diff --git a/userspace/falco/app/actions/configure_interesting_sets.cpp b/userspace/falco/app/actions/configure_interesting_sets.cpp
index 8f9c31de3f0..9f7e60306c2 100644
--- a/userspace/falco/app/actions/configure_interesting_sets.cpp
+++ b/userspace/falco/app/actions/configure_interesting_sets.cpp
@@ -69,7 +69,7 @@ static void select_event_set(falco::app::state& s, const libsinsp::events::set activate via `-A` flag): "
+ concat_set_in_order(erased_sc_set_names) + "\n");
}
@@ -192,7 +192,7 @@ static void select_event_set(falco::app::state& s, const libsinsp::events::set
m_cpus_for_each_syscall_buffer > online_cpus)
{
- falco_logger::log(LOG_WARNING, "you required a buffer every '" + std::to_string(s.config->m_cpus_for_each_syscall_buffer) + "' CPUs but there are only '" + std::to_string(online_cpus) + "' online CPUs. Falco changed the config to: one buffer every '" + std::to_string(online_cpus) + "' CPUs\n");
+ falco_logger::log(falco_logger::level::WARNING, "you required a buffer every '" + std::to_string(s.config->m_cpus_for_each_syscall_buffer) + "' CPUs but there are only '" + std::to_string(online_cpus) + "' online CPUs. Falco changed the config to: one buffer every '" + std::to_string(online_cpus) + "' CPUs\n");
s.config->m_cpus_for_each_syscall_buffer = online_cpus;
}
#endif
diff --git a/userspace/falco/app/actions/configure_syscall_buffer_size.cpp b/userspace/falco/app/actions/configure_syscall_buffer_size.cpp
index 11468045a11..7af78380101 100644
--- a/userspace/falco/app/actions/configure_syscall_buffer_size.cpp
+++ b/userspace/falco/app/actions/configure_syscall_buffer_size.cpp
@@ -55,7 +55,7 @@ falco::app::run_result falco::app::actions::configure_syscall_buffer_size(falco:
if(page_size <= 0)
{
s.syscall_buffer_bytes_size = DEFAULT_BYTE_SIZE;
- falco_logger::log(LOG_WARNING, "Unable to get the system page size through 'getpagesize()'. Try to use the default syscall buffer dimension: " + std::to_string(DEFAULT_BYTE_SIZE) + " bytes\n");
+ falco_logger::log(falco_logger::level::WARNING, "Unable to get the system page size through 'getpagesize()'. Try to use the default syscall buffer dimension: " + std::to_string(DEFAULT_BYTE_SIZE) + " bytes\n");
return run_result::ok();
}
@@ -72,7 +72,7 @@ falco::app::run_result falco::app::actions::configure_syscall_buffer_size(falco:
}
s.syscall_buffer_bytes_size = chosen_size;
- falco_logger::log(LOG_INFO, "The chosen syscall buffer dimension is: " + std::to_string(chosen_size) + " bytes (" + std::to_string(chosen_size / (uint64_t)(1024 * 1024)) + " MBs)\n");
+ falco_logger::log(falco_logger::level::INFO, "The chosen syscall buffer dimension is: " + std::to_string(chosen_size) + " bytes (" + std::to_string(chosen_size / (uint64_t)(1024 * 1024)) + " MBs)\n");
#endif // __linux__
return run_result::ok();
diff --git a/userspace/falco/app/actions/create_signal_handlers.cpp b/userspace/falco/app/actions/create_signal_handlers.cpp
index b688ec6188e..30af53b99ad 100644
--- a/userspace/falco/app/actions/create_signal_handlers.cpp
+++ b/userspace/falco/app/actions/create_signal_handlers.cpp
@@ -76,7 +76,7 @@ falco::app::run_result falco::app::actions::create_signal_handlers(falco::app::s
#ifdef __linux__
if (s.options.dry_run)
{
- falco_logger::log(LOG_DEBUG, "Skipping signal handlers creation in dry-run\n");
+ falco_logger::log(falco_logger::level::DEBUG, "Skipping signal handlers creation in dry-run\n");
return run_result::ok();
}
@@ -88,7 +88,7 @@ falco::app::run_result falco::app::actions::create_signal_handlers(falco::app::s
|| !g_restart_signal.is_lock_free()
|| !g_reopen_outputs_signal.is_lock_free())
{
- falco_logger::log(LOG_WARNING, "Bundled atomics implementation is not lock-free, signal handlers may be unstable\n");
+ falco_logger::log(falco_logger::level::WARNING, "Bundled atomics implementation is not lock-free, signal handlers may be unstable\n");
}
if(! create_handler(SIGINT, ::terminate_signal_handler, ret) ||
@@ -162,7 +162,7 @@ falco::app::run_result falco::app::actions::unregister_signal_handlers(falco::ap
#ifdef __linux__
if (s.options.dry_run)
{
- falco_logger::log(LOG_DEBUG, "Skipping unregistering signal handlers in dry-run\n");
+ falco_logger::log(falco_logger::level::DEBUG, "Skipping unregistering signal handlers in dry-run\n");
return run_result::ok();
}
diff --git a/userspace/falco/app/actions/helpers_generic.cpp b/userspace/falco/app/actions/helpers_generic.cpp
index 75217d801aa..44e205edf94 100644
--- a/userspace/falco/app/actions/helpers_generic.cpp
+++ b/userspace/falco/app/actions/helpers_generic.cpp
@@ -47,7 +47,7 @@ void falco::app::actions::print_enabled_event_sources(falco::app::state& s)
str += str.empty() ? "" : ", ";
str += src;
}
- falco_logger::log(LOG_INFO, "Loaded event sources: " + str);
+ falco_logger::log(falco_logger::level::INFO, "Loaded event sources: " + str);
/* Print all enabled sources. */
str.clear();
@@ -56,7 +56,7 @@ void falco::app::actions::print_enabled_event_sources(falco::app::state& s)
str += str.empty() ? "" : ", ";
str += src;
}
- falco_logger::log(LOG_INFO, "Enabled event sources: " + str);
+ falco_logger::log(falco_logger::level::INFO, "Enabled event sources: " + str);
// print some warnings to the user
for (const auto& src : s.enabled_sources)
@@ -77,7 +77,7 @@ void falco::app::actions::print_enabled_event_sources(falco::app::state& s)
