refactor(userspace/falco): add log level enum

Signed-off-by: Roberto Scolaro <roberto.scolaro21@gmail.com>

userspace/falco/app/actions/configure_interesting_sets.cpp

@@ -69,7 +69,7 @@ static void select_event_set(falco::app::state& s, const libsinsp::events::set<p
 	auto rules_names = libsinsp::events::sc_set_to_event_names(rules_sc_set);
 	if (!rules_sc_set.empty())
 	{
-		falco_logger::log(LOG_DEBUG, "(" + std::to_string(rules_names.size())
+		falco_logger::log(falco_logger::level::DEBUG, "(" + std::to_string(rules_names.size())
 			+ ") syscalls in rules: " + concat_set_in_order(rules_names) + "\n");
 	}
 
@@ -100,14 +100,14 @@ static void select_event_set(falco::app::state& s, const libsinsp::events::set<p
 
 		// we re-transform from sc_set to names to make
 		// sure that bad user inputs are ignored
-		falco_logger::log(LOG_DEBUG, "+(" + std::to_string(user_positive_sc_set_names.size())
+		falco_logger::log(falco_logger::level::DEBUG, "+(" + std::to_string(user_positive_sc_set_names.size())
 			+ ") syscalls added (base_syscalls override): "
 			+ concat_set_in_order(user_positive_sc_set_names) + "\n");
 	}
 	auto invalid_positive_sc_set_names = unordered_set_difference(user_positive_names, user_positive_sc_set_names);
 	if (!invalid_positive_sc_set_names.empty())
 	{
-		falco_logger::log(LOG_WARNING, "Invalid (positive) syscall names: warning (base_syscalls override): "
+		falco_logger::log(falco_logger::level::WARNING, "Invalid (positive) syscall names: warning (base_syscalls override): "
 			+ concat_set_in_order(invalid_positive_sc_set_names));
 	}
 
@@ -136,14 +136,14 @@ static void select_event_set(falco::app::state& s, const libsinsp::events::set<p
 
 		// we re-transform from sc_set to names to make
 		// sure that bad user inputs are ignored
-		falco_logger::log(LOG_DEBUG, "-(" + std::to_string(user_negative_sc_set_names.size())
+		falco_logger::log(falco_logger::level::DEBUG, "-(" + std::to_string(user_negative_sc_set_names.size())
 			+ ") syscalls removed (base_syscalls override): "
 			+ concat_set_in_order(user_negative_sc_set_names) + "\n");
 	}
 	auto invalid_negative_sc_set_names = unordered_set_difference(user_negative_names, user_negative_sc_set_names);
 	if (!invalid_negative_sc_set_names.empty())
 	{
-		falco_logger::log(LOG_WARNING, "Invalid (negative) syscall names: warning (base_syscalls override): "
+		falco_logger::log(falco_logger::level::WARNING, "Invalid (negative) syscall names: warning (base_syscalls override): "
 			+ concat_set_in_order(invalid_negative_sc_set_names));
 	}
 
@@ -154,7 +154,7 @@ static void select_event_set(falco::app::state& s, const libsinsp::events::set<p
 	if (!non_rules_sc_set.empty() && user_positive_sc_set.empty())
 	{
 		auto non_rules_sc_set_names = libsinsp::events::sc_set_to_event_names(non_rules_sc_set);
-		falco_logger::log(LOG_DEBUG, "+(" + std::to_string(non_rules_sc_set_names.size())
+		falco_logger::log(falco_logger::level::DEBUG, "+(" + std::to_string(non_rules_sc_set_names.size())
 			+ ") syscalls (Falco's state engine set of syscalls): "
 			+ concat_set_in_order(non_rules_sc_set_names) + "\n");
 	}
@@ -172,7 +172,7 @@ static void select_event_set(falco::app::state& s, const libsinsp::events::set<p
 		if (!erased_sc_set.empty())
 		{
 			auto erased_sc_set_names = libsinsp::events::sc_set_to_event_names(erased_sc_set);
-			falco_logger::log(LOG_DEBUG, "-(" + std::to_string(erased_sc_set_names.size())
+			falco_logger::log(falco_logger::level::DEBUG, "-(" + std::to_string(erased_sc_set_names.size())
 				+ ") ignored syscalls (-> activate via `-A` flag): "
 				+ concat_set_in_order(erased_sc_set_names) + "\n");
 		}
@@ -192,7 +192,7 @@ static void select_event_set(falco::app::state& s, const libsinsp::events::set<p
 		if (!repaired_sc_set.empty())
 		{
 			auto repaired_sc_set_names = libsinsp::events::sc_set_to_event_names(repaired_sc_set);
-			falco_logger::log(LOG_INFO, "+(" + std::to_string(repaired_sc_set_names.size())
+			falco_logger::log(falco_logger::level::INFO, "+(" + std::to_string(repaired_sc_set_names.size())
 				+ ") repaired syscalls: " + concat_set_in_order(repaired_sc_set_names) + "\n");
 		}
 	}
@@ -207,7 +207,7 @@ static void select_event_set(falco::app::state& s, const libsinsp::events::set<p
 	if (!s.selected_sc_set.empty())
 	{
 		auto selected_sc_set_names = libsinsp::events::sc_set_to_event_names(s.selected_sc_set);
-		falco_logger::log(LOG_DEBUG, "(" + std::to_string(selected_sc_set_names.size())
+		falco_logger::log(falco_logger::level::DEBUG, "(" + std::to_string(selected_sc_set_names.size())
 			+ ") syscalls selected in total (final set): "
 			+ concat_set_in_order(selected_sc_set_names) + "\n");
 	}

userspace/falco/app/actions/configure_syscall_buffer_num.cpp

@@ -36,7 +36,7 @@ falco::app::run_result falco::app::actions::configure_syscall_buffer_num(falco::
 
 	if(s.config->m_cpus_for_each_syscall_buffer > online_cpus)
 	{
-		falco_logger::log(LOG_WARNING, "you required a buffer every '" + std::to_string(s.config->m_cpus_for_each_syscall_buffer) + "' CPUs but there are only '" + std::to_string(online_cpus) + "' online CPUs. Falco changed the config to: one buffer every '" + std::to_string(online_cpus) + "' CPUs\n");
+		falco_logger::log(falco_logger::level::WARNING, "you required a buffer every '" + std::to_string(s.config->m_cpus_for_each_syscall_buffer) + "' CPUs but there are only '" + std::to_string(online_cpus) + "' online CPUs. Falco changed the config to: one buffer every '" + std::to_string(online_cpus) + "' CPUs\n");
 		s.config->m_cpus_for_each_syscall_buffer = online_cpus;
 	}
 #endif

