Digwatch logging

Log digwatch messages to syslog and/or stderr

digwatch.yaml

@@ -1,5 +1,8 @@
 rules_file: /etc/digwatch_rules.conf
-json_output: true
+json_output: false
+
+log_stderr: true
+log_syslog: true
 
 syslog_output:
   enabled: false

userspace/digwatch/configuration.cpp

@@ -1,6 +1,7 @@
 #include "configuration.h"
 #include "config_digwatch.h"
 #include "sinsp.h"
+#include "syslog.h"
 
 using namespace std;
 
@@ -53,4 +54,7 @@ void digwatch_configuration::init(string conf_filename)
 	{
 		throw sinsp_exception("Error reading config file (" + m_config_file + "): No outputs configured. Please configure at least one output file output enabled but no filename in configuration block");
 	}
+
+	digwatch_syslog::log_stderr = m_config->get_scalar<bool>("log_stderr", false);
+	digwatch_syslog::log_syslog = m_config->get_scalar<bool>("log_syslog", true);
 }

userspace/digwatch/digwatch.cpp

@@ -254,7 +254,7 @@ int digwatch_init(int argc, char **argv)
 			conf_stream = new ifstream(conf_filename);
 			if (!conf_stream->good())
 			{
-				fprintf(stderr, "Could not find configuration file at %s \n", conf_filename.c_str());
+				digwatch_syslog::log(LOG_ERR, "Could not find configuration file at " + conf_filename + ". Exiting \n");
 				result = EXIT_FAILURE;
 				goto exit;
 			}
@@ -283,20 +283,20 @@ int digwatch_init(int argc, char **argv)
 		digwatch_configuration config;
 		if (conf_filename.size())
 		{
-			cout << "Using configuration file " + conf_filename + "\n";
 			config.init(conf_filename);
+			// log after config init because config determines where logs go
+			digwatch_syslog::log(LOG_INFO, "Digwatch initialized with configuration file " + conf_filename + "\n");
 		}
 		else
 		{
-			cout << "No configuration file found, proceeding with defaults\n";
 			config.init();
+			digwatch_syslog::log(LOG_INFO, "Digwatch initialized. No configuration file found, proceeding with defaults\n");
 		}
 
 		if (rules_filename.size())
 		{
 			config.m_rules_filename = rules_filename;
 		}
-		cout << "Using rules file " + config.m_rules_filename + "\n";
 
 		lua_main_filename = lua_dir + DIGWATCH_LUA_MAIN;
 		if (!std::ifstream(lua_main_filename))
@@ -305,9 +305,9 @@ int digwatch_init(int argc, char **argv)
 			lua_main_filename = lua_dir + DIGWATCH_LUA_MAIN;
 			if (!std::ifstream(lua_main_filename))
 			{
-				fprintf(stderr, "Could not find Digwatch Lua libraries (tried %s, %s). \n",
+				digwatch_syslog::log(LOG_ERR, "Could not find Digwatch Lua libraries (tried " +
-					DIGWATCH_LUA_DIR DIGWATCH_LUA_MAIN,
+						     string(DIGWATCH_LUA_DIR DIGWATCH_LUA_MAIN) + ", " +
-					lua_main_filename.c_str());
+						     lua_main_filename + "). Exiting \n");
 				result = EXIT_FAILURE;
 				goto exit;
 			}
@@ -328,6 +328,7 @@ int digwatch_init(int argc, char **argv)
 
 		rules->load_rules(config.m_rules_filename);
 		inspector->set_filter(rules->get_filter());
+		digwatch_syslog::log(LOG_INFO, "Parsed rules from file " + config.m_rules_filename + "\n");
 
 		inspector->set_hostname_and_port_resolution_mode(false);
 
@@ -360,7 +361,7 @@ int digwatch_init(int argc, char **argv)
 			{
 				if(system("modprobe " PROBE_NAME " > /dev/null 2> /dev/null"))
 				{
-					fprintf(stderr, "Unable to load the driver\n");
+					digwatch_syslog::log(LOG_ERR, "Unable to load the driver. Exiting\n");
 				}
 				inspector->open();
 			}
@@ -373,12 +374,14 @@ int digwatch_init(int argc, char **argv)
 	}
 	catch(sinsp_exception& e)
 	{
-		cerr << e.what() << endl;
+		digwatch_syslog::log(LOG_ERR, "Runtime error: " + string(e.what()) + ". Exiting\n");
+
 		result = EXIT_FAILURE;
 	}
 	catch(...)
 	{
-		printf("Error, exiting.\n");
+		digwatch_syslog::log(LOG_ERR, "Unexpected error, Exiting\n");
+
 		result = EXIT_FAILURE;
 	}
 

userspace/digwatch/formats.cpp

@@ -1,4 +1,5 @@
 #include "formats.h"
+#include "syslog.h"
 
 
 sinsp* digwatch_formats::s_inspector = NULL;
@@ -27,8 +28,8 @@ int digwatch_formats::formatter(lua_State *ls)
 	}
 	catch(sinsp_exception& e)
 	{
-		string err = "invalid output format " + format;
+		digwatch_syslog::log(LOG_ERR, "Invalid output format '" + format + "'.\n");
-		fprintf(stderr, "%s\n", err.c_str());
+
 		throw sinsp_exception("set_formatter error");
 	}
 
@@ -42,8 +43,7 @@ int digwatch_formats::format_event (lua_State *ls)
 	string line;
 
 	if (!lua_islightuserdata(ls, -1) || !lua_islightuserdata(ls, -2)) {
-		string err = "invalid arguments passed to format_event() ";
+		digwatch_syslog::log(LOG_ERR, "Invalid arguments passed to format_event()\n");
-		fprintf(stderr, "%s\n", err.c_str());
 		throw sinsp_exception("format_event error");
 	}
 	sinsp_evt* evt = (sinsp_evt*)lua_topointer(ls, 1);

userspace/digwatch/syslog.cpp

@@ -1,8 +1,8 @@
+#include <ctime>
 #include "syslog.h"
 #include "chisel_api.h"
 #include "filterchecks.h"
 
-#include <syslog.h>
 
 
 const static struct luaL_reg ll_digwatch [] =
@@ -30,3 +30,20 @@ int digwatch_syslog::syslog(lua_State *ls) {
 	return 0;
 }
 
+bool digwatch_syslog::log_stderr;
+bool digwatch_syslog::log_syslog;
+
+void digwatch_syslog::log(int priority, const string msg) {
+	if (digwatch_syslog::log_syslog) {
+		::syslog(priority, "%s", msg.c_str());
+	}
+
+	if (digwatch_syslog::log_stderr) {
+		std::time_t result = std::time(nullptr);
+		string tstr = std::asctime(std::localtime(&result));
+		tstr = tstr.substr(0, 24);// remove trailling newline
+		fprintf(stderr, "%s: %s", tstr.c_str(), msg.c_str());
+	}
+}
+
+

userspace/digwatch/syslog.h

@@ -1,6 +1,7 @@
 #pragma once
 
 #include "sinsp.h"
+#include <syslog.h>
 
 extern "C" {
 #include "lua.h"
@@ -15,4 +16,9 @@ class digwatch_syslog
 
 	// value = digwatch.syslog(level, message)
 	static int syslog(lua_State *ls);
+
+	static void log(int priority, const string msg);
+
+	static bool log_stderr;
+	static bool log_syslog;
 };