{
if (src != falco_common::syscall_source || s.options.nodriver)
{
- falco_logger::log(LOG_WARNING, "Enabled event source '"
+ falco_logger::log(falco_logger::level::WARNING, "Enabled event source '"
+ src + "' can be opened with multiple loaded plugins, will use only '"
+ first_plugin->name() + "'");
}
@@ -86,7 +86,7 @@ void falco::app::actions::print_enabled_event_sources(falco::app::state& s)
}
if (!first_plugin && s.options.nodriver)
{
- falco_logger::log(LOG_WARNING, "Enabled event source '"
+ falco_logger::log(falco_logger::level::WARNING, "Enabled event source '"
+ src + "' will be opened with no driver, no event will be produced");
}
}
diff --git a/userspace/falco/app/actions/helpers_inspector.cpp b/userspace/falco/app/actions/helpers_inspector.cpp
index 3e879081576..28df58d221d 100644
--- a/userspace/falco/app/actions/helpers_inspector.cpp
+++ b/userspace/falco/app/actions/helpers_inspector.cpp
@@ -38,7 +38,7 @@ falco::app::run_result falco::app::actions::open_offline_inspector(falco::app::s
try
{
s.offline_inspector->open_savefile(s.options.trace_filename);
- falco_logger::log(LOG_INFO, "Reading system call events from file: " + s.options.trace_filename + "\n");
+ falco_logger::log(falco_logger::level::INFO, "Reading system call events from file: " + s.options.trace_filename + "\n");
return run_result::ok();
}
catch (sinsp_exception &e)
@@ -64,7 +64,7 @@ falco::app::run_result falco::app::actions::open_live_inspector(
if (p->caps() & CAP_SOURCING && p->id() != 0 && p->event_source() == source)
{
auto cfg = s.plugin_configs.at(p->name());
- falco_logger::log(LOG_INFO, "Opening '" + source + "' source with plugin '" + cfg->m_name + "'");
+ falco_logger::log(falco_logger::level::INFO, "Opening '" + source + "' source with plugin '" + cfg->m_name + "'");
inspector->open_plugin(cfg->m_name, cfg->m_open_params);
return run_result::ok();
}
@@ -82,23 +82,23 @@ falco::app::run_result falco::app::actions::open_live_inspector(
if (p->caps() & CAP_SOURCING && p->id() == 0)
{
auto cfg = s.plugin_configs.at(p->name());
- falco_logger::log(LOG_INFO, "Opening '" + source + "' source with plugin '" + cfg->m_name + "'");
+ falco_logger::log(falco_logger::level::INFO, "Opening '" + source + "' source with plugin '" + cfg->m_name + "'");
inspector->open_plugin(cfg->m_name, cfg->m_open_params);
return run_result::ok();
}
}
- falco_logger::log(LOG_INFO, "Opening '" + source + "' source with no driver\n");
+ falco_logger::log(falco_logger::level::INFO, "Opening '" + source + "' source with no driver\n");
inspector->open_nodriver();
}
else if(s.is_gvisor_enabled()) /* gvisor engine. */
{
- falco_logger::log(LOG_INFO, "Opening '" + source + "' source with gVisor. Configuration path: " + s.options.gvisor_config);
+ falco_logger::log(falco_logger::level::INFO, "Opening '" + source + "' source with gVisor. Configuration path: " + s.options.gvisor_config);
inspector->open_gvisor(s.options.gvisor_config, s.options.gvisor_root);
}
else if(s.options.modern_bpf) /* modern BPF engine. */
{
- falco_logger::log(LOG_INFO, "Opening '" + source + "' source with modern BPF probe.");
- falco_logger::log(LOG_INFO, "One ring buffer every '" + std::to_string(s.config->m_cpus_for_each_syscall_buffer) + "' CPUs.");
+ falco_logger::log(falco_logger::level::INFO, "Opening '" + source + "' source with modern BPF probe.");
+ falco_logger::log(falco_logger::level::INFO, "One ring buffer every '" + std::to_string(s.config->m_cpus_for_each_syscall_buffer) + "' CPUs.");
inspector->open_modern_bpf(s.syscall_buffer_bytes_size, s.config->m_cpus_for_each_syscall_buffer, true, s.selected_sc_set);
}
else if(getenv(FALCO_BPF_ENV_VARIABLE) != NULL) /* BPF engine. */
@@ -116,23 +116,23 @@ falco::app::run_result falco::app::actions::open_live_inspector(
snprintf(full_path, PATH_MAX, "%s/%s", home, FALCO_PROBE_BPF_FILEPATH);
bpf_probe_path = full_path;
}
- falco_logger::log(LOG_INFO, "Opening '" + source + "' source with BPF probe. BPF probe path: " + std::string(bpf_probe_path));
+ falco_logger::log(falco_logger::level::INFO, "Opening '" + source + "' source with BPF probe. BPF probe path: " + std::string(bpf_probe_path));
inspector->open_bpf(bpf_probe_path, s.syscall_buffer_bytes_size, s.selected_sc_set);
}
else /* Kernel module (default). */
{
try
{
- falco_logger::log(LOG_INFO, "Opening '" + source + "' source with Kernel module");
+ falco_logger::log(falco_logger::level::INFO, "Opening '" + source + "' source with Kernel module");
inspector->open_kmod(s.syscall_buffer_bytes_size, s.selected_sc_set);
}
catch(sinsp_exception &e)
{
// Try to insert the Falco kernel module
- falco_logger::log(LOG_INFO, "Trying to inject the Kernel module and opening the capture again...");
+ falco_logger::log(falco_logger::level::INFO, "Trying to inject the Kernel module and opening the capture again...");
if(system("modprobe " DRIVER_NAME " > /dev/null 2> /dev/null"))
{
- falco_logger::log(LOG_ERR, "Unable to load the driver\n");
+ falco_logger::log(falco_logger::level::ERR, "Unable to load the driver\n");
}
inspector->open_kmod(s.syscall_buffer_bytes_size, s.selected_sc_set);
}
diff --git a/userspace/falco/app/actions/init_clients.cpp b/userspace/falco/app/actions/init_clients.cpp
index 48f53da45b6..7c64a462775 100644
