Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change log level when tag not defined in Azure configuration #23344

Merged
merged 1 commit into from May 10, 2024
Merged

Change log level when tag not defined in Azure configuration #23344

merged 1 commit into from May 10, 2024

Conversation

fdalmaup
Copy link
Member

@fdalmaup fdalmaup commented May 8, 2024

Related issue
Closes #23329

Description

Modifies the used function to log in ossec.log when the tag field is not defined in the Azure module configuration section to avoid spam in the log file.

Logs example

ossec.log without debug level 2 
2024/05/08 12:06:43 wazuh-modulesd:azure-logs: INFO: Module started.
2024/05/08 12:06:43 wazuh-modulesd:azure-logs: INFO: Starting fetching of logs.
2024/05/08 12:06:43 wazuh-modulesd:azure-logs: INFO: Starting Log Analytics collection for the domain 'TENANT'.
2024/05/08 12:06:48 wazuh-modulesd:azure-logs: INFO: Finished Log Analytics collection for request 'request_1169087121'.
2024/05/08 12:06:48 wazuh-modulesd:azure-logs: INFO: Finished Log Analytics collection for the domain 'TENANT'.
2024/05/08 12:06:48 wazuh-modulesd:azure-logs: INFO: Starting Storage log collection for 'storage_1431669653'.

After setting wazuh_modules.debug=2 in the /var/ossec/etc/local_internal_options.conf file:

ossec.log with debug level 2 
2024/05/08 12:08:31 wazuh-modulesd[5466] wmodules-azure.c:356 at wm_azure_request_read(): DEBUG: At module 'azure-logs': No request tag defined. Setting it randomly...
2024/05/08 12:08:31 wazuh-modulesd[5466] wmodules-azure.c:478 at wm_azure_storage_read(): DEBUG: At module 'azure-logs': No storage tag defined. Setting it randomly...
2024/05/08 12:08:31 wazuh-modulesd[5466] main.c:95 at main(): DEBUG: Created new thread for the 'azure-logs' module.
2024/05/08 12:08:31 wazuh-modulesd:azure-logs[5466] wm_azure.c:54 at wm_azure_main(): INFO: Module started.
2024/05/08 12:08:31 wazuh-modulesd:azure-logs[5466] wm_azure.c:74 at wm_azure_main(): INFO: Starting fetching of logs.
2024/05/08 12:08:31 wazuh-modulesd:azure-logs[5466] wm_azure.c:81 at wm_azure_main(): INFO: Starting Log Analytics collection for the domain 'TENANT'.
2024/05/08 12:08:31 wazuh-modulesd:azure-logs[5466] wm_azure.c:120 at wm_azure_log_analytics(): DEBUG: Creating argument list.
2024/05/08 12:08:31 wazuh-modulesd:azure-logs[5466] wm_azure.c:167 at wm_azure_log_analytics(): DEBUG: Launching command: wodles/azure/azure-logs --log_analytics --la_auth_path /var/ossec/wodles/azure/credentials-analytics --la_tenant_domain TENANT --la_tag request_1069165979 --la_query "AzureActivity" --workspace 7d18bf81-3fc9-4b41-ae28-680f8a3494fe --la_time_offset 50d --debug 2
2024/05/08 12:08:33 wazuh-modulesd:azure-logs[5466] wm_azure.c:184 at wm_azure_log_analytics(): INFO: Finished Log Analytics collection for request 'request_1069165979'.
2024/05/08 12:08:33 wazuh-modulesd:azure-logs[5466] wm_azure.c:83 at wm_azure_main(): INFO: Finished Log Analytics collection for the domain 'TENANT'.
2024/05/08 12:08:33 wazuh-modulesd:azure-logs[5466] wm_azure.c:92 at wm_azure_main(): INFO: Starting Storage log collection for 'storage_980559964'.
2024/05/08 12:08:33 wazuh-modulesd:azure-logs[5466] wm_azure.c:287 at wm_azure_storage(): DEBUG: Creating argument list.
2024/05/08 12:08:33 wazuh-modulesd:azure-logs[5466] wm_azure.c:349 at wm_azure_storage(): DEBUG: Launching command: wodles/azure/azure-logs --storage --storage_auth_path /var/ossec/wodles/azure/credentials-storage --container "container" --blobs "*" --storage_tag storage_980559964 --json_inline --storage_time_offset 260d --debug 2
2024/05/08 12:08:35 wazuh-modulesd:azure-logs[5466] wm_azure.c:366 at wm_azure_storage(): INFO: Finished Storage log collection for container 'container'.
2024/05/08 12:08:35 wazuh-modulesd:azure-logs[5466] wm_azure.c:94 at wm_azure_main(): INFO: Finished Storage log collection for 'storage_980559964'.
2024/05/08 12:08:35 wazuh-modulesd:azure-logs[5466] wm_azure.c:100 at wm_azure_main(): DEBUG: Fetching logs finished.
2024/05/08 12:08:35 wazuh-modulesd:azure-logs[5466] wm_azure.c:70 at wm_azure_main(): DEBUG: Sleeping until: 2024/05/08 12:18:31

@fdalmaup fdalmaup self-assigned this May 8, 2024
GGP1
GGP1 approved these changes May 9, 2024
View reviewed changes
Copy link
Member

@GGP1 GGP1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Selutario
Selutario approved these changes May 10, 2024
View reviewed changes
Copy link
Member

@Selutario Selutario left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. The failing checks are unrelated to this PR.

@Selutario Selutario merged commit 9709e57 into master May 10, 2024
50 of 56 checks passed
@Selutario Selutario deleted the fix/23329-azure-log-tag-spam branch May 10, 2024 11:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Selutario Selutario Selutario approved these changes

@GGP1 GGP1 GGP1 approved these changes

Assignees

@fdalmaup fdalmaup

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Azure-logs spamming in the ossec log
3 participants
@fdalmaup @Selutario @GGP1