diff --git a/go.mod b/go.mod index d129c3e19c..836e322309 100644 --- a/go.mod +++ b/go.mod @@ -103,7 +103,7 @@ require ( www.velocidex.com/golang/go-prefetch v0.0.0-20220801101854-338dbe61982a www.velocidex.com/golang/oleparse v0.0.0-20220617011920-94df2342d0b7 www.velocidex.com/golang/regparser v0.0.0-20221020153526-bbc758cbd18b - www.velocidex.com/golang/vfilter v0.0.0-20221020070405-7af3cd80b934 + www.velocidex.com/golang/vfilter v0.0.0-20221101121437-3c06b865adbf ) require ( diff --git a/go.sum b/go.sum index 981dd75ce4..1aa1a05c9e 100644 --- a/go.sum +++ b/go.sum @@ -1197,5 +1197,7 @@ www.velocidex.com/golang/regparser v0.0.0-20221020153526-bbc758cbd18b/go.mod h1: www.velocidex.com/golang/vfilter v0.0.0-20220103082604-85bb38175cb7/go.mod h1:eEFMhAmoFHWGCKF39j+iOhTH8REpqBndc3OsdPsxqo8= www.velocidex.com/golang/vfilter v0.0.0-20221020070405-7af3cd80b934 h1:vUdXxTpIjiZmSvAp3dPEZs4ZcBpQKJWh3lfmZVqYKNQ= www.velocidex.com/golang/vfilter v0.0.0-20221020070405-7af3cd80b934/go.mod h1:R3nLf1iHcc7eezqqc68KF+SUOXaAJeFz3TV+j8xorfY= +www.velocidex.com/golang/vfilter v0.0.0-20221101121437-3c06b865adbf h1:9QCjJRFZWaXrUhcUFzld1EhgHSXywn1dpEqq25dx55Q= +www.velocidex.com/golang/vfilter v0.0.0-20221101121437-3c06b865adbf/go.mod h1:R3nLf1iHcc7eezqqc68KF+SUOXaAJeFz3TV+j8xorfY= www.velocidex.com/golang/vtypes v0.0.0-20220816192452-6a27ae078f12 h1:8azOLd/l6sPy1/ug03ueA7jLfsVwE1sI3oHg9q/nkqQ= www.velocidex.com/golang/vtypes v0.0.0-20220816192452-6a27ae078f12/go.mod h1:gpuRaiyhcuPmZYvI/zw+rjlDXklR2ORaLQBuzCXe84o= diff --git a/vql/aggregates/all.go b/vql/aggregates/all.go index a64991231c..b880673689 100644 --- a/vql/aggregates/all.go +++ b/vql/aggregates/all.go @@ -65,7 +65,7 @@ func (self _AllFunction) Call( arg := &_AllFunctionArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("all: %v", err) + scope.Error("all: %v", err) return vfilter.Null{} } diff --git a/vql/aggregates/any.go b/vql/aggregates/any.go index 7e9a8b0169..bacc983a73 100644 --- a/vql/aggregates/any.go +++ b/vql/aggregates/any.go @@ -56,7 +56,7 @@ func (self _AnyFunction) Call( arg := &_AllFunctionArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("any: %v", err) + scope.Error("any: %v", err) return vfilter.Null{} } diff --git a/vql/aggregates/stats.go b/vql/aggregates/stats.go index a7b583e9ff..04094a7478 100644 --- a/vql/aggregates/stats.go +++ b/vql/aggregates/stats.go @@ -39,7 +39,7 @@ func (self _RateFunction) Call( arg := &_RateFunctionArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("rate: %s", err.Error()) + scope.Error("rate: %s", err.Error()) return vfilter.Null{} } diff --git a/vql/common/batch.go b/vql/common/batch.go index 251928ff7f..74a77f1a19 100644 --- a/vql/common/batch.go +++ b/vql/common/batch.go @@ -30,7 +30,7 @@ func (self BatchPlugin) Call( arg := &BatchPluginArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("batch: %v", err) + scope.Error("batch: %v", err) return } @@ -40,7 +40,7 @@ func (self BatchPlugin) Call( // Compile the batch lambda. lambda, err = vfilter.ParseLambda(arg.BatchFunc) if err != nil { - scope.Log("batch: %v", err) + scope.Error("batch: %v", err) return } diff --git a/vql/common/cache.go b/vql/common/cache.go index 3e0d6f4067..b15a46edec 100644 --- a/vql/common/cache.go +++ b/vql/common/cache.go @@ -140,7 +140,7 @@ func (self _CacheFunc) Call(ctx context.Context, scope vfilter.Scope, arg := &_CacheFunctionArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("cache: %s", err.Error()) + scope.Error("cache: %s", err.Error()) return vfilter.Null{} } @@ -193,7 +193,7 @@ func (self _MemoizeFunction) Call(ctx context.Context, scope vfilter.Scope, arg := &_MemoizeFunctionArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("memoize: %s", err.Error()) + scope.Error("memoize: %s", err.Error()) return vfilter.Null{} } diff --git a/vql/common/clock.go b/vql/common/clock.go index 10470b3092..9c03c0be4c 100644 --- a/vql/common/clock.go +++ b/vql/common/clock.go @@ -49,7 +49,7 @@ func (self ClockPlugin) Call( arg := &ClockPluginArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("clock: %v", err) + scope.Error("clock: %v", err) return } @@ -63,7 +63,7 @@ func (self ClockPlugin) Call( if !utils.IsNil(arg.StartTime) { start, err := functions.TimeFromAny(scope, arg.StartTime) if err != nil { - scope.Log("clock: %v", err) + scope.Error("clock: %v", err) return } diff --git a/vql/common/columns.go b/vql/common/columns.go index f51fbf885e..36f668c279 100644 --- a/vql/common/columns.go +++ b/vql/common/columns.go @@ -30,7 +30,7 @@ func (self ColumnFilter) Call( arg := &ColumnFilterArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("column_filter: %v", err) + scope.Error("column_filter: %v", err) return } @@ -43,7 +43,7 @@ func (self ColumnFilter) Call( for _, include := range arg.Include { c, err := regexp.Compile(include) if err != nil { - scope.Log("column_filter: %v", err) + scope.Error("column_filter: %v", err) return } includes = append(includes, c) @@ -54,7 +54,7 @@ func (self ColumnFilter) Call( for _, exclude := range arg.Exclude { c, err := regexp.Compile(exclude) if err != nil { - scope.Log("column_filter: %v", err) + scope.Error("column_filter: %v", err) return } excludes = append(excludes, c) diff --git a/vql/common/diff.go b/vql/common/diff.go index e52b9bdbac..dd0b3c6b13 100644 --- a/vql/common/diff.go +++ b/vql/common/diff.go @@ -170,7 +170,7 @@ func (self _DiffPlugin) Call(ctx context.Context, arg := &_DiffPluginArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("diff: %v", err) + scope.Error("diff: %v", err) return } diff --git