--- a/userspace/falco/app/actions/init_clients.cpp
+++ b/userspace/falco/app/actions/init_clients.cpp
@@ -31,14 +31,14 @@ falco::app::run_result falco::app::actions::init_clients(falco::app::state& s)
auto inspector = s.source_infos.at(falco_common::syscall_source)->inspector;
- falco_logger::log(LOG_DEBUG, "Setting metadata download max size to " + std::to_string(s.config->m_metadata_download_max_mb) + " MB\n");
- falco_logger::log(LOG_DEBUG, "Setting metadata download chunk wait time to " + std::to_string(s.config->m_metadata_download_chunk_wait_us) + " μs\n");
- falco_logger::log(LOG_DEBUG, "Setting metadata download watch frequency to " + std::to_string(s.config->m_metadata_download_watch_freq_sec) + " seconds\n");
+ falco_logger::log(falco_logger::level::DEBUG, "Setting metadata download max size to " + std::to_string(s.config->m_metadata_download_max_mb) + " MB\n");
+ falco_logger::log(falco_logger::level::DEBUG, "Setting metadata download chunk wait time to " + std::to_string(s.config->m_metadata_download_chunk_wait_us) + " μs\n");
+ falco_logger::log(falco_logger::level::DEBUG, "Setting metadata download watch frequency to " + std::to_string(s.config->m_metadata_download_watch_freq_sec) + " seconds\n");
inspector->set_metadata_download_params(s.config->m_metadata_download_max_mb * 1024 * 1024, s.config->m_metadata_download_chunk_wait_us, s.config->m_metadata_download_watch_freq_sec);
if (s.options.dry_run)
{
- falco_logger::log(LOG_DEBUG, "Skipping clients initialization in dry-run\n");
+ falco_logger::log(falco_logger::level::DEBUG, "Skipping clients initialization in dry-run\n");
return run_result::ok();
}
diff --git a/userspace/falco/app/actions/init_inspectors.cpp b/userspace/falco/app/actions/init_inspectors.cpp
index 5e958fc21c4..79a9685ad68 100644
--- a/userspace/falco/app/actions/init_inspectors.cpp
+++ b/userspace/falco/app/actions/init_inspectors.cpp
@@ -51,7 +51,7 @@ static void init_syscall_inspector(falco::app::state& s, std::shared_ptr
if (s.config->m_syscall_drop_failed_exit)
{
- falco_logger::log(LOG_INFO, "Failed syscall exit events are dropped in the kernel driver\n");
+ falco_logger::log(falco_logger::level::INFO, "Failed syscall exit events are dropped in the kernel driver\n");
inspector->set_dropfailed(true);
}
diff --git a/userspace/falco/app/actions/init_outputs.cpp b/userspace/falco/app/actions/init_outputs.cpp
index b3f300dbbd5..29017b7880f 100644
--- a/userspace/falco/app/actions/init_outputs.cpp
+++ b/userspace/falco/app/actions/init_outputs.cpp
@@ -41,7 +41,7 @@ falco::app::run_result falco::app::actions::init_outputs(falco::app::state& s)
if(env_hostname || (env_hostname = getenv("FALCO_GRPC_HOSTNAME")))
{
hostname = env_hostname;
- falco_logger::log(LOG_INFO, "Hostname value has been overridden via environment variable to: " + hostname + "\n");
+ falco_logger::log(falco_logger::level::INFO, "Hostname value has been overridden via environment variable to: " + hostname + "\n");
}
else
{
@@ -56,7 +56,7 @@ falco::app::run_result falco::app::actions::init_outputs(falco::app::state& s)
if (s.options.dry_run)
{
- falco_logger::log(LOG_DEBUG, "Skipping outputs initialization in dry-run\n");
+ falco_logger::log(falco_logger::level::DEBUG, "Skipping outputs initialization in dry-run\n");
return run_result::ok();
}
diff --git a/userspace/falco/app/actions/load_config.cpp b/userspace/falco/app/actions/load_config.cpp
index 8f093912f2d..30b60ff562d 100644
--- a/userspace/falco/app/actions/load_config.cpp
+++ b/userspace/falco/app/actions/load_config.cpp
@@ -49,14 +49,14 @@ falco::app::run_result falco::app::actions::load_config(falco::app::state& s)
// log after config init because config determines where logs go
falco_logger::set_time_format_iso_8601(s.config->m_time_format_iso_8601);
- falco_logger::log(LOG_INFO, "Falco version: " + std::string(FALCO_VERSION) + " (" + std::string(FALCO_TARGET_ARCH) + ")\n");
+ falco_logger::log(falco_logger::level::INFO, "Falco version: " + std::string(FALCO_VERSION) + " (" + std::string(FALCO_TARGET_ARCH) + ")\n");
if (!s.cmdline.empty())
{
- falco_logger::log(LOG_DEBUG, "CLI args: " + s.cmdline);
+ falco_logger::log(falco_logger::level::DEBUG, "CLI args: " + s.cmdline);
}
if (!s.options.conf_filename.empty())
{
- falco_logger::log(LOG_INFO, "Falco initialized with configuration file: " + s.options.conf_filename + "\n");
+ falco_logger::log(falco_logger::level::INFO, "Falco initialized with configuration file: " + s.options.conf_filename + "\n");
}
s.config->m_buffered_outputs = !s.options.unbuffered_outputs;
diff --git a/userspace/falco/app/actions/load_plugins.cpp b/userspace/falco/app/actions/load_plugins.cpp
index 2ee16f68756..2d2cd95b8e0 100644
--- a/userspace/falco/app/actions/load_plugins.cpp
+++ b/userspace/falco/app/actions/load_plugins.cpp
@@ -49,7 +49,7 @@ falco::app::run_result falco::app::actions::load_plugins(falco::app::state& s)
// Load all the configured plugins
for(auto &p : s.config->m_plugins)
{
- falco_logger::log(LOG_INFO, "Loading plugin '" + p.m_name + "' from file " + p.m_library_path + "\n");
+ falco_logger::log(falco_logger::level::INFO, "Loading plugin '" + p.m_name + "' from file " + p.m_library_path + "\n");
auto plugin = s.offline_inspector->register_plugin(p.m_library_path);
s.plugin_configs.insert(p, plugin->name());
