Log denys at highest log level #454
Conversation
| dropCountTotal.WithLabelValues(direction).Add(float64(1)) | ||
| dropBytesTotal.WithLabelValues(direction).Add(float64(rb.PacketSz)) | ||
| log().Infof("Flow Info: Src IP: %s Src Port: %d Dest IP: %s Dest Port: %d Proto: %s Verdict: %s Direction: %s", utils.ConvByteToIPv6(rb.SourceIP).String(), rb.SourcePort, | ||
| log().Errorf("Flow Info: Src IP: %s Src Port: %d Dest IP: %s Dest Port: %d Proto: %s Verdict: %s Direction: %s", utils.ConvByteToIPv6(rb.SourceIP).String(), rb.SourcePort, |
There was a problem hiding this comment.
but it is not error right? This will provide incorrect signal during troubleshooting.
There was a problem hiding this comment.
Ideally we should update this interface https://github.com/aws/aws-network-policy-agent/blob/main/pkg/logger/logger.go#L12 to support V method where we can optionally set log level.
There was a problem hiding this comment.
agreed. if we want to log DENY irrespective of log level, we should de-couple it from current log config which is being set from outside (would a new logger whose config is explicitly set in code work?)
There was a problem hiding this comment.
we can also de-couple the policy log event to a separate log file like policy-events.log. that would also give better segregating of application log vs policy event logs
3 participants
Issue #, if available:
DENY's should always be logged irrespective of log level. Move them to highest log level
Description of changes:
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.