userspace/falco/app/actions/configure_syscall_buffer_size.cpp

@@ -55,7 +55,7 @@ falco::app::run_result falco::app::actions::configure_syscall_buffer_size(falco:
 	if(page_size <= 0)
 	{
 		s.syscall_buffer_bytes_size = DEFAULT_BYTE_SIZE;
-		falco_logger::log(LOG_WARNING, "Unable to get the system page size through 'getpagesize()'. Try to use the default syscall buffer dimension: " + std::to_string(DEFAULT_BYTE_SIZE) + " bytes\n");
+		falco_logger::log(falco_logger::level::WARNING, "Unable to get the system page size through 'getpagesize()'. Try to use the default syscall buffer dimension: " + std::to_string(DEFAULT_BYTE_SIZE) + " bytes\n");
 		return run_result::ok();
 	}
 
@@ -72,7 +72,7 @@ falco::app::run_result falco::app::actions::configure_syscall_buffer_size(falco:
 	}
 
 	s.syscall_buffer_bytes_size = chosen_size;
-	falco_logger::log(LOG_INFO, "The chosen syscall buffer dimension is: " + std::to_string(chosen_size) + " bytes (" +  std::to_string(chosen_size / (uint64_t)(1024 * 1024)) + " MBs)\n");
+	falco_logger::log(falco_logger::level::INFO, "The chosen syscall buffer dimension is: " + std::to_string(chosen_size) + " bytes (" +  std::to_string(chosen_size / (uint64_t)(1024 * 1024)) + " MBs)\n");
 	
 #endif // __linux__
 	return run_result::ok();

userspace/falco/app/actions/create_signal_handlers.cpp

@@ -76,7 +76,7 @@ falco::app::run_result falco::app::actions::create_signal_handlers(falco::app::s
 #ifdef __linux__
 	if (s.options.dry_run)
 	{
-		falco_logger::log(LOG_DEBUG, "Skipping signal handlers creation in dry-run\n");
+		falco_logger::log(falco_logger::level::DEBUG, "Skipping signal handlers creation in dry-run\n");
 		return run_result::ok();
 	}
 
@@ -88,7 +88,7 @@ falco::app::run_result falco::app::actions::create_signal_handlers(falco::app::s
 		|| !g_restart_signal.is_lock_free()
 		|| !g_reopen_outputs_signal.is_lock_free())
 	{
-		falco_logger::log(LOG_WARNING, "Bundled atomics implementation is not lock-free, signal handlers may be unstable\n");
+		falco_logger::log(falco_logger::level::WARNING, "Bundled atomics implementation is not lock-free, signal handlers may be unstable\n");
 	}
 
 	if(! create_handler(SIGINT, ::terminate_signal_handler, ret) ||
@@ -162,7 +162,7 @@ falco::app::run_result falco::app::actions::unregister_signal_handlers(falco::ap
 #ifdef __linux__
 	if (s.options.dry_run)
 	{
-		falco_logger::log(LOG_DEBUG, "Skipping unregistering signal handlers in dry-run\n");
+		falco_logger::log(falco_logger::level::DEBUG, "Skipping unregistering signal handlers in dry-run\n");
 		return run_result::ok();
 	}
 

userspace/falco/app/actions/helpers_generic.cpp

@@ -47,7 +47,7 @@ void falco::app::actions::print_enabled_event_sources(falco::app::state& s)
 		str += str.empty() ? "" : ", ";
 		str += src;
 	}
-	falco_logger::log(LOG_INFO, "Loaded event sources: " + str);
+	falco_logger::log(falco_logger::level::INFO, "Loaded event sources: " + str);
 
 	/* Print all enabled sources. */
 	str.clear();
@@ -56,7 +56,7 @@ void falco::app::actions::print_enabled_event_sources(falco::app::state& s)
 		str += str.empty() ? "" : ", ";
 		str += src;
 	}
-	falco_logger::log(LOG_INFO, "Enabled event sources: " + str);
+	falco_logger::log(falco_logger::level::INFO, "Enabled event sources: " + str);
 
 	// print some warnings to the user
 	for (const auto& src : s.enabled_sources)
@@ -77,7 +77,7 @@ void falco::app::actions::print_enabled_event_sources(falco::app::state& s)
 				{
 					if (src != falco_common::syscall_source || s.options.nodriver)
 					{
-						falco_logger::log(LOG_WARNING, "Enabled event source '"
+						falco_logger::log(falco_logger::level::WARNING, "Enabled event source '"
 							+ src + "' can be opened with multiple loaded plugins, will use only '"
 							+ first_plugin->name() + "'");
 					}
@@ -86,7 +86,7 @@ void falco::app::actions::print_enabled_event_sources(falco::app::state& s)
 		}
 		if (!first_plugin && s.options.nodriver)
 		{
-			falco_logger::log(LOG_WARNING, "Enabled event source '"
+			falco_logger::log(falco_logger::level::WARNING, "Enabled event source '"
 				+ src + "' will be opened with no driver, no event will be produced");
 		}
 	}