if(plugin->caps() & CAP_SOURCING && plugin->id() != 0)
diff --git a/userspace/falco/app/actions/load_rules_files.cpp b/userspace/falco/app/actions/load_rules_files.cpp
index 5b4d8de1b47..f38af052b49 100644
--- a/userspace/falco/app/actions/load_rules_files.cpp
+++ b/userspace/falco/app/actions/load_rules_files.cpp
@@ -39,10 +39,10 @@ falco::app::run_result falco::app::actions::load_rules_files(falco::app::state&
return run_result::fatal("You must specify at least one rules file/directory via -r or a rules_file entry in falco.yaml");
}
- falco_logger::log(LOG_DEBUG, "Configured rules filenames:\n");
+ falco_logger::log(falco_logger::level::DEBUG, "Configured rules filenames:\n");
for (const auto& path : s.config->m_rules_filenames)
{
- falco_logger::log(LOG_DEBUG, std::string(" ") + path + "\n");
+ falco_logger::log(falco_logger::level::DEBUG, std::string(" ") + path + "\n");
}
for (const auto &path : s.config->m_rules_filenames)
@@ -67,7 +67,7 @@ falco::app::run_result falco::app::actions::load_rules_files(falco::app::state&
std::string err = "";
for(auto &filename : s.config->m_loaded_rules_filenames)
{
- falco_logger::log(LOG_INFO, "Loading rules from file " + filename + "\n");
+ falco_logger::log(falco_logger::level::INFO, "Loading rules from file " + filename + "\n");
std::unique_ptr res;
res = s.engine->load_rules(rc.at(filename), filename);
@@ -130,7 +130,7 @@ falco::app::run_result falco::app::actions::load_rules_files(falco::app::state&
for (const auto& substring : s.options.disabled_rule_substrings)
{
- falco_logger::log(LOG_INFO, "Disabling rules matching substring: " + substring + "\n");
+ falco_logger::log(falco_logger::level::INFO, "Disabling rules matching substring: " + substring + "\n");
s.engine->enable_rule(substring, false);
}
@@ -138,7 +138,7 @@ falco::app::run_result falco::app::actions::load_rules_files(falco::app::state&
{
for(auto &tag : s.options.disabled_rule_tags)
{
- falco_logger::log(LOG_INFO, "Disabling rules with tag: " + tag + "\n");
+ falco_logger::log(falco_logger::level::INFO, "Disabling rules with tag: " + tag + "\n");
}
s.engine->enable_rule_by_tag(s.options.disabled_rule_tags, false);
}
@@ -150,7 +150,7 @@ falco::app::run_result falco::app::actions::load_rules_files(falco::app::state&
s.engine->enable_rule(all_rules, false);
for(auto &tag : s.options.enabled_rule_tags)
{
- falco_logger::log(LOG_INFO, "Enabling rules with tag: " + tag + "\n");
+ falco_logger::log(falco_logger::level::INFO, "Enabling rules with tag: " + tag + "\n");
}
s.engine->enable_rule_by_tag(s.options.enabled_rule_tags, true);
}
diff --git a/userspace/falco/app/actions/pidfile.cpp b/userspace/falco/app/actions/pidfile.cpp
index 109f2e6eb23..be5ac93a9aa 100644
--- a/userspace/falco/app/actions/pidfile.cpp
+++ b/userspace/falco/app/actions/pidfile.cpp
@@ -28,7 +28,7 @@ falco::app::run_result falco::app::actions::pidfile(falco::app::state& s)
{
if (s.options.dry_run)
{
- falco_logger::log(LOG_DEBUG, "Skipping pidfile creation in dry-run\n");
+ falco_logger::log(falco_logger::level::DEBUG, "Skipping pidfile creation in dry-run\n");
return run_result::ok();
}
@@ -41,7 +41,7 @@ falco::app::run_result falco::app::actions::pidfile(falco::app::state& s)
if (!pidfile.good())
{
- falco_logger::log(LOG_ERR, "Could not write pid to pidfile " + s.options.pidfilename + ". Exiting.\n");
+ falco_logger::log(falco_logger::level::ERR, "Could not write pid to pidfile " + s.options.pidfilename + ". Exiting.\n");
exit(-1);
}
pidfile << self_pid;
diff --git a/userspace/falco/app/actions/print_page_size.cpp b/userspace/falco/app/actions/print_page_size.cpp
index 0c4e3ba2d94..df84ce6ac02 100644
--- a/userspace/falco/app/actions/print_page_size.cpp
+++ b/userspace/falco/app/actions/print_page_size.cpp
@@ -39,7 +39,7 @@ falco::app::run_result falco::app::actions::print_page_size(falco::app::state& s
}
else
{
- falco_logger::log(LOG_INFO, "Your system page size is: " + std::to_string(page_size) + " bytes\n");
+ falco_logger::log(falco_logger::level::INFO, "Your system page size is: " + std::to_string(page_size) + " bytes\n");
}
return run_result::exit();
}
diff --git a/userspace/falco/app/actions/process_events.cpp b/userspace/falco/app/actions/process_events.cpp
index 69ed7fa9e20..120e702ff9d 100644
--- a/userspace/falco/app/actions/process_events.cpp
+++ b/userspace/falco/app/actions/process_events.cpp
@@ -183,7 +183,7 @@ static falco::app::run_result do_inspect(
if (falco::app::g_reopen_outputs_signal.triggered())
{
falco::app::g_reopen_outputs_signal.handle([&s](){
- falco_logger::log(LOG_INFO, "SIGUSR1 received, reopening outputs...\n");
+ falco_logger::log(falco_logger::level::INFO, "SIGUSR1 received, reopening outputs...\n");
if(s.outputs != nullptr)
{
s.outputs->reopen_outputs();
@@ -195,14 +195,14 @@ static falco::app::run_result do_inspect(
if(falco::app::g_terminate_signal.triggered())
{
falco::app::g_terminate_signal.handle([&](){
- falco_logger::log(LOG_INFO, "SIGINT received, exiting...\n");
+ falco_logger::log(falco_logger::level::INFO, "SIGINT received, exiting...\n");
});
break;
}
else if(falco::app::g_restart_signal.triggered())
{
falco::app::g_restart_signal.handle([&s](){
- falco_logger::log(LOG_INFO, "SIGHUP received, restarting...\n");
+ falco_logger::log(falco_logger::level::INFO, "SIGHUP received, restarting...\n");
