal.is_lock_free())
{
falco_logger::log(LOG_WARNING, "Bundled atomics implementation is not lock-free, signal handlers may be unstable\n");
falco_logger::log(falco_logger::level::WARNING, "Bundled atomics implementation is not lock-free, signal handlers may be unstable\n");
}

if(! create_handler(SIGINT, ::terminate_signal_handler, ret) ||
Expand Down Expand Up @@ -162,7 +162,7 @@ falco::app::run_result falco::app::actions::unregister_signal_handlers(falco::ap
#ifdef __linux__
if (s.options.dry_run)
{
falco_logger::log(LOG_DEBUG, "Skipping unregistering signal handlers in dry-run\n");
falco_logger::log(falco_logger::level::DEBUG, "Skipping unregistering signal handlers in dry-run\n");
return run_result::ok();
}

Expand Down
8 changes: 4 additions & 4 deletions userspace/falco/app/actions/helpers_generic.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ void falco::app::actions::print_enabled_event_sources(falco::app::state& s)
str += str.empty() ? "" : ", ";
str += src;
}
falco_logger::log(LOG_INFO, "Loaded event sources: " + str);
falco_logger::log(falco_logger::level::INFO, "Loaded event sources: " + str);

/* Print all enabled sources. */
str.clear();
Expand All @@ -56,7 +56,7 @@ void falco::app::actions::print_enabled_event_sources(falco::app::state& s)
str += str.empty() ? "" : ", ";
str += src;
}
falco_logger::log(LOG_INFO, "Enabled event sources: " + str);
falco_logger::log(falco_logger::level::INFO, "Enabled event sources: " + str);