a/vql/common/env.go b/vql/common/env.go index 2a5ecfe01d..4c739886fb 100644 --- a/vql/common/env.go +++ b/vql/common/env.go @@ -46,13 +46,13 @@ func (self *EnvFunction) Call(ctx context.Context, err := vql_subsystem.CheckAccess(scope, acls.MACHINE_STATE) if err != nil { - scope.Log("environ: %s", err) + scope.Error("environ: %s", err) return false } err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("environ: %s", err.Error()) + scope.Error("environ: %s", err.Error()) return false } @@ -80,14 +80,14 @@ func init() { err := vql_subsystem.CheckAccess(scope, acls.MACHINE_STATE) if err != nil { - scope.Log("environ: %s", err) + scope.Error("environ: %s", err) return result } arg := &EnvPluginArgs{} err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("%s: %s", "environ", err.Error()) + scope.Error("%s: %s", "environ", err.Error()) return result } diff --git a/vql/common/fifo.go b/vql/common/fifo.go index 93cda85543..bf3872b1cf 100644 --- a/vql/common/fifo.go +++ b/vql/common/fifo.go @@ -142,7 +142,7 @@ func NewFIFOCache( close(done) }) if err != nil { - scope.Log("AddDestructor: %s", err) + scope.Error("AddDestructor: %s", err) close(done) } @@ -195,7 +195,7 @@ func (self _FIFOPlugin) Call(ctx context.Context, arg := &_FIFOPluginArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("fifo: %v", err) + scope.Error("fifo: %v", err) return } diff --git a/vql/common/for.go b/vql/common/for.go index bc1ae2ddd9..2ef7baf58c 100644 --- a/vql/common/for.go +++ b/vql/common/for.go @@ -29,7 +29,7 @@ func (self ForPlugin) Call( arg := &ForPluginArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("for: %v", err) + scope.Error("for: %v", err) return } diff --git a/vql/common/items.go b/vql/common/items.go index 94dad248ed..f8d5ac049f 100644 --- a/vql/common/items.go +++ b/vql/common/items.go @@ -28,7 +28,7 @@ func (self ItemsPlugin) Call( arg := &ItemsPluginArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("items: %v", err) + scope.Error("items: %v", err) return } diff --git a/vql/common/lru.go b/vql/common/lru.go index 0179346739..63e9f5df82 100644 --- a/vql/common/lru.go +++ b/vql/common/lru.go @@ -81,7 +81,7 @@ func (self LRUFunction) Call(ctx context.Context, scope vfilter.Scope, arg := &LRUFunctionArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("lru: %s", err.Error()) + scope.Error("lru: %s", err.Error()) return vfilter.Null{} } diff --git a/vql/common/mail.go b/vql/common/mail.go index 016a8c596d..d0f85c3434 100644 --- a/vql/common/mail.go +++ b/vql/common/mail.go @@ -64,7 +64,7 @@ func (self MailPlugin) Call( err := vql_subsystem.CheckAccess(scope, acls.SERVER_ADMIN) if err != nil { - scope.Log("mail: %s", err) + scope.Error("mail: %s", err) return } @@ -77,7 +77,7 @@ func (self MailPlugin) Call( arg := &MailPluginArgs{} err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("mail: %v", err) + scope.Error("mail: %v", err) return } if time.Since(last_mail) < time.Duration(arg.Period)*time.Second { @@ -149,7 +149,7 @@ func (self MailPlugin) Call( // Send the email to Bob, Cora and Dan. err = d.DialAndSend(m) if err != nil { - scope.Log("mail: %v", err) + scope.Error("mail: %v", err) // Failed to send the mail but we should emit // the row anyway so it gets logged in the // artifact CSV file. diff --git a/vql/common/sampler.go b/vql/common/sampler.go index 3a75572215..3e0fb82534 100644 --- a/vql/common/sampler.go +++ b/vql/common/sampler.go @@ -27,7 +27,7 @@ func (self _SamplerPlugin) Call(ctx context.Context, arg := &_SamplerPluginArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("sample: %v", err) + scope.Error("sample: %v", err) return } diff --git a/vql/common/shell.go b/vql/common/shell.go index 7af1a15748..8eca530f18 100644 --- a/vql/common/shell.go +++ b/vql/common/shell.go @@ -62,7 +62,7 @@ func (self ShellPlugin) Call( err := vql_subsystem.CheckAccess(scope, acls.EXECVE) if err != nil { - scope.Log("shell: %v", err) + scope.Error("shell: %v", err) return } @@ -76,7 +76,7 @@ func (self ShellPlugin) Call( arg := &ShellPluginArgs{} err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("shell: %v", err) + scope.Error("shell: %v", err) return } @@ -121,19 +121,19 @@ func (self ShellPlugin) Call( stdout_pipe, err := command.StdoutPipe() if err != nil { - scope.Log("shell: no command to run") + scope.Error("shell: no command to run") return } stderr_pipe, err := command.StderrPipe() if err != nil { - scope.Log("shell: no command to run") + scope.Error("shell: no command to run") return } err = command.Start() if err != nil { - scope.Log("shell: %v", err) + scope.Error("shell: %v", err) select { case <-ctx.Done(): return diff --git a/vql/common/yara.go b/vql/common/yara.go index 70ad7e3e6b..aa5bc15854 100644 --- a/vql/common/yara.go +++ b/vql/common/yara.go @@ -1,3 +1,4 @@ +//go:build cgo && yara // +build cgo,yara /* @@ -85,7 +86,7 @@ func (self YaraScanPlugin) Call( arg := &YaraScanPluginArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("yarascan: %v", err) + scope.Error("yarascan: %v", err) return } @@ -99,7 +100,7 @@ func (self YaraScanPlugin) Call( err = vql_subsystem.CheckFilesystemAccess(scope, arg.Accessor) if err != nil { - scope.Log("yara: %s", err.Error()) + scope.Error("yara: %s", err.Error()) return } @@ -127,7 +128,7 @@ func (self YaraScanPlugin) Call( accessor, err := accessors.GetAccessor(arg.Accessor, scope) if err != nil { - scope.Log("yara: %v", err) + scope.Error("yara: %v", err) return } @@ -135,7 +136,7 @@ func (self YaraScanPlugin) Call( filename, err := accessors.ParseOSPath( ctx, scope, accessor, filename_any) if