Fix logging

elkserver/docker/redelk-base/redelkinstalldata/scripts/config.py

@@ -4,12 +4,6 @@
 with open('/etc/redelk/config.json') as json_data:
     d = json.load(json_data)
 
-# -- General
-Verbosity = 0  # Verbosity
-if "Verbosity" in d:
-    Verbosity = int(d['Verbosity'])
-
-
 # -- logging
 # CRITICAL, 50
 # ERROR, 40
@@ -18,13 +12,9 @@
 # DEBUG, 10
 # NOTSET, 0
 
-DEBUG = 0  # Debug 1 or 0
-if "DEBUG" in d:
-    DEBUG = int(d['DEBUG'])
-
-LOGLEVEL = logging.INFO
-if "LOGLEVEL" in d:
-    LOGLEVEL = int(d['LOGLEVEL'])
+loglevel = logging.WARN
+if "loglevel" in d:
+    loglevel = d['loglevel']
 
 # -- directory for cache files (including shelves)
 tempDir = "/tmp"

elkserver/docker/redelk-base/redelkinstalldata/scripts/daemon.py

@@ -13,7 +13,7 @@
 import copy
 
 from modules.helpers import shouldModuleRun, setTags, moduleDidRun, addAlarmData, groupHits
-from config import alarms, notifications, LOGLEVEL
+from config import alarms, notifications, loglevel
 
 
 # Attempt to load the different modules in their respective dictionaries, and return them
@@ -59,9 +59,9 @@ def run_enrichments(eD):
     for e in eD:
         if shouldModuleRun(e, 'redelk_enrich'):
             try:
-                logger.info('[e] initiating class Module() in %s' % e)
+                logger.debug('[e] initiating class Module() in %s' % e)
                 moduleClass = eD[e]['m'].Module()
-                logger.info('[e] Running Run() from the Module class in %s' % e)
+                logger.debug('[e] Running Run() from the Module class in %s' % e)
                 eD[e]['result'] = copy.deepcopy(moduleClass.run())
 
                 # Now loop through the hits and tag them
@@ -87,9 +87,9 @@ def run_alarms(aD):
     for a in aD:
         if shouldModuleRun(a, 'redelk_alarm'):
             try:
-                logger.info('[a] initiating class Module() in %s' % a)
+                logger.debug('[a] initiating class Module() in %s' % a)
                 moduleClass = aD[a]['m'].Module()
-                logger.info('[a] Running Run() from the Module class in %s' % a)
+                logger.debug('[a] Running Run() from the Module class in %s' % a)
                 aD[a]['result'] = copy.deepcopy(moduleClass.run())
                 hits = len(aD[a]['result']['hits']['hits'])
                 moduleDidRun(a, 'alarm', 'success', 'Found %s documents to alarm' % hits, hits)
@@ -112,7 +112,7 @@ def process_alarms(cD, aD):
 
             # If the alarm did fail to run, skip processing the notification and tagging as we are not sure of the results
             if aD[a]['status'] != 'success':
-                logger.info('Alarm %s did not run (correctly), skipping processing' % a)
+                logger.warn('Alarm %s did not run (correctly), skipping processing' % a)
                 continue
 
             logger.debug('Alarm %s enabled, processing hits' % a)
@@ -131,7 +131,7 @@ def process_alarms(cD, aD):
 
             # Let's tag the docs with the alarm name
             setTags(alarm_name, r['hits']['hits'])
-            logger.info('calling settags %s (%d hits)' % (alarm_name, r['hits']['total']))
+            logger.debug('calling settags %s (%d hits)' % (alarm_name, r['hits']['total']))
 
             # Needed as groupHits will change r['hits']['hits'] and different alarms might do different grouping
             r = copy.deepcopy(aD[a]['result'])
@@ -152,7 +152,7 @@ def process_alarms(cD, aD):
 # Main entry point of the file
 if __name__ == '__main__':
     logging.basicConfig(
-        format='%(asctime)s - %(levelname)s - %(name)s - %(filename)s - %(funcName)s -- %(message)s', level=LOGLEVEL)
+        format='%(asctime)s - %(levelname)s - %(name)s - %(filename)s - %(funcName)s -- %(message)s', level=loglevel)
     logger = logging.getLogger('alarm')
     path = './modules/'
     module_folders = os.listdir(path)

elkserver/docker/redelk-base/redelkinstalldata/scripts/modules/enrich_iplists/module.py

@@ -133,7 +133,7 @@ def update_traffic(self, ip_lists):
                 }
             }
 
-            self.logger.info('Tagging IPs matching IP list %s' % iplist_name)
+            self.logger.debug('Tagging IPs matching IP list %s' % iplist_name)
             # 2. For each IP list, update all documents not tagged already
             res = addTagsByQuery([iplist_tag], q, 'redirtraffic-*')
             updated_count += res['updated']

elkserver/docker/redelk-base/redelkinstalldata/scripts/modules/helpers.py

@@ -232,11 +232,11 @@ def shouldModuleRun(module_name, module_type):
     if module_type == 'redelk_alarm':
 
         if module_name not in config.alarms:
-            logger.warning('Missing configuration for alarm [%s]. Will not run!', module_name)
+            logger.warn('Missing configuration for alarm [%s]. Will not run!', module_name)
             return(False)
 
         if 'enabled' in config.alarms[module_name] and not config.alarms[module_name]['enabled']:
-            logger.info('Alarm module [%s] disabled in configuration file. Will not run!' % module_name)
+            logger.warn('Alarm module [%s] disabled in configuration file. Will not run!' % module_name)
             return(False)
 
         if 'interval' in config.alarms[module_name]:
@@ -247,11 +247,11 @@ def shouldModuleRun(module_name, module_type):
     elif module_type == 'redelk_enrich':
 
         if module_name not in config.enrich:
-            logger.warning('Missing configuration for enrichment module [%s]. Will not run!', module_name)
+            logger.warn('Missing configuration for enrichment module [%s]. Will not run!', module_name)
             return(False)
 
         if 'enabled' in config.enrich[module_name] and not config.enrich[module_name]['enabled']:
-            logger.info('Enrichment module [%s] disabled in configuration file. Will not run!' % module_name)
+            logger.warn('Enrichment module [%s] disabled in configuration file. Will not run!' % module_name)
             return(False)
 
         if 'interval' in config.enrich[module_name]:
@@ -260,7 +260,7 @@ def shouldModuleRun(module_name, module_type):
             interval = 360
 
     else:
-        logger.warning('Invalid module type for shouldModuleRun(%s, %s)' % (module_name, module_type))
+        logger.warn('Invalid module type for shouldModuleRun(%s, %s)' % (module_name, module_type))
         return(False)
 
     now = datetime.datetime.utcnow()

elkserver/mounts/redelk-config/etc/redelk/config.json

@@ -1,7 +1,5 @@
 {
-    "DEBUG": "0",
-    "LOGLEVEL": "20",
-    "Verbosity": "0",
+    "loglevel": "WARNING",
     "interval": 3600,
     "tempDir": "/tmp",
     "redelkserver_letsencrypt": {