userspace/falco/app/actions/helpers_inspector.cpp

@@ -38,7 +38,7 @@ falco::app::run_result falco::app::actions::open_offline_inspector(falco::app::s
 	try
 	{
 		s.offline_inspector->open_savefile(s.options.trace_filename);
-		falco_logger::log(LOG_INFO, "Reading system call events from file: " + s.options.trace_filename + "\n");
+		falco_logger::log(falco_logger::level::INFO, "Reading system call events from file: " + s.options.trace_filename + "\n");
 		return run_result::ok();
 	}
 	catch (sinsp_exception &e)
@@ -64,7 +64,7 @@ falco::app::run_result falco::app::actions::open_live_inspector(
 				if (p->caps() & CAP_SOURCING && p->id() != 0 && p->event_source() == source)
 				{
 					auto cfg = s.plugin_configs.at(p->name());
-					falco_logger::log(LOG_INFO, "Opening '" + source + "' source with plugin '" + cfg->m_name + "'");
+					falco_logger::log(falco_logger::level::INFO, "Opening '" + source + "' source with plugin '" + cfg->m_name + "'");
 					inspector->open_plugin(cfg->m_name, cfg->m_open_params);
 					return run_result::ok();
 				}
@@ -82,23 +82,23 @@ falco::app::run_result falco::app::actions::open_live_inspector(
 				if (p->caps() & CAP_SOURCING && p->id() == 0)
 				{
 					auto cfg = s.plugin_configs.at(p->name());
-					falco_logger::log(LOG_INFO, "Opening '" + source + "' source with plugin '" + cfg->m_name + "'");
+					falco_logger::log(falco_logger::level::INFO, "Opening '" + source + "' source with plugin '" + cfg->m_name + "'");
 					inspector->open_plugin(cfg->m_name, cfg->m_open_params);
 					return run_result::ok();
 				}
 			}
-			falco_logger::log(LOG_INFO, "Opening '" + source + "' source with no driver\n");
+			falco_logger::log(falco_logger::level::INFO, "Opening '" + source + "' source with no driver\n");
 			inspector->open_nodriver();
 		}
 		else if(s.is_gvisor_enabled()) /* gvisor engine. */
 		{
-			falco_logger::log(LOG_INFO, "Opening '" + source + "' source with gVisor. Configuration path: " + s.options.gvisor_config);
+			falco_logger::log(falco_logger::level::INFO, "Opening '" + source + "' source with gVisor. Configuration path: " + s.options.gvisor_config);
 			inspector->open_gvisor(s.options.gvisor_config, s.options.gvisor_root);
 		}
 		else if(s.options.modern_bpf) /* modern BPF engine. */
 		{
-			falco_logger::log(LOG_INFO, "Opening '" + source + "' source with modern BPF probe.");
-			falco_logger::log(LOG_INFO, "One ring buffer every '" + std::to_string(s.config->m_cpus_for_each_syscall_buffer) +  "' CPUs.");
+			falco_logger::log(falco_logger::level::INFO, "Opening '" + source + "' source with modern BPF probe.");
+			falco_logger::log(falco_logger::level::INFO, "One ring buffer every '" + std::to_string(s.config->m_cpus_for_each_syscall_buffer) +  "' CPUs.");
 			inspector->open_modern_bpf(s.syscall_buffer_bytes_size, s.config->m_cpus_for_each_syscall_buffer, true, s.selected_sc_set);
 		}
 		else if(getenv(FALCO_BPF_ENV_VARIABLE) != NULL) /* BPF engine. */
@@ -116,23 +116,23 @@ falco::app::run_result falco::app::actions::open_live_inspector(
 				snprintf(full_path, PATH_MAX, "%s/%s", home, FALCO_PROBE_BPF_FILEPATH);
 				bpf_probe_path = full_path;
 			}
-			falco_logger::log(LOG_INFO, "Opening '" + source + "' source with BPF probe. BPF probe path: " + std::string(bpf_probe_path));
+			falco_logger::log(falco_logger::level::INFO, "Opening '" + source + "' source with BPF probe. BPF probe path: " + std::string(bpf_probe_path));
 			inspector->open_bpf(bpf_probe_path, s.syscall_buffer_bytes_size, s.selected_sc_set);
 		}
 		else /* Kernel module (default). */
 		{
 			try
 			{
-				falco_logger::log(LOG_INFO, "Opening '" + source + "' source with Kernel module");
+				falco_logger::log(falco_logger::level::INFO, "Opening '" + source + "' source with Kernel module");
 				inspector->open_kmod(s.syscall_buffer_bytes_size, s.selected_sc_set);
 			}
 			catch(sinsp_exception &e)
 			{
 				// Try to insert the Falco kernel module
-				falco_logger::log(LOG_INFO, "Trying to inject the Kernel module and opening the capture again...");
+				falco_logger::log(falco_logger::level::INFO, "Trying to inject the Kernel module and opening the capture again...");
 				if(system("modprobe " DRIVER_NAME " > /dev/null 2> /dev/null"))
 				{
-					falco_logger::log(LOG_ERR, "Unable to load the driver\n");
+					falco_logger::log(falco_logger::level::ERR, "Unable to load the driver\n");
 				}
 				inspector->open_kmod(s.syscall_buffer_bytes_size, s.selected_sc_set);
 			}

userspace/falco/app/actions/init_clients.cpp

@@ -31,14 +31,14 @@ falco::app::run_result falco::app::actions::init_clients(falco::app::state& s)
 
 	auto inspector = s.source_infos.at(falco_common::syscall_source)->inspector;
 
-	falco_logger::log(LOG_DEBUG, "Setting metadata download max size to " + std::to_string(s.config->m_metadata_download_max_mb) + " MB\n");
-	falco_logger::log(LOG_DEBUG, "Setting metadata download chunk wait time to " + std::to_string(s.config->m_metadata_download_chunk_wait_us) + " μs\n");
-	falco_logger::log(LOG_DEBUG, "Setting metadata download watch frequency to " + std::to_string(s.config->m_metadata_download_watch_freq_sec) + " seconds\n");
+	falco_logger::log(falco_logger::level::DEBUG, "Setting metadata download max size to " + std::to_string(s.config->m_metadata_download_max_mb) + " MB\n");
+	falco_logger::log(falco_logger::level::DEBUG, "Setting metadata download chunk wait time to " + std::to_string(s.config->m_metadata_download_chunk_wait_us) + " μs\n");
+	falco_logger::log(falco_logger::level::DEBUG, "Setting metadata download watch frequency to " + std::to_string(s.config->m_metadata_download_watch_freq_sec) + " seconds\n");
 	inspector->set_metadata_download_params(s.config->m_metadata_download_max_mb * 1024 * 1024, s.config->m_metadata_download_chunk_wait_us, s.config->m_metadata_download_watch_freq_sec);
 
 	if (s.options.dry_run)
 	{
-		falco_logger::log(LOG_DEBUG, "Skipping clients initialization in dry-run\n");
+		falco_logger::log(falco_logger::level::DEBUG, "Skipping clients initialization in dry-run\n");
 		return run_result::ok();
 	}
 

userspace/falco/app/actions/init_inspectors.cpp

@@ -51,7 +51,7 @@ static void init_syscall_inspector(falco::app::state& s, std::shared_ptr<sinsp>
 