s.restart.store(true);
});
break;
@@ -418,7 +418,7 @@ static falco::app::run_result init_stats_writer(
return falco::app::run_result::fatal("Metrics are enabled with no output configured. Please enable at least one output channel");
}
- falco_logger::log(LOG_INFO, "Setting metrics interval to " + config->m_metrics_interval_str + ", equivalent to " + std::to_string(config->m_metrics_interval) + " (ms)\n");
+ falco_logger::log(falco_logger::level::INFO, "Setting metrics interval to " + config->m_metrics_interval_str + ", equivalent to " + std::to_string(config->m_metrics_interval) + " (ms)\n");
auto res = falco::app::run_result::ok();
if (is_dry_run)
@@ -441,7 +441,7 @@ falco::app::run_result falco::app::actions::process_events(falco::app::state& s)
if (s.options.dry_run)
{
- falco_logger::log(LOG_DEBUG, "Skipping event processing in dry-run\n");
+ falco_logger::log(falco_logger::level::DEBUG, "Skipping event processing in dry-run\n");
return res;
}
@@ -496,7 +496,7 @@ falco::app::run_result falco::app::actions::process_events(falco::app::state& s)
try
{
- falco_logger::log(LOG_DEBUG, "Opening event source '" + source + "'\n");
+ falco_logger::log(falco_logger::level::DEBUG, "Opening event source '" + source + "'\n");
termination_sem.acquire();
res = open_live_inspector(s, src_info->inspector, source);
if (!res.success)
@@ -542,7 +542,7 @@ falco::app::run_result falco::app::actions::process_events(falco::app::state& s)
{
if (!res.success && !termination_forced)
{
- falco_logger::log(LOG_INFO, "An error occurred in an event source, forcing termination...\n");
+ falco_logger::log(falco_logger::level::INFO, "An error occurred in an event source, forcing termination...\n");
falco::app::g_terminate_signal.trigger();
falco::app::g_terminate_signal.handle([&](){});
termination_forced = true;
@@ -573,7 +573,7 @@ falco::app::run_result falco::app::actions::process_events(falco::app::state& s)
ctx.thread->join();
}
- falco_logger::log(LOG_DEBUG, "Closing event source '" + ctx.source + "'\n");
+ falco_logger::log(falco_logger::level::DEBUG, "Closing event source '" + ctx.source + "'\n");
s.source_infos.at(ctx.source)->inspector->close();
res = run_result::merge(res, ctx.res);
diff --git a/userspace/falco/app/actions/start_grpc_server.cpp b/userspace/falco/app/actions/start_grpc_server.cpp
index 7d52aad955a..b6a238804b8 100644
--- a/userspace/falco/app/actions/start_grpc_server.cpp
+++ b/userspace/falco/app/actions/start_grpc_server.cpp
@@ -32,11 +32,11 @@ falco::app::run_result falco::app::actions::start_grpc_server(falco::app::state&
{
if (s.options.dry_run)
{
- falco_logger::log(LOG_DEBUG, "Skipping starting gRPC server in dry-run\n");
+ falco_logger::log(falco_logger::level::DEBUG, "Skipping starting gRPC server in dry-run\n");
return run_result::ok();
}
- falco_logger::log(LOG_INFO, "gRPC server threadiness equals to " + std::to_string(s.config->m_grpc_threadiness) + "\n");
+ falco_logger::log(falco_logger::level::INFO, "gRPC server threadiness equals to " + std::to_string(s.config->m_grpc_threadiness) + "\n");
// TODO(fntlnz,leodido): when we want to spawn multiple threads we need to have a queue per thread, or implement
// different queuing mechanisms, round robin, fanout? What we want to achieve?
s.grpc_server.init(
@@ -62,7 +62,7 @@ falco::app::run_result falco::app::actions::stop_grpc_server(falco::app::state&
{
if (s.options.dry_run)
{
- falco_logger::log(LOG_DEBUG, "Skipping stopping gRPC server in dry-run\n");
+ falco_logger::log(falco_logger::level::DEBUG, "Skipping stopping gRPC server in dry-run\n");
return run_result::ok();
}
diff --git a/userspace/falco/app/actions/start_webserver.cpp b/userspace/falco/app/actions/start_webserver.cpp
index a6f5b0c3073..8a3e0509976 100644
--- a/userspace/falco/app/actions/start_webserver.cpp
+++ b/userspace/falco/app/actions/start_webserver.cpp
@@ -31,12 +31,12 @@ falco::app::run_result falco::app::actions::start_webserver(falco::app::state& s
{
if (s.options.dry_run)
{
- falco_logger::log(LOG_DEBUG, "Skipping starting webserver in dry-run\n");
+ falco_logger::log(falco_logger::level::DEBUG, "Skipping starting webserver in dry-run\n");
return run_result::ok();
}
std::string ssl_option = (s.config->m_webserver_ssl_enabled ? " (SSL)" : "");
- falco_logger::log(LOG_INFO, "Starting health webserver with threadiness "
+ falco_logger::log(falco_logger::level::INFO, "Starting health webserver with threadiness "
+ std::to_string(s.config->m_webserver_threadiness)
+ ", listening on port "
+ std::to_string(s.config->m_webserver_listen_port)
@@ -61,7 +61,7 @@ falco::app::run_result falco::app::actions::stop_webserver(falco::app::state& s)
{
if (s.options.dry_run)
{
- falco_logger::log(LOG_DEBUG, "Skipping stopping webserver in dry-run\n");
+ falco_logger::log(falco_logger::level::DEBUG, "Skipping stopping webserver in dry-run\n");
return run_result::ok();
}
diff --git a/userspace/falco/app/actions/validate_rules_files.cpp b/userspace/falco/app/actions/validate_rules_files.cpp
index afc1e6f4f53..48b41f75e43 100644
--- a/userspace/falco/app/actions/validate_rules_files.cpp
+++ b/userspace/falco/app/actions/validate_rules_files.cpp
@@ -66,10 +66,10 @@ falco::app::run_result falco::app::actions::validate_rules_files(falco::app::sta
// printed when verbose is true.