err != nil { - scope.Log("yara: %v", err) + scope.Error("yara: %v", err) return } matcher.filename = filename @@ -212,14 +213,14 @@ func (self *scanReporter) scanFileByAccessor( accessor, err := accessors.GetAccessor(accessor_name, self.scope) if err != nil { - self.scope.Log("yara: %v", err) + self.scope.Error("yara: %v", err) return } // Open the file with the accessor f, err := accessor.OpenWithOSPath(self.filename) if err != nil { - self.scope.Log("yara: Failed to open %v with accessor %v: %v", + self.scope.Error("yara: Failed to open %v with accessor %v: %v", self.filename, accessor_name, err) return } @@ -494,7 +495,7 @@ func (self YaraProcPlugin) Call( arg := &YaraProcPluginArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("proc_yara: %v", err) + scope.Error("proc_yara: %v", err) return } @@ -509,7 +510,7 @@ func (self YaraProcPlugin) Call( generated_rules := RuleGenerator(scope, arg.Rules) rules, err = yara.Compile(generated_rules, variables) if err != nil { - scope.Log("Failed to initialize YARA compiler: %v", err) + scope.Error("Failed to initialize YARA compiler: %v", err) return } @@ -520,7 +521,7 @@ func (self YaraProcPlugin) Call( arg.Pid, yara.ScanFlagsProcessMemory, 300*time.Second) if err != nil { - scope.Log("proc_yara: pid %v: %v", arg.Pid, err) + scope.Error("proc_yara: pid %v: %v", arg.Pid, err) return } diff --git a/vql/filesystem/copy.go b/vql/filesystem/copy.go index fe1abef5cc..838c938411 100644 --- a/vql/filesystem/copy.go +++ b/vql/filesystem/copy.go @@ -62,25 +62,25 @@ func (self *CopyFunction) Call(ctx context.Context, arg := &CopyFunctionArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("copy: %v", err) + scope.Error("copy: %v", err) return vfilter.Null{} } err = vql_subsystem.CheckFilesystemAccess(scope, arg.Accessor) if err != nil { - scope.Log("copy: %s", err.Error()) + scope.Error("copy: %s", err.Error()) return vfilter.Null{} } accessor, err := accessors.GetAccessor(arg.Accessor, scope) if err != nil { - scope.Log("copy: %v", err) + scope.Error("copy: %v", err) return vfilter.Null{} } fd, err := accessor.Open(arg.Filename) if err != nil { - scope.Log("copy: Failed to open %v: %v", + scope.Error("copy: Failed to open %v: %v", arg.Filename, err) return vfilter.Null{} } @@ -116,7 +116,7 @@ func (self *CopyFunction) Call(ctx context.Context, to, err := os.OpenFile(arg.Destination, flags, permissions) if err != nil { - scope.Log("copy: Failed to open %v for writing: %v", + scope.Error("copy: Failed to open %v for writing: %v", arg.Destination, err) return vfilter.Null{} } @@ -124,7 +124,7 @@ func (self *CopyFunction) Call(ctx context.Context, _, err = utils.Copy(ctx, to, fd) if err != nil { - scope.Log("copy: Failed to copy: %v", err) + scope.Error("copy: Failed to copy: %v", err) return vfilter.Null{} } diff --git a/vql/filesystem/filesystem.go b/vql/filesystem/filesystem.go index 938459921e..20a30ec66e 100644 --- a/vql/filesystem/filesystem.go +++ b/vql/filesystem/filesystem.go @@ -63,19 +63,19 @@ func (self GlobPlugin) Call( arg := &GlobPluginArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("glob: %s", err.Error()) + scope.Error("glob: %s", err.Error()) return } err = vql_subsystem.CheckFilesystemAccess(scope, arg.Accessor) if err != nil { - scope.Log("glob: %s", err.Error()) + scope.Error("glob: %s", err.Error()) return } accessor, err := accessors.GetAccessor(arg.Accessor, scope) if err != nil { - scope.Log("glob: %v", err) + scope.Error("glob: %v", err) return } @@ -88,7 +88,7 @@ func (self GlobPlugin) Call( root := arg.Root accessor_root, err := accessor.ParsePath("") if err != nil { - scope.Log("glob: %v", err) + scope.Error("glob: %v", err) return } @@ -110,7 +110,7 @@ func (self GlobPlugin) Call( // Compile the callback lambda, err := vfilter.ParseLambda(arg.RecursionCallback) if err != nil { - scope.Log("glob: while parsing recursion_callback: %v", err) + scope.Error("glob: while parsing recursion_callback: %v", err) return } @@ -135,7 +135,7 @@ func (self GlobPlugin) Call( // component. root, err = root.Parse(item) if err != nil { - scope.Log("glob: %v", err) + scope.Error("glob: %v", err) return } @@ -159,12 +159,12 @@ func (self GlobPlugin) Call( item_path, err := root.Parse(item) if err != nil { - scope.Log("glob: %v", err) + scope.Error("glob: %v", err) return } err = globber.Add(item_path) if err != nil { - scope.Log("glob: %v", err) + scope.Error("glob: %v", err) return } } @@ -267,7 +267,7 @@ func (self ReadFilePlugin) Call( arg := &ReadFileArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("%s: %s", self.Name(), err.Error()) + scope.Error("%s: %s", self.Name(), err.Error()) close(output_chan) return output_chan } @@ -281,13 +281,13 @@ func (self ReadFilePlugin) Call( err := vql_subsystem.CheckFilesystemAccess(scope, arg.Accessor) if err != nil { - scope.Log("read_file: %v", err) + scope.Error("read_file: %v", err) return } accessor, err := accessors.GetAccessor(arg.Accessor, scope) if err != nil { - scope.Log("read_file: %v", err) + scope.Error("read_file: %v", err) return } @@ -328,7 +328,7 @@ func (self *ReadFileFunction) Call(ctx context.Context, arg := &ReadFileFunctionArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("read_file: %s", err.Error()) + scope.Error("read_file: %s", err.Error()) return "" } @@ -338,13 +338,13 @@ func (self *ReadFileFunction) Call(ctx context.Context, err = vql_subsystem.CheckFilesystemAccess(scope, arg.Accessor) if err != nil { - scope.Log("read_file: %s", err) + scope.Error("read_file: %s", err) return vfilter.Null{} } accessor, err := accessors.GetAccessor(arg.Accessor, scope) if err != nil { - scope.Log("read_file: %v", err) + scope.Error("read_file: %v", err) return "" } @@ -352,7 +352,7 @@ func (self *ReadFileFunction) Call(ctx context.Context, fd, err := accessor.OpenWithOSPath(arg.Filename) if err != nil { - scope.Log("read_file: %v: %v", arg.Filename.String(), err) + scope.Error("read_file: %v: %v", arg.Filename.String(), err) return "" } defer fd.Close() @@ -399,19 +399,19 @@ func (self *StatPlugin) Call( arg := &StatArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("stat: %s", err.Error()) + scope.Error("stat: %s", err.Error()) return } err = vql_subsystem.CheckFilesystemAccess(scope, arg.Accessor) if err != nil { - scope.Log("stat: %s", err.Error()) + scope.Error("stat: %s", err.Error()) return } accessor, err := accessors.GetAccessor(arg.Accessor, scope) if err != nil { - scope.Log("stat: %s", err.Error()) + scope.Error("stat: %s", err.Error()) return } diff --git a/vql/filesystem/filesystems.go b/vql/filesystem/filesystems.go index 1a4b661278..07f42f3a0b 100644 --- a/vql/filesystem/filesystems.go +++ b/vql/filesystem/filesystems.go @@ -63,7 +63,7 @@ func init() { arg := &PartitionsArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("%s: %s", "partitions", err.Error()) + scope.Error("%s: %s", "partitions", err.Error()) return result } diff --git a/vql/filesystem/grep.go b/vql/filesystem/grep.go index 1e75c70622..81b56df8b9 100644 --- a/vql/filesystem/grep.go +++ b/vql/filesystem/grep.go @@ -1,3 +1,4 @@ +//go:build deprecated // +build deprecated /* @@ -57,7 +58,7 @@ func (self *GrepFunction) Call(ctx context.Context, arg := &GrepFunctionArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("grep: %s", err.Error()) + scope.Error("grep: %s", err.Error()) return false } @@ -81,19 +82,19 @@ func (self *GrepFunction) Call(ctx context.Context, err = vql_subsystem.CheckFilesystemAccess(scope, arg.Accessor) if err != nil { - scope.Log("grep: %s", err.Error()) + scope.Error("grep: %s", err.Error()) return false } fs, err := accessors.GetAccessor(arg.Accessor, scope) if err != nil { - scope.Log(err.Error()) + scope.Error(err.Error()) return false } file, err := fs.Open(arg.Path) if err != nil { - scope.Log(err.Error()) + scope.Error(err.Error()) return false } defer file.Close() @@ -111,7 +112,7 @@ func (self *GrepFunction) Call(ctx context.Context, return hits } else if err != nil { - scope.Log(err.Error()) + scope.Error(err.Error()) return false } diff --git a/vql/filesystem/pathspec.go b/vql/filesystem/pathspec.go index 5ea4ed07d9..47f35325d4 100644 --- a/vql/filesystem/pathspec.go +++ b/vql/filesystem/pathspec.go @@ -28,14 +28,14 @@ func (self *PathSpecFunction) Call(ctx context.Context, arg := &PathSpecArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("pathspec: %v", err) + scope.Error("pathspec: %v", err) return false } if arg.Parse != "" { os_path, err := accessors.ParsePath(arg.Parse, arg.Type) if err != nil { - scope.Log("pathspec: %v", err) + scope.Error("pathspec: %v", err) return false } @@ -69,7 +69,7 @@ func (self *PathSpecFunction) Call(ctx context.Context, if !utils.IsNil(path) { serialized, err := json.Marshal(path) if err != nil { - scope.Log("pathspec: %v", err) + scope.Error("pathspec: %v", err) return vfilter.Null{} } @@ -87,7 +87,7 @@ func (self *PathSpecFunction) Call(ctx context.Context, result, err := accessors.ParsePath(path_str, arg.Type) if err != nil { - scope.Log("pathspec: %v", err) + scope.Error("pathspec: %v", err) return vfilter.Null{} } diff --git a/vql/filesystem/raw_registry.go b/vql/filesystem/raw_registry.go index 7517d140a8..60ba0d2e6f 100644 --- a/vql/filesystem/raw_registry.go +++ b/vql/filesystem/raw_registry.go @@ -33,7 +33,7 @@ func (self ReadKeyValues) Call( arg := &ReadKeyValuesArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("read_reg_key: %s", err.Error()) + scope.Error("read_reg_key: %s", err.Error()) return } @@ -45,7 +45,7 @@ func (self ReadKeyValues) Call( accessor, err := accessors.GetAccessor(arg.Accessor, scope) if err != nil { - scope.Log("read_reg_key: %v", err) + scope.Error("read_reg_key: %v", err) return } @@ -85,7 +85,7 @@ func (self ReadKeyValues) Call( if arg.Root != nil && arg.Globs == nil { file_info, err := accessor.LstatWithOSPath(arg.Root) if err != nil { - scope.Log("read_reg_key: %v: %v", arg.Root, err) + scope.Error("read_reg_key: %v: %v", arg.Root, err) return } emit_dict(file_info) diff --git a/vql/filesystem/rm.go b/vql/filesystem/rm.go index c80d8a2e02..556b1cba2e 100644 --- a/vql/filesystem/rm.go +++ b/vql/filesystem/rm.go @@ -23,20 +23,20 @@ func (self *_RmFunction) Call(ctx context.Context, err := vql_subsystem.CheckAccess(scope, acls.FILESYSTEM_WRITE) if err != nil { - scope.Log("rm: %s", err) + scope.Error("rm: %s", err) return false } arg := &_RmRequest{} err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("rm: %s", err.Error()) + scope.Error("rm: %s", err.Error()) return false } err = os.Remove(arg.Filename) if err != nil { - scope.Log("rm: %s", err.Error()) + scope.Error("rm: %s", err.Error()) return false } diff --git a/vql/filesystem/tempfile.go b/vql/filesystem/tempfile.go index 329df229c6..36eb46db1c 100644 --- a/vql/filesystem/tempfile.go +++ b/vql/filesystem/tempfile.go @@ -46,14 +46,14 @@ func (self *TempfileFunction) Call(ctx context.Context, err := vql_subsystem.CheckAccess(scope, acls.FILESYSTEM_WRITE) if err != nil { - scope.Log("tempfile: %s", err) + scope.Error("tempfile: %s", err) return false } arg := &_TempfileRequest{} err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("tempfile: %s", err.Error()) + scope.Error("tempfile: %s", err.Error()) return false } @@ -73,7 +73,7 @@ func (self *TempfileFunction) Call(ctx context.Context, tmpfile, err := ioutil.TempFile("", "tmp*"+arg.Extension) if err != nil { - scope.Log("tempfile: %v", err) + scope.Error("tempfile: %v", err) return false } @@ -83,7 +83,7 @@ func (self *TempfileFunction) Call(ctx context.Context, for _, content := range arg.Data { _, err := tmpfile.Write([]byte(content)) if err != nil { - scope.Log("tempfile: %s", err.Error()) + scope.Error("tempfile: %s", err.Error()) } } @@ -146,20 +146,20 @@ func (self *TempdirFunction) Call(ctx context.Context, err := vql_subsystem.CheckAccess(scope, acls.FILESYSTEM_WRITE) if err != nil { - scope.Log("tempdir: %s", err) + scope.Error("tempdir: %s", err) return false } arg := &_TempdirRequest{} err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("tempdir: %s", err.Error()) + scope.Error("tempdir: %s", err.Error()) return false } dir, err := ioutil.TempDir("", "tmp") if err != nil { - scope.Log("tempdir: %v", err) + scope.Error("tempdir: %v", err) return false } diff --git a/vql/functions/commandline.go b/vql/functions/commandline.go index b26f2411ba..289d35685b 100644 --- a/vql/functions/commandline.go +++ b/vql/functions/commandline.go @@ -23,14 +23,14 @@ func (self *CommandlineToArgvFunction) Call(ctx context.Context, arg := &CommandlineToArgvArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("commandline_split: %v", err) + scope.Error("commandline_split: %v", err) return []string{} } if arg.BashStyle { res, err := shlex.Split(arg.Command) if err != nil { - scope.Log("commandline_split: %v", err) + scope.Error("commandline_split: %v", err) return []string{} } return res diff --git a/vql/functions/dict.go b/vql/functions/dict.go index 53d9576f6c..251b2791f8 100644 --- a/vql/functions/dict.go +++ b/vql/functions/dict.go @@ -31,7 +31,7 @@ func (self _ToDictFunc) Call(ctx context.Context, scope vfilter.Scope, arg := &_ToDictFunctionArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("to_dict: %s", err.Error()) + scope.Error("to_dict: %s", err.Error()) return vfilter.Null{} } @@ -75,7 +75,7 @@ func (self _ItemsFunc) Call(ctx context.Context, scope vfilter.Scope, arg := &_ToDictFunctionArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("items: %s", err.Error()) + scope.Error("items: %s", err.Error()) return vfilter.Null{} } diff --git a/vql/functions/encode.go b/vql/functions/encode.go index e5712e9104..cd46b69f33 100644 --- a/vql/functions/encode.go +++ b/vql/functions/encode.go @@ -30,7 +30,7 @@ func (self *EncodeFunction) Call(ctx context.Context, arg := &EncodeFunctionArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("serialize: %s", err.Error()) + scope.Error("serialize: %s", err.Error()) return vfilter.Null{} } @@ -53,7 +53,7 @@ func (self *EncodeFunction) Call(ctx context.Context, opts := vql_subsystem.EncOptsFromScope(scope) serialized_content, err := json.MarshalIndentWithOptions(result, opts) if err != nil { - scope.Log("serialize: %s", err.Error()) + scope.Error("serialize: %s", err.Error()) return vfilter.Null{} } @@ -62,7 +62,7 @@ func (self *EncodeFunction) Call(ctx context.Context, case "yaml": serialized, err := yaml.Marshal(result) if err != nil { - scope.Log("serialize: %v", err) + scope.Error("serialize: %v", err) return vfilter.Null{} } return string(serialized) diff --git a/vql/functions/entropy.go b/vql/functions/entropy.go index 21b5dd6caf..6b2b98816f 100644 --- a/vql/functions/entropy.go +++ b/vql/functions/entropy.go @@ -39,7 +39,7 @@ func (self *Entropy) Call(ctx context.Context, arg := &entropy_args{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("entropy: %s", err.Error()) + scope.Error("entropy: %s", err.Error()) return false } return float64(shannon(arg.String)) diff --git a/vql/functions/expand.go b/vql/functions/expand.go index b903aa7ffc..550ad74b68 100644 --- a/vql/functions/expand.go +++ b/vql/functions/expand.go @@ -29,14 +29,14 @@ func (self ExpandPath) Call( err := vql_subsystem.CheckAccess(scope, acls.MACHINE_STATE) if err != nil { - scope.Log("expand: %s", err) + scope.Error("expand: %s", err) return vfilter.Null{} } arg := &ExpandPathArgs{} err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("expand: %s", err.Error()) + scope.Error("expand: %s", err.Error()) return vfilter.Null{} } diff --git a/vql/functions/format.go b/vql/functions/format.go index 58da0fb208..955f47cb5a 100644 --- a/vql/functions/format.go +++ b/vql/functions/format.go @@ -41,7 +41,7 @@ func (self *FormatFunction) Call(ctx context.Context, arg := &FormatArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("format: %s", err.Error()) + scope.Error("format: %s", err.Error()) return false } diff --git a/vql/functions/functions.go b/vql/functions/functions.go index 3ec158ea4b..303281c34c 100644 --- a/vql/functions/functions.go +++ b/vql/functions/functions.go @@ -48,7 +48,7 @@ func (self _Base64Decode) Call( arg := &_Base64DecodeArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("base64decode: %s", err.Error()) + scope.Error("base64decode: %s", err.Error()) return vfilter.Null{} } @@ -79,7 +79,7 @@ func (self _Base64Encode) Call( arg := &_Base64EncodeArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("base64encode: %s", err.Error()) + scope.Error("base64encode: %s", err.Error()) return vfilter.Null{} } @@ -108,7 +108,7 @@ func (self _ToLower) Call( arg := &_ToLowerArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("lowcase: %s", err.Error()) + scope.Error("lowcase: %s", err.Error()) return vfilter.Null{} } @@ -131,7 +131,7 @@ func (self _ToUpper) Call( arg := &_ToLowerArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("upcase: %s", err.Error()) + scope.Error("upcase: %s", err.Error()) return vfilter.Null{} } @@ -158,7 +158,7 @@ func (self _ToInt) Call( arg := &_ToIntArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("atoi: %s", err.Error()) + scope.Error("atoi: %s", err.Error()) return vfilter.Null{} } @@ -190,7 +190,7 @@ func (self _ParseFloat) Call( arg := &_ToIntArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("atoi: %s", err.Error()) + scope.Error("atoi: %s", err.Error()) return vfilter.Null{} } @@ -252,7 +252,7 @@ func (self _UTF16) Call( arg := &_Base64DecodeArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("utf16: %s", err.Error()) + scope.Error("utf16: %s", err.Error()) return vfilter.Null{} } @@ -283,7 +283,7 @@ func (self _UTF16Encode) Call( arg := &_Base64EncodeArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("utf16_encode: %s", err.Error()) + scope.Error("utf16_encode: %s", err.Error()) return vfilter.Null{} } @@ -291,7 +291,7 @@ func (self _UTF16Encode) Call( ints := utf16.Encode([]rune(arg.String)) err = binary.Write(buf, binary.LittleEndian, &ints) if err != nil { - scope.Log("utf16_encode: %s", err.Error()) + scope.Error("utf16_encode: %s", err.Error()) return vfilter.Null{} } @@ -347,7 +347,7 @@ func (self _GetFunction) Call( arg := &_GetFunctionArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("get: %s", err.Error()) + scope.Error("get: %s", err.Error()) return vfilter.Null{} } @@ -413,7 +413,7 @@ func (self _SetFunction) Call( arg := &_SetFunctionArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("set: %s", err.Error()) + scope.Error("set: %s", err.Error()) return vfilter.Null{} } diff --git a/vql/functions/gunzip.go b/vql/functions/gunzip.go index 7708c25c70..c43b2549a1 100644 --- a/vql/functions/gunzip.go +++ b/vql/functions/gunzip.go @@ -41,7 +41,7 @@ func (self *Gunzip) Call(ctx context.Context, arg := &GunzipArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("Gunzip: %s", err.Error()) + scope.Error("Gunzip: %s", err.Error()) return false } @@ -50,7 +50,7 @@ func (self *Gunzip) Call(ctx context.Context, r, err = gzip.NewReader(b) if err != nil { - scope.Log("Gunzip: %s", err.Error()) + scope.Error("Gunzip: %s", err.Error()) return false } @@ -58,7 +58,7 @@ func (self *Gunzip) Call(ctx context.Context, _, err = resB.ReadFrom(r) if err != nil { - scope.Log("Gunzip: %s", err.Error()) + scope.Error("Gunzip: %s", err.Error()) return false } diff --git a/vql/functions/hash.go b/vql/functions/hash.go index 850e185c58..f2a42fe2f5 100644 --- a/vql/functions/hash.go +++ b/vql/functions/hash.go @@ -75,7 +75,7 @@ func (self *HashFunction) Call(ctx context.Context, arg := &HashFunctionArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("hash: %v", err) + scope.Error("hash: %v", err) return vfilter.Null{} } @@ -86,19 +86,19 @@ func (self *HashFunction) Call(ctx context.Context, err = vql_subsystem.CheckFilesystemAccess(scope, arg.Accessor) if err != nil { - scope.Log("hash: %s", err) + scope.Error("hash: %s", err) return vfilter.Null{} } fs, err := accessors.GetAccessor(arg.Accessor, scope) if err != nil { - scope.Log("hash: %v", err) + scope.Error("hash: %v", err) return vfilter.Null{} } file, err := fs.Open(arg.Path.String()) if err != nil { - //scope.Log("hash %s: %v", arg.Path.String(), err) + //scope.Error("hash %s: %v", arg.Path.String(), err) return vfilter.Null{} } defer file.Close() @@ -157,7 +157,7 @@ func (self *HashFunction) Call(ctx context.Context, } } else if err != nil { - scope.Log("hash: %v", err) + scope.Error("hash: %v", err) return vfilter.Null{} } diff --git a/vql/functions/humanize.go b/vql/functions/humanize.go index bdb45594d9..33eca49c22 100644 --- a/vql/functions/humanize.go +++ b/vql/functions/humanize.go @@ -40,7 +40,7 @@ func (self *HumanizeFunction) Call(ctx context.Context, arg := &HumanizeArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("Humanize: %s", err.Error()) + scope.Error("Humanize: %s", err.Error()) return false } diff --git a/vql/functions/ints.go b/vql/functions/ints.go index 56f0ae8727..560f0c5e17 100644 --- a/vql/functions/ints.go +++ b/vql/functions/ints.go @@ -40,7 +40,7 @@ func (self *IntFunction) Call(ctx context.Context, arg := &IntArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("int: %s", err.Error()) + scope.Error("int: %s", err.Error()) return false } @@ -89,7 +89,7 @@ func (self *StrFunction) Call(ctx context.Context, arg := &StrFunctionArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("str: %s", err.Error()) + scope.Error("str: %s", err.Error()) return false } diff --git a/vql/functions/lists.go b/vql/functions/lists.go index 980eba3500..73bd1e3fb8 100644 --- a/vql/functions/lists.go +++ b/vql/functions/lists.go @@ -113,7 +113,7 @@ func (self *JoinFunction) Call(ctx context.Context, arg := &JoinFunctionArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("join: %s", err.Error()) + scope.Error("join: %s", err.Error()) return false } @@ -141,7 +141,7 @@ func (self *FilterFunction) Call(ctx context.Context, arg := &FilterFunctionArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("filter: %s", err.Error()) + scope.Error("filter: %s", err.Error()) return &vfilter.Null{} } @@ -149,7 +149,7 @@ func (self *FilterFunction) Call(ctx context.Context, for _, re := range arg.Regex { r, err := regexp.Compile("(?i)" + re) if err != nil { - scope.Log("filter: Unable to compile regex %s", re) + scope.Error("filter: Unable to compile regex %s", re) return false } res = append(res, r) @@ -159,7 +159,7 @@ func (self *FilterFunction) Call(ctx context.Context, if arg.Condition != "" { lambda, err = vfilter.ParseLambda(arg.Condition) if err != nil { - scope.Log("filter: Unable to compile lambda %s", arg.Condition) + scope.Error("filter: Unable to compile lambda %s", arg.Condition) return false } } @@ -211,7 +211,7 @@ func (self *LenFunction) Call(ctx context.Context, arg := &LenFunctionArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("len: %s", err.Error()) + scope.Error("len: %s", err.Error()) return &vfilter.Null{} } @@ -254,7 +254,7 @@ func (self *SliceFunction) Call(ctx context.Context, arg := &SliceFunctionArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("len: %s", err.Error()) + scope.Error("len: %s", err.Error()) return &vfilter.Null{} } diff --git a/vql/functions/log.go b/vql/functions/log.go index ad42e31b58..a78bda9ca3 100644 --- a/vql/functions/log.go +++ b/vql/functions/log.go @@ -56,7 +56,7 @@ func (self *LogFunction) Call(ctx context.Context, arg := &LogFunctionArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("log: %s", err.Error()) + scope.Error("log: %s", err.Error()) return false } diff --git a/vql/functions/networks.go b/vql/functions/networks.go index 7ff82743a5..3a03f3485a 100644 --- a/vql/functions/networks.go +++ b/vql/functions/networks.go @@ -40,7 +40,7 @@ func (self *IpFunction) Call(ctx context.Context, arg := &IpArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("ip: %s", err.Error()) + scope.Error("ip: %s", err.Error()) return false } diff --git a/vql/functions/patch.go b/vql/functions/patch.go index 8bc257076d..82771150ea 100644 --- a/vql/functions/patch.go +++ b/vql/functions/patch.go @@ -47,13 +47,13 @@ func (self *PatchFunction) Call( arg := &PatchFunctionArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("patch: %s", err.Error()) + scope.Error("patch: %s", err.Error()) return vfilter.Null{} } value_str, err := to_json(arg.Item) if err != nil { - scope.Log("patch: %v", err) + scope.Error("patch: %v", err) return vfilter.Null{} } @@ -61,13 +61,13 @@ func (self *PatchFunction) Call( if arg.Merge != nil { merge, err := to_json(arg.Merge) if err != nil { - scope.Log("patch: %v", err) + scope.Error("patch: %v", err) return vfilter.Null{} } patched, err = jsonpatch.MergePatch(value_str, merge) if err != nil { - scope.Log("patch: %v", err) + scope.Error("patch: %v", err) return vfilter.Null{} } } else if arg.Patch != nil { @@ -86,13 +86,13 @@ func (self *PatchFunction) Call( patch, err := jsonpatch.DecodePatch(patch_str) if err != nil { - scope.Log("patch: %v", err) + scope.Error("patch: %v", err) return vfilter.Null{} } patched, err = patch.Apply([]byte(value_str)) if err != nil { - scope.Log("patch: %v", err) + scope.Error("patch: %v", err) return vfilter.Null{} } } else { @@ -103,7 +103,7 @@ func (self *PatchFunction) Call( item := ordereddict.NewDict() err = json.Unmarshal(patched, &item) if err != nil { - scope.Log("patch: %v", err) + scope.Error("patch: %v", err) return vfilter.Null{} } diff --git a/vql/functions/paths.go b/vql/functions/paths.go index 91beb1d542..e888110639 100644 --- a/vql/functions/paths.go +++ b/vql/functions/paths.go @@ -44,13 +44,13 @@ func (self *DirnameFunction) Call(ctx context.Context, arg := &DirnameArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("dirname: %s", err.Error()) + scope.Error("dirname: %s", err.Error()) return false } os_path, err := parsePath(ctx, scope, arg.Path, arg.Sep, arg.PathType) if err != nil { - scope.Log("dirname: %v", err) + scope.Error("dirname: %v", err) return false } @@ -73,13 +73,13 @@ func (self *BasenameFunction) Call(ctx context.Context, arg := &DirnameArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("basename: %v", err) + scope.Error("basename: %v", err) return false } os_path, err := parsePath(ctx, scope, arg.Path, arg.Sep, arg.PathType) if err != nil { - scope.Log("basename: %v", err) + scope.Error("basename: %v", err) return false } @@ -108,7 +108,7 @@ func (self *RelnameFunction) Call(ctx context.Context, arg := &RelnameFunctionArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("relpath: %s", err.Error()) + scope.Error("relpath: %s", err.Error()) return false } @@ -142,7 +142,7 @@ func (self *PathJoinFunction) Call(ctx context.Context, arg := &PathJoinArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("path_join: %s", err.Error()) + scope.Error("path_join: %s", err.Error()) return false } @@ -155,7 +155,7 @@ func (self *PathJoinFunction) Call(ctx context.Context, for _, c := range arg.Components { os_path, err = parsePath(ctx, scope, c, arg.Sep, arg.PathType) if err != nil { - scope.Log("dirname: %v", err) + scope.Error("dirname: %v", err) return false } @@ -165,7 +165,7 @@ func (self *PathJoinFunction) Call(ctx context.Context, if os_path == nil { os_path, err = parsePath(ctx, scope, "", arg.Sep, arg.PathType) if err != nil { - scope.Log("dirname: %v", err) + scope.Error("dirname: %v", err) return false } } @@ -195,13 +195,13 @@ func (self *PathSplitFunction) Call(ctx context.Context, arg := &PathSplitArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("path_split: %s", err.Error()) + scope.Error("path_split: %s", err.Error()) return []string{} } os_path, err := parsePath(ctx, scope, arg.Path, "", arg.PathType) if err != nil { - scope.Log("path_split: %v", err) + scope.Error("path_split: %v", err) return false } diff --git a/vql/functions/pid.go b/vql/functions/pid.go