 	if (s.config->m_syscall_drop_failed_exit)
 	{
-		falco_logger::log(LOG_INFO, "Failed syscall exit events are dropped in the kernel driver\n");
+		falco_logger::log(falco_logger::level::INFO, "Failed syscall exit events are dropped in the kernel driver\n");
 		inspector->set_dropfailed(true);
 	}
 

userspace/falco/app/actions/init_outputs.cpp

@@ -41,7 +41,7 @@ falco::app::run_result falco::app::actions::init_outputs(falco::app::state& s)
 	if(env_hostname || (env_hostname = getenv("FALCO_GRPC_HOSTNAME")))
 	{
 		hostname = env_hostname;
-		falco_logger::log(LOG_INFO, "Hostname value has been overridden via environment variable to: " + hostname + "\n");
+		falco_logger::log(falco_logger::level::INFO, "Hostname value has been overridden via environment variable to: " + hostname + "\n");
 	}
 	else
 	{
@@ -56,7 +56,7 @@ falco::app::run_result falco::app::actions::init_outputs(falco::app::state& s)
 
 	if (s.options.dry_run)
 	{
-		falco_logger::log(LOG_DEBUG, "Skipping outputs initialization in dry-run\n");
+		falco_logger::log(falco_logger::level::DEBUG, "Skipping outputs initialization in dry-run\n");
 		return run_result::ok();
 	}
 

userspace/falco/app/actions/load_config.cpp

@@ -49,14 +49,14 @@ falco::app::run_result falco::app::actions::load_config(falco::app::state& s)
 
 	// log after config init because config determines where logs go
 	falco_logger::set_time_format_iso_8601(s.config->m_time_format_iso_8601);
-	falco_logger::log(LOG_INFO, "Falco version: " + std::string(FALCO_VERSION) + " (" + std::string(FALCO_TARGET_ARCH) + ")\n");
+	falco_logger::log(falco_logger::level::INFO, "Falco version: " + std::string(FALCO_VERSION) + " (" + std::string(FALCO_TARGET_ARCH) + ")\n");
 	if (!s.cmdline.empty())
 	{
-		falco_logger::log(LOG_DEBUG, "CLI args: " + s.cmdline);
+		falco_logger::log(falco_logger::level::DEBUG, "CLI args: " + s.cmdline);
 	}
 	if (!s.options.conf_filename.empty())
 	{
-		falco_logger::log(LOG_INFO, "Falco initialized with configuration file: " + s.options.conf_filename + "\n");
+		falco_logger::log(falco_logger::level::INFO, "Falco initialized with configuration file: " + s.options.conf_filename + "\n");
 	}
 
 	s.config->m_buffered_outputs = !s.options.unbuffered_outputs;

userspace/falco/app/actions/load_plugins.cpp

@@ -49,7 +49,7 @@ falco::app::run_result falco::app::actions::load_plugins(falco::app::state& s)
 	// Load all the configured plugins
 	for(auto &p : s.config->m_plugins)
 	{
-		falco_logger::log(LOG_INFO, "Loading plugin '" + p.m_name + "' from file " + p.m_library_path + "\n");
+		falco_logger::log(falco_logger::level::INFO, "Loading plugin '" + p.m_name + "' from file " + p.m_library_path + "\n");
 		auto plugin = s.offline_inspector->register_plugin(p.m_library_path);
 		s.plugin_configs.insert(p, plugin->name());
 		if(plugin->caps() & CAP_SOURCING && plugin->id() != 0)

userspace/falco/app/actions/load_rules_files.cpp

@@ -39,10 +39,10 @@ falco::app::run_result falco::app::actions::load_rules_files(falco::app::state&
 		return run_result::fatal("You must specify at least one rules file/directory via -r or a rules_file entry in falco.yaml");
 	}
 
-	falco_logger::log(LOG_DEBUG, "Configured rules filenames:\n");
+	falco_logger::log(falco_logger::level::DEBUG, "Configured rules filenames:\n");
 	for (const auto& path : s.config->m_rules_filenames)
 	{
-		falco_logger::log(LOG_DEBUG, std::string("   ") + path + "\n");
+		falco_logger::log(falco_logger::level::DEBUG, std::string("   ") + path + "\n");
 	}
 
 	for (const auto &path : s.config->m_rules_filenames)
@@ -67,7 +67,7 @@ falco::app::run_result falco::app::actions::load_rules_files(falco::app::state&
 	std::string err = "";
 	for(auto &filename : s.config->m_loaded_rules_filenames)
 	{
-		falco_logger::log(LOG_INFO, "Loading rules from file " + filename + "\n");
+		falco_logger::log(falco_logger::level::INFO, "Loading rules from file " + filename + "\n");
 		std::unique_ptr<falco::load_result> res;
 
 		res = s.engine->load_rules(rc.at(filename), filename);
@@ -130,7 +130,7 @@ falco::app::run_result falco::app::actions::load_rules_files(falco::app::state&
 
 	for (const auto& substring : s.options.disabled_rule_substrings)
 	{
-		falco_logger::log(LOG_INFO, "Disabling rules matching substring: " + substring + "\n");
+		falco_logger::log(falco_logger::level::INFO, "Disabling rules matching substring: " + substring + "\n");
 		s.engine->enable_rule(substring, false);
 	}
 
@@ -138,7 +138,7 @@ falco::app::run_result falco::app::actions::load_rules_files(falco::app::state&
 	{
 		for(auto &tag : s.options.disabled_rule_tags)
 		{
-			falco_logger::log(LOG_INFO, "Disabling rules with tag: " + tag + "\n");
+			falco_logger::log(falco_logger::level::INFO, "Disabling rules with tag: " + tag + "\n");
 		}
 		s.engine->enable_rule_by_tag(s.options.disabled_rule_tags, false);
 	}
@@ -150,7 +150,7 @@ falco::app::run_result falco::app::actions::load_rules_files(falco::app::state&
 		s.engine->enable_rule(all_rules, false);
 		for(auto &tag : s.options.enabled_rule_tags)
 		{
-			falco_logger::log(LOG_INFO, "Enabling rules with tag: " + tag + "\n");
+			falco_logger::log(falco_logger::level::INFO, "Enabling rules with tag: " + tag + "\n");
 		}
 		s.engine->enable_rule_by_tag(s.options.enabled_rule_tags, true);
 	}

userspace/falco/app/actions/pidfile.cpp

@@ -28,7 +28,7 @@ falco::app::run_result falco::app::actions::pidfile(falco::app::state& s)
 {
 	if (s.options.dry_run)
 	{
-		falco_logger::log(LOG_DEBUG, "Skipping pidfile creation in dry-run\n");
+		falco_logger::log(falco_logger::level::DEBUG, "Skipping pidfile creation in dry-run\n");
 		return run_result::ok();
 	}
 