std::string summary;
- falco_logger::log(LOG_INFO, "Validating rules file(s):\n");
+ falco_logger::log(falco_logger::level::INFO, "Validating rules file(s):\n");
for(auto file : s.options.validate_rules_filenames)
{
- falco_logger::log(LOG_INFO, " " + file + "\n");
+ falco_logger::log(falco_logger::level::INFO, " " + file + "\n");
}
// The json output encompasses all files so the
diff --git a/userspace/falco/app/restart_handler.cpp b/userspace/falco/app/restart_handler.cpp
index ac8976606ce..49ecf8c1a53 100644
--- a/userspace/falco/app/restart_handler.cpp
+++ b/userspace/falco/app/restart_handler.cpp
@@ -66,7 +66,7 @@ bool falco::app::restart_handler::start(std::string& err)
err = "could not watch file: " + f;
return false;
}
- falco_logger::log(LOG_DEBUG, "Watching file '" + f +"'\n");
+ falco_logger::log(falco_logger::level::DEBUG, "Watching file '" + f +"'\n");
}
for (const auto &f : m_watched_dirs)
@@ -77,7 +77,7 @@ bool falco::app::restart_handler::start(std::string& err)
err = "could not watch directory: " + f;
return false;
}
- falco_logger::log(LOG_DEBUG, "Watching directory '" + f +"'\n");
+ falco_logger::log(falco_logger::level::DEBUG, "Watching directory '" + f +"'\n");
}
// launch the watcher thread
@@ -104,7 +104,7 @@ void falco::app::restart_handler::watcher_loop() noexcept
{
// an error occurred, we can't recover
// todo(jasondellaluce): should we terminate the process?
- falco_logger::log(LOG_ERR, "Failed owning inotify handler, shutting down watcher...");
+ falco_logger::log(falco_logger::level::ERR, "Failed owning inotify handler, shutting down watcher...");
return;
}
@@ -129,7 +129,7 @@ void falco::app::restart_handler::watcher_loop() noexcept
{
// an error occurred, we can't recover
// todo(jasondellaluce): should we terminate the process?
- falco_logger::log(LOG_ERR, "Failed select with inotify handler, shutting down watcher...");
+ falco_logger::log(falco_logger::level::ERR, "Failed select with inotify handler, shutting down watcher...");
return;
}
@@ -190,7 +190,7 @@ void falco::app::restart_handler::watcher_loop() noexcept
{
// an error occurred, we can't recover
// todo(jasondellaluce): should we terminate the process?
- falco_logger::log(LOG_ERR, "Failed read with inotify handler, shutting down watcher...");
+ falco_logger::log(falco_logger::level::ERR, "Failed read with inotify handler, shutting down watcher...");
return;
}
// this is an odd case, but if we got here with
diff --git a/userspace/falco/event_drops.cpp b/userspace/falco/event_drops.cpp
index f26f77f1836..0d5fc28765d 100644
--- a/userspace/falco/event_drops.cpp
+++ b/userspace/falco/event_drops.cpp
@@ -99,7 +99,7 @@ bool syscall_evt_drop_mgr::process_event(std::shared_ptr inspector, sinsp
if(m_simulate_drops)
{
- falco_logger::log(LOG_INFO, "Simulating syscall event drop");
+ falco_logger::log(falco_logger::level::INFO, "Simulating syscall event drop");
delta.n_drops++;
}
@@ -124,7 +124,7 @@ bool syscall_evt_drop_mgr::process_event(std::shared_ptr inspector, sinsp
}
else
{
- falco_logger::log(LOG_DEBUG, "Syscall event drop but token bucket depleted, skipping actions");
+ falco_logger::log(falco_logger::level::DEBUG, "Syscall event drop but token bucket depleted, skipping actions");
}
}
}
@@ -153,7 +153,7 @@ bool syscall_evt_drop_mgr::perform_actions(uint64_t now, scap_stats &delta, bool
return true;
case syscall_evt_drop_action::LOG:
- falco_logger::log(LOG_DEBUG, std::move(msg));
+ falco_logger::log(falco_logger::level::DEBUG, std::move(msg));
return true;
case syscall_evt_drop_action::ALERT:
@@ -195,12 +195,12 @@ bool syscall_evt_drop_mgr::perform_actions(uint64_t now, scap_stats &delta, bool
return true;
}
case syscall_evt_drop_action::EXIT:
- falco_logger::log(LOG_CRIT, std::move(msg));
- falco_logger::log(LOG_CRIT, "Exiting.");
+ falco_logger::log(falco_logger::level::CRIT, std::move(msg));
+ falco_logger::log(falco_logger::level::CRIT, "Exiting.");
return false;
default:
- falco_logger::log(LOG_ERR, "Ignoring unknown action " + std::to_string(int(act)));
+ falco_logger::log(falco_logger::level::ERR, "Ignoring unknown action " + std::to_string(int(act)));
return true;
}
}
diff --git a/userspace/falco/falco.cpp b/userspace/falco/falco.cpp
index f966c0f1b3d..60943e6a876 100644
--- a/userspace/falco/falco.cpp
+++ b/userspace/falco/falco.cpp
@@ -33,7 +33,7 @@ static void display_fatal_err(const std::string &&msg)
std::cerr << msg;
}
- falco_logger::log(LOG_ERR, std::move(msg));
+ falco_logger::log(falco_logger::level::ERR, std::move(msg));
}
//
diff --git a/userspace/falco/falco_outputs.cpp b/userspace/falco/falco_outputs.cpp
index 457d5869cb8..cc8deed1e0b 100644
--- a/userspace/falco/falco_outputs.cpp