// print some warnings to the user
for (const auto& src : s.enabled_sources)
Expand All @@ -77,7 +77,7 @@ void falco::app::actions::print_enabled_event_sources(falco::app::state& s)
{
if (src != falco_common::syscall_source || s.options.nodriver)
{
falco_logger::log(LOG_WARNING, "Enabled event source '"
falco_logger::log(falco_logger::level::WARNING, "Enabled event source '"
+ src + "' can be opened with multiple loaded plugins, will use only '"
+ first_plugin->name() + "'");
}
Expand All @@ -86,7 +86,7 @@ void falco::app::actions::print_enabled_event_sources(falco::app::state& s)
}
if (!first_plugin && s.options.nodriver)
{
falco_logger::log(LOG_WARNING, "Enabled event source '"
falco_logger::log(falco_logger::level::WARNING, "Enabled event source '"
+ src + "' will be opened with no driver, no event will be produced");
}
}
Expand Down
22 changes: 11 additions & 11 deletions userspace/falco/app/actions/helpers_inspector.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ falco::app::run_result falco::app::actions::open_offline_inspector(falco::app::s
try
{
s.offline_inspector->open_savefile(s.options.trace_filename);
falco_logger::log(LOG_INFO, "Reading system call events from file: " + s.options.trace_filename + "\n");
falco_logger::log(falco_logger::level::INFO, "Reading system call events from file: " + s.options.trace_filename + "\n");
return run_result::ok();
}
catch (sinsp_exception &e)
Expand All @@ -64,7 +64,7 @@ falco::app::run_result falco::app::actions::open_live_inspector(
if (p->caps() & CAP_SOURCING && p->id() != 0 && p->event_source() == source)
{
auto cfg = s.plugin_configs.at(p->name());
falco_logger::log(LOG_INFO, "Opening '" + source + "' source with plugin '" + cfg->m_name + "'");
falco_logger::log(falco_logger::level::INFO, "Opening '" + source + "' source with plugin '" + cfg->m_name + "'");
inspector->open_plugin(cfg->m_name, cfg->m_open_params);
return run_result::ok();
}
Expand All @@ -82,23 +82,23 @@ falco::app::run_result falco::app::actions::open_live_inspector(
if (p->caps() & CAP_SOURCING && p->id() == 0)
{
auto cfg = s.plugin_configs.at(p->name());
falco_logger::log(LOG_INFO, "Opening '" + source + "' source with plugin '" + cfg->m_name + "'");
falco_logger::log(falco_logger::level::INFO, "Opening '" + source + "' source with plugin '" + cfg->m_name + "'");
inspector->open_plugin(cfg->m_name, cfg->m_open_params);
return run_result::ok();
}
}
falco_logger::log(LOG_INFO, "Opening '" + source + "' source with no driver\n");
falco_logger::log(falco_logger::level::INFO, "Opening '" + source + "' source with no driver\n");
inspector->open_nodriver();
}
else if(s.is_gvisor_enabled()) /* gvisor engine. */
{
falco_logger::log(LOG_INFO, "Opening '" + source + "' source with gVisor. Configuration path: " + s.options.gvisor_config);
falco_logger::log(falco_logger::level::INFO, "Opening '" + source + "' source with gVisor. Configuration path: " + s.options.gvisor_config);
inspector->open_gvisor(s.options.gvisor_config, s.options.gvisor_root);
}
else if(s.options.modern_bpf) /* modern BPF engine. */
{
falco_logger::log(LOG_INFO, "Opening '" + source + "' source with modern BPF probe.");
falco_logger::log(LOG_INFO, "One ring buffer every '" + std::to_string(s.config->m_cpus_for_each_syscall_buffer) + "' CPUs.");
falco_logger::log(falco_logger::level::INFO, "Opening '" + source + "' source with modern BPF probe.");
falco_logger::log(falco_logger::level::INFO, "One ring buffer every '" + std::to_string(s.config->m_cpus_for_each_syscall_buffer) + "' CPUs.");
inspector->open_modern_bpf(s.syscall_buffer_bytes_size, s.config->m_cpus_for_each_syscall_buffer, true, s.selected_sc_set);
}
else if(getenv(FALCO_BPF_ENV_VARIABLE) != NULL) /* BPF engine. */
Expand All @@ -116,23 +116,23 @@ falco::app::run_result falco::app::actions::open_live_inspector(
snprintf(full_path, PATH_MAX, "%s/%s", home, FALCO_PROBE_BPF_FILEPATH);
bpf_probe_path = full_path;
}
falco_logger::log(LOG_INFO, "Opening '" + source + "' source with BPF probe. BPF probe path: " + std::string(bpf_probe_path));
falco_logger::log(falco_logger::level::INFO, "Opening '" + source + "' source with BPF probe. BPF probe path: " + std::string(bpf_probe_path));
inspector->open_bpf(bpf_probe_path, s.syscall_buffer_bytes_size, s.selected_sc_set);
}
else /* Kernel module (default). */
{
try
{
falco_logger::log(LOG_INFO, "Opening '" + source + "' source with Kernel module");
falco_logger::log(falco_logger::level::INFO, "Opening '" + source + "' source with Kernel module");
inspector->open_kmod(s.syscall_buffer_bytes_size, s.selected_sc_set);
}
catch(sinsp_exception &e)
{
// Try to insert the Falco kernel module
falco_logger::log(LOG_INFO, "Trying to inject the Kernel module and opening the capture again...");
falco_logger::log(falco_logger::level::INFO, "Trying to inject the Kernel module and opening the capture again...");
if(system("modprobe " DRIVER_NAME " > /dev/null 2> /dev/null"))
{
falco_logger::log(LOG_ERR, "Unable to load the driver\n");
falco_logger::log(falco_logger::level::ERR, "Unable to load the driver\n");
}
inspector->open_kmod(s.syscall_buffer_bytes_size, s.selected_sc_set);
}
Expand Down
8 changes: 4 additions & 4 deletions userspace/falco/app/actions/init_clients.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,14 +31,14 @@ falco::app::run_result falco::app::actions::init_clients(falco::app::state& s)

auto inspector = s.source_infos.at(falco_common::syscall_source)->inspector;

falco_logger::log(LOG_DEBUG, "Setting metadata download max size to " + std::to_string(s.config->m_metadata_download_max_mb) + " MB\n");
falco_logger::log(LOG_DEBUG, "Setting metadata download chunk wait time to " + std::to_string(s.config->m_metadata_download_chunk_wait_us) + " μs\n");
falco_logger::log(LOG_DEBUG, "Setting metadata download watch frequency to " + std::to_string(s.config->m_metadata_download_watch_freq_sec) + " seconds\n");
falco_logger::log(falco_logger::level::DEBUG, "Setting metadata download max size to " + std::to_string(s.config->m_metadata_download_max_mb) + " MB\n");
falco_logger::log(falco_logger::level::DEBUG, "Setting metadata download chunk wait time to " + std::to_string(s.config->m_metadata_download_chunk_wait_us) + " μs\n");
falco_logger::log(falco_logger::level::DEBUG, "Setting metadata download watch frequency to " + std::to_string(s.config->m_metadata_download_watch_freq_sec) + " seconds\n");
inspector->set_metadata_download_params(s.config->m_metadata_download_max_mb * 1024 * 1024, s.config->m_metadata_download_chunk_wait_us, s.config->m_metadata_download_watch_freq_sec);