@@ -41,7 +41,7 @@ falco::app::run_result falco::app::actions::pidfile(falco::app::state& s)
 
 		if (!pidfile.good())
 		{
-			falco_logger::log(LOG_ERR, "Could not write pid to pidfile " + s.options.pidfilename + ". Exiting.\n");
+			falco_logger::log(falco_logger::level::ERR, "Could not write pid to pidfile " + s.options.pidfilename + ". Exiting.\n");
 			exit(-1);
 		}
 		pidfile << self_pid;

userspace/falco/app/actions/print_page_size.cpp

@@ -39,7 +39,7 @@ falco::app::run_result falco::app::actions::print_page_size(falco::app::state& s
 		}
 		else
 		{
-			falco_logger::log(LOG_INFO, "Your system page size is: " + std::to_string(page_size) + " bytes\n");
+			falco_logger::log(falco_logger::level::INFO, "Your system page size is: " + std::to_string(page_size) + " bytes\n");
 		}
 		return run_result::exit();
 	}

userspace/falco/app/actions/process_events.cpp

@@ -183,7 +183,7 @@ static falco::app::run_result do_inspect(
 		if (falco::app::g_reopen_outputs_signal.triggered())
 		{
 			falco::app::g_reopen_outputs_signal.handle([&s](){
-				falco_logger::log(LOG_INFO, "SIGUSR1 received, reopening outputs...\n");
+				falco_logger::log(falco_logger::level::INFO, "SIGUSR1 received, reopening outputs...\n");
 				if(s.outputs != nullptr)
 				{
 					s.outputs->reopen_outputs();
@@ -195,14 +195,14 @@ static falco::app::run_result do_inspect(
 		if(falco::app::g_terminate_signal.triggered())
 		{
 			falco::app::g_terminate_signal.handle([&](){
-				falco_logger::log(LOG_INFO, "SIGINT received, exiting...\n");
+				falco_logger::log(falco_logger::level::INFO, "SIGINT received, exiting...\n");
 			});
 			break;
 		}
 		else if(falco::app::g_restart_signal.triggered())
 		{
 			falco::app::g_restart_signal.handle([&s](){
-				falco_logger::log(LOG_INFO, "SIGHUP received, restarting...\n");
+				falco_logger::log(falco_logger::level::INFO, "SIGHUP received, restarting...\n");
 				s.restart.store(true);
 			});
 			break;
@@ -418,7 +418,7 @@ static falco::app::run_result init_stats_writer(
 		return falco::app::run_result::fatal("Metrics are enabled with no output configured. Please enable at least one output channel");
 	}
 
-	falco_logger::log(LOG_INFO, "Setting metrics interval to " + config->m_metrics_interval_str + ", equivalent to " + std::to_string(config->m_metrics_interval) + " (ms)\n");
+	falco_logger::log(falco_logger::level::INFO, "Setting metrics interval to " + config->m_metrics_interval_str + ", equivalent to " + std::to_string(config->m_metrics_interval) + " (ms)\n");
 
 	auto res = falco::app::run_result::ok();
 	if (is_dry_run)
@@ -441,7 +441,7 @@ falco::app::run_result falco::app::actions::process_events(falco::app::state& s)
 
 	if (s.options.dry_run)
 	{
-		falco_logger::log(LOG_DEBUG, "Skipping event processing in dry-run\n");
+		falco_logger::log(falco_logger::level::DEBUG, "Skipping event processing in dry-run\n");
 		return res;
 	}
 
@@ -496,7 +496,7 @@ falco::app::run_result falco::app::actions::process_events(falco::app::state& s)
 
 			try
 			{
-				falco_logger::log(LOG_DEBUG, "Opening event source '" + source + "'\n");
+				falco_logger::log(falco_logger::level::DEBUG, "Opening event source '" + source + "'\n");
 				termination_sem.acquire();
 				res = open_live_inspector(s, src_info->inspector, source);
 				if (!res.success)
@@ -542,7 +542,7 @@ falco::app::run_result falco::app::actions::process_events(falco::app::state& s)
 		{
 			if (!res.success && !termination_forced)
 			{
-				falco_logger::log(LOG_INFO, "An error occurred in an event source, forcing termination...\n");
+				falco_logger::log(falco_logger::level::INFO, "An error occurred in an event source, forcing termination...\n");
 				falco::app::g_terminate_signal.trigger();
 				falco::app::g_terminate_signal.handle([&](){});
 				termination_forced = true;
@@ -573,7 +573,7 @@ falco::app::run_result falco::app::actions::process_events(falco::app::state& s)
 						ctx.thread->join();
 					}
 
-					falco_logger::log(LOG_DEBUG, "Closing event source '" + ctx.source + "'\n");
+					falco_logger::log(falco_logger::level::DEBUG, "Closing event source '" + ctx.source + "'\n");
 					s.source_infos.at(ctx.source)->inspector->close();
 
 					res = run_result::merge(res, ctx.res);

userspace/falco/app/actions/start_grpc_server.cpp

@@ -32,11 +32,11 @@ falco::app::run_result falco::app::actions::start_grpc_server(falco::app::state&
 	{
 		if (s.options.dry_run)
 		{
-			falco_logger::log(LOG_DEBUG, "Skipping starting gRPC server in dry-run\n");
+			falco_logger::log(falco_logger::level::DEBUG, "Skipping starting gRPC server in dry-run\n");
 			return run_result::ok();
 		}
 