+++ b/userspace/falco/falco_outputs.cpp
@@ -126,7 +126,7 @@ void falco_outputs::add_output(falco::outputs::config oc)
}
else
{
- falco_logger::log(LOG_ERR, "Failed to init output: " + init_err);
+ falco_logger::log(falco_logger::level::ERR, "Failed to init output: " + init_err);
delete(oo);
}
}
@@ -258,7 +258,7 @@ void falco_outputs::stop_worker()
{
watchdog wd;
wd.start([&](void *) -> void {
- falco_logger::log(LOG_NOTICE, "output channels still blocked, discarding all remaining notifications\n");
+ falco_logger::log(falco_logger::level::NOTICE, "output channels still blocked, discarding all remaining notifications\n");
#ifndef __EMSCRIPTEN__
m_queue.clear();
#endif
@@ -287,7 +287,7 @@ inline void falco_outputs::push(const ctrl_msg& cmsg)
{
if(m_outputs_queue_num_drops.load() == 0)
{
- falco_logger::log(LOG_ERR, "Outputs queue out of memory. Drop event and continue on ...");
+ falco_logger::log(falco_logger::level::ERR, "Outputs queue out of memory. Drop event and continue on ...");
}
m_outputs_queue_num_drops++;
}
@@ -306,7 +306,7 @@ void falco_outputs::worker() noexcept
{
watchdog wd;
wd.start([&](const std::string& payload) -> void {
- falco_logger::log(LOG_CRIT, "\"" + payload + "\" output timeout, all output channels are blocked\n");
+ falco_logger::log(falco_logger::level::CRIT, "\"" + payload + "\" output timeout, all output channels are blocked\n");
});
auto timeout = m_timeout;
@@ -328,7 +328,7 @@ void falco_outputs::worker() noexcept
}
catch(const std::exception &e)
{
- falco_logger::log(LOG_ERR, o->get_name() + ": " + std::string(e.what()) + "\n");
+ falco_logger::log(falco_logger::level::ERR, o->get_name() + ": " + std::string(e.what()) + "\n");
}
}
wd.cancel_timeout();
@@ -350,7 +350,7 @@ inline void falco_outputs::process_msg(falco::outputs::abstract_output* o, const
o->reopen();
break;
default:
- falco_logger::log(LOG_DEBUG, "Outputs worker received an unknown message type\n");
+ falco_logger::log(falco_logger::level::DEBUG, "Outputs worker received an unknown message type\n");
}
}
diff --git a/userspace/falco/grpc_server.cpp b/userspace/falco/grpc_server.cpp
index 8e511b46831..8f6838ae5cb 100644
--- a/userspace/falco/grpc_server.cpp
+++ b/userspace/falco/grpc_server.cpp
@@ -55,17 +55,17 @@ limitations under the License.
static void gpr_log_dispatcher_func(gpr_log_func_args* args)
{
- int priority;
+ falco_logger::level priority;
switch(args->severity)
{
case GPR_LOG_SEVERITY_ERROR:
- priority = LOG_ERR;
+ priority = falco_logger::level::ERR;
break;
case GPR_LOG_SEVERITY_DEBUG:
- priority = LOG_DEBUG;
+ priority = falco_logger::level::DEBUG;
break;
default:
- priority = LOG_INFO;
+ priority = falco_logger::level::INFO;
break;
}
@@ -199,10 +199,10 @@ void falco::grpc::server::run()
m_server = m_server_builder.BuildAndStart();
if(m_server == nullptr)
{
- falco_logger::log(LOG_EMERG, "Error starting gRPC server\n");
+ falco_logger::log(falco_logger::level::EMERG, "Error starting gRPC server\n");
return;
}
- falco_logger::log(LOG_INFO, "Starting gRPC server at " + m_server_addr + "\n");
+ falco_logger::log(falco_logger::level::INFO, "Starting gRPC server at " + m_server_addr + "\n");
// The number of contexts is multiple of the number of threads
// This defines the number of simultaneous completion queue requests of the same type (service::AsyncService::Request##RPC)
@@ -229,10 +229,10 @@ void falco::grpc::server::run()
void falco::grpc::server::stop()
{
- falco_logger::log(LOG_INFO, "Shutting down gRPC server. Waiting until external connections are closed by clients\n");
+ falco_logger::log(falco_logger::level::INFO, "Shutting down gRPC server. Waiting until external connections are closed by clients\n");
m_completion_queue->Shutdown();
- falco_logger::log(LOG_INFO, "Waiting for the gRPC threads to complete\n");
+ falco_logger::log(falco_logger::level::INFO, "Waiting for the gRPC threads to complete\n");
for(std::thread& t : m_threads)
{
if(t.joinable())
@@ -242,7 +242,7 @@ void falco::grpc::server::stop()
}
m_threads.clear();
- falco_logger::log(LOG_INFO, "Draining all the remaining gRPC events\n");
+ falco_logger::log(falco_logger::level::INFO, "Draining all the remaining gRPC events\n");
// Ignore remaining events
void* ignore_tag = nullptr;
bool ignore_ok = false;
@@ -250,5 +250,5 @@ void falco::grpc::server::stop()
{
}
- falco_logger::log(LOG_INFO, "Shutting down gRPC server complete\n");
+ falco_logger::log(falco_logger::level::INFO, "Shutting down gRPC server complete\n");
}
diff --git a/userspace/falco/logger.cpp b/userspace/falco/logger.cpp
index 764647b5c3f..12597392883 100644
--- a/userspace/falco/logger.cpp
+++ b/userspace/falco/logger.cpp
@@ -20,7 +20,7 @@ limitations under the License.