if (s.options.dry_run)
{
falco_logger::log(LOG_DEBUG, "Skipping clients initialization in dry-run\n");
falco_logger::log(falco_logger::level::DEBUG, "Skipping clients initialization in dry-run\n");
return run_result::ok();
}

Expand Down
2 changes: 1 addition & 1 deletion userspace/falco/app/actions/init_inspectors.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ static void init_syscall_inspector(falco::app::state& s, std::shared_ptr<sinsp>

if (s.config->m_syscall_drop_failed_exit)
{
falco_logger::log(LOG_INFO, "Failed syscall exit events are dropped in the kernel driver\n");
falco_logger::log(falco_logger::level::INFO, "Failed syscall exit events are dropped in the kernel driver\n");
inspector->set_dropfailed(true);
}

Expand Down
4 changes: 2 additions & 2 deletions userspace/falco/app/actions/init_outputs.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ falco::app::run_result falco::app::actions::init_outputs(falco::app::state& s)
if(env_hostname || (env_hostname = getenv("FALCO_GRPC_HOSTNAME")))
{
hostname = env_hostname;
falco_logger::log(LOG_INFO, "Hostname value has been overridden via environment variable to: " + hostname + "\n");
falco_logger::log(falco_logger::level::INFO, "Hostname value has been overridden via environment variable to: " + hostname + "\n");
}
else
{
Expand All @@ -56,7 +56,7 @@ falco::app::run_result falco::app::actions::init_outputs(falco::app::state& s)

if (s.options.dry_run)
{
falco_logger::log(LOG_DEBUG, "Skipping outputs initialization in dry-run\n");
falco_logger::log(falco_logger::level::DEBUG, "Skipping outputs initialization in dry-run\n");
return run_result::ok();
}

Expand Down
6 changes: 3 additions & 3 deletions userspace/falco/app/actions/load_config.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,14 +49,14 @@ falco::app::run_result falco::app::actions::load_config(falco::app::state& s)

// log after config init because config determines where logs go
falco_logger::set_time_format_iso_8601(s.config->m_time_format_iso_8601);
falco_logger::log(LOG_INFO, "Falco version: " + std::string(FALCO_VERSION) + " (" + std::string(FALCO_TARGET_ARCH) + ")\n");
falco_logger::log(falco_logger::level::INFO, "Falco version: " + std::string(FALCO_VERSION) + " (" + std::string(FALCO_TARGET_ARCH) + ")\n");
if (!s.cmdline.empty())
{
falco_logger::log(LOG_DEBUG, "CLI args: " + s.cmdline);
falco_logger::log(falco_logger::level::DEBUG, "CLI args: " + s.cmdline);
}
if (!s.options.conf_filename.empty())
{
falco_logger::log(LOG_INFO, "Falco initialized with configuration file: " + s.options.conf_filename + "\n");
falco_logger::log(falco_logger::level::INFO, "Falco initialized with configuration file: " + s.options.conf_filename + "\n");
}

s.config->m_buffered_outputs = !s.options.unbuffered_outputs;
Expand Down
2 changes: 1 addition & 1 deletion userspace/falco/app/actions/load_plugins.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ falco::app::run_result falco::app::actions::load_plugins(falco::app::state& s)
// Load all the configured plugins
for(auto &p : s.config->m_plugins)
{
falco_logger::log(LOG_INFO, "Loading plugin '" + p.m_name + "' from file " + p.m_library_path + "\n");
falco_logger::log(falco_logger::level::INFO, "Loading plugin '" + p.m_name + "' from file " + p.m_library_path + "\n");
auto plugin = s.offline_inspector->register_plugin(p.m_library_path);
s.plugin_configs.insert(p, plugin->name());
if(plugin->caps() & CAP_SOURCING && plugin->id() != 0)
Expand Down
Loading

0 comments on commit 3e233fd

Please sign in to comment.