-		falco_logger::log(LOG_INFO, "gRPC server threadiness equals to " + std::to_string(s.config->m_grpc_threadiness) + "\n");
+		falco_logger::log(falco_logger::level::INFO, "gRPC server threadiness equals to " + std::to_string(s.config->m_grpc_threadiness) + "\n");
 		// TODO(fntlnz,leodido): when we want to spawn multiple threads we need to have a queue per thread, or implement
 		// different queuing mechanisms, round robin, fanout? What we want to achieve?
 		s.grpc_server.init(
@@ -62,7 +62,7 @@ falco::app::run_result falco::app::actions::stop_grpc_server(falco::app::state&
 	{
 		if (s.options.dry_run)
 		{
-			falco_logger::log(LOG_DEBUG, "Skipping stopping gRPC server in dry-run\n");
+			falco_logger::log(falco_logger::level::DEBUG, "Skipping stopping gRPC server in dry-run\n");
 			return run_result::ok();
 		}
 

userspace/falco/app/actions/start_webserver.cpp

@@ -31,12 +31,12 @@ falco::app::run_result falco::app::actions::start_webserver(falco::app::state& s
 	{
 		if (s.options.dry_run)
 		{
-			falco_logger::log(LOG_DEBUG, "Skipping starting webserver in dry-run\n");
+			falco_logger::log(falco_logger::level::DEBUG, "Skipping starting webserver in dry-run\n");
 			return run_result::ok();
 		}
 	
 		std::string ssl_option = (s.config->m_webserver_ssl_enabled ? " (SSL)" : "");
-		falco_logger::log(LOG_INFO, "Starting health webserver with threadiness "
+		falco_logger::log(falco_logger::level::INFO, "Starting health webserver with threadiness "
 			+ std::to_string(s.config->m_webserver_threadiness)
 			+ ", listening on "
 			+ s.config->m_webserver_listen_address
@@ -64,7 +64,7 @@ falco::app::run_result falco::app::actions::stop_webserver(falco::app::state& s)
 	{
 		if (s.options.dry_run)
 		{
-			falco_logger::log(LOG_DEBUG, "Skipping stopping webserver in dry-run\n");
+			falco_logger::log(falco_logger::level::DEBUG, "Skipping stopping webserver in dry-run\n");
 			return run_result::ok();
 		}
 

userspace/falco/app/actions/validate_rules_files.cpp

@@ -66,10 +66,10 @@ falco::app::run_result falco::app::actions::validate_rules_files(falco::app::sta
 		// printed when verbose is true.
 		std::string summary;
 
-		falco_logger::log(LOG_INFO, "Validating rules file(s):\n");
+		falco_logger::log(falco_logger::level::INFO, "Validating rules file(s):\n");
 		for(auto file : s.options.validate_rules_filenames)
 		{
-			falco_logger::log(LOG_INFO, "   " + file + "\n");
+			falco_logger::log(falco_logger::level::INFO, "   " + file + "\n");
 		}
 
 		// The json output encompasses all files so the

userspace/falco/app/restart_handler.cpp

@@ -66,7 +66,7 @@ bool falco::app::restart_handler::start(std::string& err)
             err = "could not watch file: " + f;
             return false;
         }
-        falco_logger::log(LOG_DEBUG, "Watching file '" + f +"'\n");
+        falco_logger::log(falco_logger::level::DEBUG, "Watching file '" + f +"'\n");
     }
 
     for (const auto &f : m_watched_dirs)
@@ -77,7 +77,7 @@ bool falco::app::restart_handler::start(std::string& err)
             err = "could not watch directory: " + f;
             return false;
         }
-        falco_logger::log(LOG_DEBUG, "Watching directory '" + f +"'\n");
+        falco_logger::log(falco_logger::level::DEBUG, "Watching directory '" + f +"'\n");
     }
 
     // launch the watcher thread
@@ -104,7 +104,7 @@ void falco::app::restart_handler::watcher_loop() noexcept
     {
         // an error occurred, we can't recover
         // todo(jasondellaluce): should we terminate the process?
-        falco_logger::log(LOG_ERR, "Failed owning inotify handler, shutting down watcher...");
+        falco_logger::log(falco_logger::level::ERR, "Failed owning inotify handler, shutting down watcher...");
         return;
     }
 
@@ -129,7 +129,7 @@ void falco::app::restart_handler::watcher_loop() noexcept
         {
             // an error occurred, we can't recover
             // todo(jasondellaluce): should we terminate the process?
-            falco_logger::log(LOG_ERR, "Failed select with inotify handler, shutting down watcher...");
+            falco_logger::log(falco_logger::level::ERR, "Failed select with inotify handler, shutting down watcher...");
             return;
         }
         
@@ -190,7 +190,7 @@ void falco::app::restart_handler::watcher_loop() noexcept
             {
                 // an error occurred, we can't recover
                 // todo(jasondellaluce): should we terminate the process?
-                falco_logger::log(LOG_ERR, "Failed read with inotify handler, shutting down watcher...");
+                falco_logger::log(falco_logger::level::ERR, "Failed read with inotify handler, shutting down watcher...");
                 return;
             }
             // this is an odd case, but if we got here with

userspace/falco/event_drops.cpp

@@ -99,7 +99,7 @@ bool syscall_evt_drop_mgr::process_event(std::shared_ptr<sinsp> inspector, sinsp
 
 		if(m_simulate_drops)
 		{
-			falco_logger::log(LOG_INFO, "Simulating syscall event drop");
+			falco_logger::log(falco_logger::level::INFO, "Simulating syscall event drop");
 			delta.n_drops++;
 		}
 
@@ -124,7 +124,7 @@ bool syscall_evt_drop_mgr::process_event(std::shared_ptr<sinsp> inspector, sinsp
 				}
 				else
 				{
-					falco_logger::log(LOG_DEBUG, "Syscall event drop but token bucket depleted, skipping actions");
+					falco_logger::log(falco_logger::level::DEBUG, "Syscall event drop but token bucket depleted, skipping actions");
 				}
 			}
 		}
@@ -153,7 +153,7 @@ bool syscall_evt_drop_mgr::perform_actions(uint64_t now, scap_stats &delta, bool
 			return true;
 
 		case syscall_evt_drop_action::LOG:
-			falco_logger::log(LOG_DEBUG, std::move(msg));
+			falco_logger::log(falco_logger::level::DEBUG, std::move(msg));
 			return true;
 
 		case syscall_evt_drop_action::ALERT:
@@ -195,12 +195,12 @@ bool syscall_evt_drop_mgr::perform_actions(uint64_t now, scap_stats &delta, bool
 			return true;
 		}
 		case syscall_evt_drop_action::EXIT:
-			falco_logger::log(LOG_CRIT, std::move(msg));
-			falco_logger::log(LOG_CRIT, "Exiting.");
+			falco_logger::log(falco_logger::level::CRIT, std::move(msg));
+			falco_logger::log(falco_logger::level::CRIT, "Exiting.");
 			return false;
 
 		default:
-			falco_logger::log(LOG_ERR, "Ignoring unknown action " + std::to_string(int(act)));
+			falco_logger::log(falco_logger::level::ERR, "Ignoring unknown action " + std::to_string(int(act)));
 			return true;
 		}
 	}

userspace/falco/falco.cpp

@@ -33,7 +33,7 @@ static void display_fatal_err(const std::string &&msg)
 		std::cerr << msg;
 	}
 
