Project

General

Profile

Actions

Bug #3685

closed

Incorrect logging level for messages

Added by Chandan Chowdhury almost 4 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
Affected Versions:
Effort:
low
Difficulty:
low
Label:
Beginner

Description

File: unix-manager.c
Function: UnixCommandRun

Below line is under the "else" part of "if" which checks for return code of "recv".
https://github.com/OISF/suricata/blob/master/src/unix-manager.c#L577

ret = recv(client->fd, buffer + offset, sizeof(buffer) - offset - 1, 0);
        do {
            if (ret <= 0) {
                if (ret == 0) {
                    SCLogInfo("Unix socket: lost connection with client");
                } else {
                    SCLogInfo("Unix socket: error on recv() from client: %s",
                            strerror(errno));
                }
                UnixCommandClose(this, client->fd);
                return;
            }

As you can see, we are using SCLogInfo instead of SCLogError .
Similarly, the "if part should use SCLogDebug instead of SCLogInfo.

Below part if very similar code which is executed when handling when client->version <= UNIX_PROTO_V1

if (client->version <= UNIX_PROTO_V1) {
        ret = recv(client->fd, buffer, sizeof(buffer) - 1, 0);
        if (ret <= 0) {
            if (ret == 0) {
                SCLogDebug("Unix socket: lost connection with client");
            } else {
                SCLogError(SC_ERR_SOCKET, "Unix socket: error on recv() from client: %s",
                        strerror(errno));
            }
            UnixCommandClose(this, client->fd);
            return;
        }

Actions #1

Updated by Chandan Chowdhury almost 4 years ago

File: unix-manager.c
Function: UnixCommandRun

Below line is under the else part of if which checks for return code of recv.
https://github.com/OISF/suricata/blob/master/src/unix-manager.c#L577

ret = recv(client->fd, buffer + offset, sizeof(buffer) - offset - 1, 0);
        do {
            if (ret <= 0) {
                if (ret == 0) {
                    SCLogInfo("Unix socket: lost connection with client");
                } else {
                    SCLogInfo("Unix socket: error on recv() from client: %s",
                            strerror(errno));
                }
                UnixCommandClose(this, client->fd);
                return;
            }

As you can see, we are using SCLogInfo instead of SCLogError when ret == 0 is false.
Similarly, the if part is using SCLogInfo instead of SCLogDebug unlike https://github.com/OISF/suricata/blob/master/src/unix-manager.c#L553.

Impact:
Due to above mismatch, every suricatasc invocation generates log message saying
(unix-manager.c:575) <Info> (UnixCommandRun) -- Unix socket: lost connection with client

Example:
Here is a very similar code which is executed when handling client->version <= UNIX_PROTO_V1 and is logging success and failure messages with proper level https://github.com/OISF/suricata/blob/master/src/unix-manager.c#L550.

if (client->version <= UNIX_PROTO_V1) {
        ret = recv(client->fd, buffer, sizeof(buffer) - 1, 0);
        if (ret <= 0) {
            if (ret == 0) {
                SCLogDebug("Unix socket: lost connection with client");
            } else {
                SCLogError(SC_ERR_SOCKET, "Unix socket: error on recv() from client: %s",
                        strerror(errno));
            }
            UnixCommandClose(this, client->fd);
            return;
        }

Actions #2

Updated by Victor Julien over 2 years ago

  • Status changed from New to Closed
  • Target version set to 7.0.0-beta1
Actions

Also available in: Atom PDF