#include "falco_common.h"
-int falco_logger::level = LOG_INFO;
+falco_logger::level falco_logger::current_level = falco_logger::level::INFO;
bool falco_logger::time_format_iso_8601 = false;
static sinsp_logger::severity decode_sinsp_severity(const std::string& s)
@@ -69,35 +69,35 @@ void falco_logger::set_level(std::string &level)
{
if(level == "emergency")
{
- falco_logger::level = LOG_EMERG;
+ falco_logger::current_level = falco_logger::level::EMERG;
}
else if(level == "alert")
{
- falco_logger::level = LOG_ALERT;
+ falco_logger::current_level = falco_logger::level::ALERT;
}
else if(level == "critical")
{
- falco_logger::level = LOG_CRIT;
+ falco_logger::current_level = falco_logger::level::CRIT;
}
else if(level == "error")
{
- falco_logger::level = LOG_ERR;
+ falco_logger::current_level = falco_logger::level::ERR;
}
else if(level == "warning")
{
- falco_logger::level = LOG_WARNING;
+ falco_logger::current_level = falco_logger::level::WARNING;
}
else if(level == "notice")
{
- falco_logger::level = LOG_NOTICE;
+ falco_logger::current_level = falco_logger::level::NOTICE;
}
else if(level == "info")
{
- falco_logger::level = LOG_INFO;
+ falco_logger::current_level = falco_logger::level::INFO;
}
else if(level == "debug")
{
- falco_logger::level = LOG_DEBUG;
+ falco_logger::current_level = falco_logger::level::DEBUG;
}
else
{
@@ -121,7 +121,7 @@ void falco_logger::set_sinsp_logging(bool enable, const std::string& severity, c
// logs are always printed by the Falco logger. These
// logs are pre-filtered at the sinsp level depending
// on the configured severity
- falco_logger::log(falco_logger::level, s_sinsp_logger_prefix + str);
+ falco_logger::log(falco_logger::current_level, s_sinsp_logger_prefix + str);
});
}
else
@@ -134,10 +134,10 @@ void falco_logger::set_sinsp_logging(bool enable, const std::string& severity, c
bool falco_logger::log_stderr = true;
bool falco_logger::log_syslog = true;
-void falco_logger::log(int priority, const std::string&& msg)
+void falco_logger::log(falco_logger::level priority, const std::string&& msg)
{
- if(priority > falco_logger::level)
+ if(priority > falco_logger::current_level)
{
return;
}
@@ -153,7 +153,7 @@ void falco_logger::log(int priority, const std::string&& msg)
copy.pop_back();
}
- ::syslog(priority, "%s", copy.c_str());
+ ::syslog(static_cast(priority), "%s", copy.c_str());
}
#endif
diff --git a/userspace/falco/logger.h b/userspace/falco/logger.h
index 4fac3ed440f..2dab04b4c8b 100644
--- a/userspace/falco/logger.h
+++ b/userspace/falco/logger.h
@@ -18,16 +18,7 @@ limitations under the License.
#pragma once
#include "sinsp.h"
-#ifdef _WIN32
-#define LOG_EMERG 0
-#define LOG_ALERT 1
-#define LOG_CRIT 2
-#define LOG_ERR 3
-#define LOG_WARNING 4
-#define LOG_NOTICE 5
-#define LOG_INFO 6
-#define LOG_DEBUG 7
-#else
+#ifndef _WIN32
#include
#endif
@@ -35,6 +26,18 @@ class falco_logger
{
public:
+ enum class level : int
+ {
+ EMERG = 0,
+ ALERT,
+ CRIT,
+ ERR,
+ WARNING,
+ NOTICE,
+ INFO,
+ DEBUG
+ };
+
static void set_time_format_iso_8601(bool val);
// Will throw exception if level is unknown.
@@ -42,9 +45,9 @@ class falco_logger
static void set_sinsp_logging(bool enable, const std::string& severity, const std::string& prefix);
- static void log(int priority, const std::string&& msg);
+ static void log(falco_logger::level priority, const std::string&& msg);
- static int level;
+ static level current_level;
static bool log_stderr;
static bool log_syslog;
static bool time_format_iso_8601;
diff --git a/userspace/falco/outputs_http.cpp b/userspace/falco/outputs_http.cpp
index e038008ba55..c9eea08ceb1 100644
--- a/userspace/falco/outputs_http.cpp
+++ b/userspace/falco/outputs_http.cpp
@@ -39,7 +39,7 @@ bool falco::outputs::output_http::init(const config& oc, bool buffered, const st
m_curl = curl_easy_init();
if(!m_curl)
{
- falco_logger::log(LOG_ERR, "libcurl failed to initialize the handle: " + std::string(curl_easy_strerror(res)));
+ falco_logger::log(falco_logger::level::ERR, "libcurl failed to initialize the handle: " + std::string(curl_easy_strerror(res)));
return false;
}
if(m_json_output)
@@ -111,7 +111,7 @@ void falco::outputs::output_http::output(const message *msg)
CHECK_RES(curl_easy_perform(m_curl));
if(res != CURLE_OK)
{
- falco_logger::log(LOG_ERR, "libcurl failed to perform call: " + std::string(curl_easy_strerror(res)));
+ falco_logger::log(falco_logger::level::ERR, "libcurl failed to perform call: " + std::string(curl_easy_strerror(res)));
}
}
diff --git a/userspace/falco/stats_writer.cpp b/userspace/falco/stats_writer.cpp
index 5cb6e214d1a..da20e80ec4f 100644
--- a/userspace/falco/stats_writer.cpp
+++ b/userspace/falco/stats_writer.cpp
@@ -245,7 +245,7 @@ void stats_writer::worker() noexcept
}
catch(const std::exception &e)
{
- falco_logger::log(LOG_ERR, "stats_writer (worker): " + std::string(e.what()) + "\n");
+ falco_logger::log(falco_logger::level::ERR, "stats_writer (worker): " + std::string(e.what()) + "\n");
}
}
}
diff --git a/userspace/falco/webserver.cpp b/userspace/falco/webserver.cpp
index 36070f1f79a..c1db325d6e5 100644
--- a/userspace/falco/webserver.cpp
+++ b/userspace/falco/webserver.cpp
@@ -86,7 +86,7 @@ void falco_webserver::start(
catch(std::exception &e)
{
falco_logger::log(
- LOG_ERR,
+ falco_logger::level::ERR,
"falco_webserver: " + std::string(e.what()) + "\n");
}
failed.store(true, std::memory_order_release);