-	falco_logger::log(LOG_ERR, std::move(msg));
+	falco_logger::log(falco_logger::level::ERR, std::move(msg));
 }
 
 //

userspace/falco/falco_outputs.cpp

@@ -126,7 +126,7 @@ void falco_outputs::add_output(falco::outputs::config oc)
 	}
 	else
 	{
-		falco_logger::log(LOG_ERR, "Failed to init output: " + init_err);
+		falco_logger::log(falco_logger::level::ERR, "Failed to init output: " + init_err);
 		delete(oo);
 	}
 }
@@ -258,7 +258,7 @@ void falco_outputs::stop_worker()
 {
 	watchdog<void *> wd;
 	wd.start([&](void *) -> void {
-		falco_logger::log(LOG_NOTICE, "output channels still blocked, discarding all remaining notifications\n");
+		falco_logger::log(falco_logger::level::NOTICE, "output channels still blocked, discarding all remaining notifications\n");
 #ifndef __EMSCRIPTEN__
 		m_queue.clear();
 #endif
@@ -287,7 +287,7 @@ inline void falco_outputs::push(const ctrl_msg& cmsg)
 	{
 		if(m_outputs_queue_num_drops.load() == 0)
 		{
-			falco_logger::log(LOG_ERR, "Outputs queue out of memory. Drop event and continue on ...");
+			falco_logger::log(falco_logger::level::ERR, "Outputs queue out of memory. Drop event and continue on ...");
 		}
 		m_outputs_queue_num_drops++;
 	}
@@ -306,7 +306,7 @@ void falco_outputs::worker() noexcept
 {
 	watchdog<std::string> wd;
 	wd.start([&](const std::string& payload) -> void {
-		falco_logger::log(LOG_CRIT, "\"" + payload + "\" output timeout, all output channels are blocked\n");
+		falco_logger::log(falco_logger::level::CRIT, "\"" + payload + "\" output timeout, all output channels are blocked\n");
 	});
 
 	auto timeout = m_timeout;
@@ -328,7 +328,7 @@ void falco_outputs::worker() noexcept
 			}
 			catch(const std::exception &e)
 			{
-				falco_logger::log(LOG_ERR, o->get_name() + ": " + std::string(e.what()) + "\n");
+				falco_logger::log(falco_logger::level::ERR, o->get_name() + ": " + std::string(e.what()) + "\n");
 			}
 		}
 		wd.cancel_timeout();
@@ -350,7 +350,7 @@ inline void falco_outputs::process_msg(falco::outputs::abstract_output* o, const
 			o->reopen();
 			break;
 		default:
-			falco_logger::log(LOG_DEBUG, "Outputs worker received an unknown message type\n");
+			falco_logger::log(falco_logger::level::DEBUG, "Outputs worker received an unknown message type\n");
 	}
 }
 

userspace/falco/grpc_server.cpp

@@ -55,17 +55,17 @@ limitations under the License.
 
 static void gpr_log_dispatcher_func(gpr_log_func_args* args)
 {
-	int priority;
+	falco_logger::level priority;
 	switch(args->severity)
 	{
 	case GPR_LOG_SEVERITY_ERROR:
-		priority = LOG_ERR;
+		priority = falco_logger::level::ERR;
 		break;
 	case GPR_LOG_SEVERITY_DEBUG:
-		priority = LOG_DEBUG;
+		priority = falco_logger::level::DEBUG;
 		break;
 	default:
-		priority = LOG_INFO;
+		priority = falco_logger::level::INFO;
 		break;
 	}
 
@@ -199,10 +199,10 @@ void falco::grpc::server::run()
 	m_server = m_server_builder.BuildAndStart();
 	if(m_server == nullptr)
 	{
-		falco_logger::log(LOG_EMERG, "Error starting gRPC server\n");
+		falco_logger::log(falco_logger::level::EMERG, "Error starting gRPC server\n");
 		return;
 	}
-	falco_logger::log(LOG_INFO, "Starting gRPC server at " + m_server_addr + "\n");
+	falco_logger::log(falco_logger::level::INFO, "Starting gRPC server at " + m_server_addr + "\n");
 
 	// The number of contexts is multiple of the number of threads
 	// This defines the number of simultaneous completion queue requests of the same type (service::AsyncService::Request##RPC)
@@ -229,10 +229,10 @@ void falco::grpc::server::run()
 
 void falco::grpc::server::stop()
 {
-	falco_logger::log(LOG_INFO, "Shutting down gRPC server. Waiting until external connections are closed by clients\n");
+	falco_logger::log(falco_logger::level::INFO, "Shutting down gRPC server. Waiting until external connections are closed by clients\n");
 	m_completion_queue->Shutdown();
 
-	falco_logger::log(LOG_INFO, "Waiting for the gRPC threads to complete\n");
+	falco_logger::log(falco_logger::level::INFO, "Waiting for the gRPC threads to complete\n");
 	for(std::thread& t : m_threads)
 	{
 		if(t.joinable())
@@ -242,7 +242,7 @@ void falco::grpc::server::stop()
 	}
 	m_threads.clear();
 
-	falco_logger::log(LOG_INFO, "Draining all the remaining gRPC events\n");
+	falco_logger::log(falco_logger::level::INFO, "Draining all the remaining gRPC events\n");
 	// Ignore remaining events
 	void* ignore_tag = nullptr;
 	bool ignore_ok = false;
@@ -250,5 +250,5 @@ void falco::grpc::server::stop()
 	{
 	}
 
-	falco_logger::log(LOG_INFO, "Shutting down gRPC server complete\n");
+	falco_logger::log(falco_logger::level::INFO, "Shutting down gRPC server complete\n");
 }

userspace/falco/logger.cpp

@@ -20,7 +20,7 @@ limitations under the License.
 
 #include "falco_common.h"
 
-int falco_logger::level = LOG_INFO;
+falco_logger::level falco_logger::current_level = falco_logger::level::INFO;
 bool falco_logger::time_format_iso_8601 = false;
 
 static sinsp_logger::severity decode_sinsp_severity(const std::string& s)
@@ -69,35 +69,35 @@ void falco_logger::set_level(std::string &level)
 {
 	if(level == "emergency")
 	{
-		falco_logger::level = LOG_EMERG;
+		falco_logger::current_level = falco_logger::level::EMERG;
 	}
 	else if(level == "alert")
 	{
-		falco_logger::level = LOG_ALERT;
+		falco_logger::current_level = falco_logger::level::ALERT;
 	}
 	else if(level == "critical")
 	{
-		falco_logger::level = LOG_CRIT;
+		falco_logger::current_level = falco_logger::level::CRIT;
 	}
 	else if(level == "error")
 	{
-		falco_logger::level = LOG_ERR;
+		falco_logger::current_level = falco_logger::level::ERR;
 	}
 	else if(level == "warning")
 	{
-		falco_logger::level = LOG_WARNING;
+		falco_logger::current_level = falco_logger::level::WARNING;
 	}
 	else if(level == "notice")
 	{
-		falco_logger::level = LOG_NOTICE;
+		falco_logger::current_level = falco_logger::level::NOTICE;
 	}
 	else if(level == "info")
 	{
-		falco_logger::level = LOG_INFO;
+		falco_logger::current_level = falco_logger::level::INFO;
 	}
 	else if(level == "debug")
 	{
-		falco_logger::level = LOG_DEBUG;
+		falco_logger::current_level = falco_logger::level::DEBUG;
 	}
 	else
 	{
@@ -121,7 +121,7 @@ void falco_logger::set_sinsp_logging(bool enable, const std::string& severity, c
 				// logs are always printed by the Falco logger. These
 				// logs are pre-filtered at the sinsp level depending
 				// on the configured severity
-				falco_logger::log(falco_logger::level, s_sinsp_logger_prefix + str);
+				falco_logger::log(falco_logger::current_level, s_sinsp_logger_prefix + str);
 			});
 	}
 	else
@@ -134,10 +134,10 @@ void falco_logger::set_sinsp_logging(bool enable, const std::string& severity, c
 bool falco_logger::log_stderr = true;
 bool falco_logger::log_syslog = true;
 
-void falco_logger::log(int priority, const std::string&& msg)
+void falco_logger::log(falco_logger::level priority, const std::string&& msg)
 {
 
-	if(priority > falco_logger::level)
+	if(priority > falco_logger::current_level)
 	{
 		return;
 	}
@@ -153,7 +153,7 @@ void falco_logger::log(int priority, const std::string&& msg)
 			copy.pop_back();
 		}
 
-		::syslog(priority, "%s", copy.c_str());
+		::syslog(static_cast<int>(priority), "%s", copy.c_str());
 	}
 #endif
 

userspace/falco/logger.h

@@ -18,16 +18,7 @@ limitations under the License.
 #pragma once
 
 #include "sinsp.h"
-#ifdef _WIN32
-#define	LOG_EMERG	0
-#define	LOG_ALERT	1
-#define	LOG_CRIT	2
-#define	LOG_ERR		3
-#define	LOG_WARNING	4
-#define	LOG_NOTICE	5
-#define	LOG_INFO	6
-#define	LOG_DEBUG	7
-#else
+#ifndef _WIN32
 #include <syslog.h>
 #endif
 
@@ -35,6 +26,18 @@ class falco_logger
 {
  public:
 
+	 enum class level : int
+	{
+		EMERG = 0,
+		ALERT,
+		CRIT,
+		ERR,
+		WARNING,
+		NOTICE,
+		INFO,
+		DEBUG
+	};
+
 	static void set_time_format_iso_8601(bool val);
 
 	// Will throw exception if level is unknown.
@@ -42,9 +45,9 @@ class falco_logger
 
 	static void set_sinsp_logging(bool enable, const std::string& severity, const std::string& prefix);
 
-	static void log(int priority, const std::string&& msg);
+	static void log(falco_logger::level priority, const std::string&& msg);
 
-	static int level;
+	static level current_level;
 	static bool log_stderr;
 	static bool log_syslog;
 	static bool time_format_iso_8601;

userspace/falco/outputs_http.cpp

@@ -39,7 +39,7 @@ bool falco::outputs::output_http::init(const config& oc, bool buffered, const st
 	m_curl = curl_easy_init();
 	if(!m_curl)
 	{
-		falco_logger::log(LOG_ERR, "libcurl failed to initialize the handle: " + std::string(curl_easy_strerror(res)));
+		falco_logger::log(falco_logger::level::ERR, "libcurl failed to initialize the handle: " + std::string(curl_easy_strerror(res)));
 		return false;
 	}
 	if(m_json_output)
@@ -111,7 +111,7 @@ void falco::outputs::output_http::output(const message *msg)
 	CHECK_RES(curl_easy_perform(m_curl));
 	if(res != CURLE_OK)
 	{
-		falco_logger::log(LOG_ERR, "libcurl failed to perform call: " + std::string(curl_easy_strerror(res)));
+		falco_logger::log(falco_logger::level::ERR, "libcurl failed to perform call: " + std::string(curl_easy_strerror(res)));
 	}
 }
 

userspace/falco/stats_writer.cpp

@@ -245,7 +245,7 @@ void stats_writer::worker() noexcept
 			}
 			catch(const std::exception &e)
 			{
-				falco_logger::log(LOG_ERR, "stats_writer (worker): " + std::string(e.what()) + "\n");
+				falco_logger::log(falco_logger::level::ERR, "stats_writer (worker): " + std::string(e.what()) + "\n");
 			}
 		}
 	}

userspace/falco/webserver.cpp

@@ -87,7 +87,7 @@ void falco_webserver::start(
         catch(std::exception &e)
         {
             falco_logger::log(
-                LOG_ERR,
+                falco_logger::level::ERR,
                 "falco_webserver: " + std::string(e.what()) + "\n");
         }
         failed.store(true, std::memory_order_release);