index 8858acc3de..e7313d9bb6 100644 --- a/vql/functions/pid.go +++ b/vql/functions/pid.go @@ -35,7 +35,7 @@ func (self *GetPidFunction) Call(ctx context.Context, err := vql_subsystem.CheckAccess(scope, acls.MACHINE_STATE) if err != nil { - scope.Log("environ: %s", err) + scope.Error("environ: %s", err) return 0 } diff --git a/vql/functions/rc4.go b/vql/functions/rc4.go index 11efbc26a7..3b75728468 100644 --- a/vql/functions/rc4.go +++ b/vql/functions/rc4.go @@ -40,13 +40,13 @@ func (self *Crypto_rc4) Call(ctx context.Context, arg := &Crypto_rc4Args{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("Crypto_rc4: %s", err.Error()) + scope.Error("Crypto_rc4: %s", err.Error()) return false } cipher, err := rc4.NewCipher([]byte(arg.Key)) if err != nil { - scope.Log("Crypto_rc4: %s", err.Error()) + scope.Error("Crypto_rc4: %s", err.Error()) return false } diff --git a/vql/functions/rot13.go b/vql/functions/rot13.go index d65b7026df..615a5e6cc7 100644 --- a/vql/functions/rot13.go +++ b/vql/functions/rot13.go @@ -38,7 +38,7 @@ func (self *Rot13) Call(ctx context.Context, arg := &Rot13Args{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("rot13: %s", err.Error()) + scope.Error("rot13: %s", err.Error()) return false } diff --git a/vql/functions/sleep.go b/vql/functions/sleep.go index 01778a6d0e..3b0018b57c 100644 --- a/vql/functions/sleep.go +++ b/vql/functions/sleep.go @@ -24,7 +24,7 @@ func (self *SleepFunction) Call(ctx context.Context, arg := &SleepArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("sleep: %s", err.Error()) + scope.Error("sleep: %s", err.Error()) return false } @@ -65,7 +65,7 @@ func (self *RandFunction) Call(ctx context.Context, arg := &RandArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("rand: %s", err.Error()) + scope.Error("rand: %s", err.Error()) return false } diff --git a/vql/functions/strings.go b/vql/functions/strings.go index 6cd6b0087c..a3655d06f1 100644 --- a/vql/functions/strings.go +++ b/vql/functions/strings.go @@ -41,7 +41,7 @@ func (self *StripFunction) Call(ctx context.Context, arg := &StripArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("strip: %s", err.Error()) + scope.Error("strip: %s", err.Error()) return false } if arg.Prefix == "" && arg.Suffix == "" { @@ -83,7 +83,7 @@ func (self *SubStrFunction) Call(ctx context.Context, arg := &SubStrArgs{} err := vfilter.ExtractArgs(scope, args, arg) if err != nil { - scope.Log("substr: %s", err.Error()) + scope.Error("substr: %s", err.Error()) return nil } diff --git a/vql/functions/time.go b/vql/functions/time.go index 3ca6fd1c71..94fd1a4fac 100644 --- a/vql/functions/time.go +++ b/vql/functions/time.go @@ -154,7 +154,7 @@ func (self _Timestamp) Call(ctx context.Context, scope vfilter.Scope, arg := &_TimestampArg{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("timestamp: %s", err.Error()) + scope.Error("timestamp: %s", err.Error()) return vfilter.Null{} } diff --git a/vql/functions/tlsh.go b/vql/functions/tlsh.go index 82cd093abc..3a47b56136 100644 --- a/vql/functions/tlsh.go +++ b/vql/functions/tlsh.go @@ -25,7 +25,7 @@ func (self *TLSHashFunction) Call(ctx context.Context, arg := &HashFunctionArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("tlsh_hash: %v", err) + scope.Error("tlsh_hash: %v", err) return vfilter.Null{} } @@ -34,13 +34,13 @@ func (self *TLSHashFunction) Call(ctx context.Context, err = vql_subsystem.CheckFilesystemAccess(scope, arg.Accessor) if err != nil { - scope.Log("tlsh_hash: %s", err) + scope.Error("tlsh_hash: %s", err) return vfilter.Null{} } fs, err := accessors.GetAccessor(arg.Accessor, scope) if err != nil { - scope.Log("tlsh_hash: %v", err) + scope.Error("tlsh_hash: %v", err) return vfilter.Null{} } diff --git a/vql/functions/unhex.go b/vql/functions/unhex.go index 380519a475..86c6969bd5 100644 --- a/vql/functions/unhex.go +++ b/vql/functions/unhex.go @@ -23,7 +23,7 @@ func (self *UnhexFunction) Call(ctx context.Context, arg := &UnhexFunctionArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("unhex: %s", err.Error()) + scope.Error("unhex: %s", err.Error()) return false } diff --git a/vql/functions/url.go b/vql/functions/url.go index 27e0287db9..d4955ab269 100644 --- a/vql/functions/url.go +++ b/vql/functions/url.go @@ -46,14 +46,14 @@ func (self UrlFunction) Call(ctx context.Context, arg := &UrlArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("url: %s", err.Error()) + scope.Error("url: %s", err.Error()) return false } if arg.Parse != "" { result, err := url.Parse(arg.Parse) if err != nil { - scope.Log("url: %v", err) + scope.Error("url: %v", err) return false } diff --git a/vql/functions/xor.go b/vql/functions/xor.go index 9029738159..2ac4174e2b 100644 --- a/vql/functions/xor.go +++ b/vql/functions/xor.go @@ -39,7 +39,7 @@ func (self *Xor) Call(ctx context.Context, arg := &XorArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("Xor: %s", err.Error()) + scope.Error("Xor: %s", err.Error()) return false } diff --git a/vql/golang/generators.go b/vql/golang/generators.go index b2a33d724a..e257ec93df 100644 --- a/vql/golang/generators.go +++ b/vql/golang/generators.go @@ -35,7 +35,7 @@ func (self Generator) Eval(ctx context.Context, scope types.Scope) <-chan types. b, err := services.GetBroadcastService(config_obj) if err != nil { - scope.Log("generate: %v", err) + scope.Error("generate: %v", err) return } @@ -43,7 +43,7 @@ func (self Generator) Eval(ctx context.Context, scope types.Scope) <-chan types. DisableFileBuffering: self.disable_file_buffering, }) if err != nil { - scope.Log("generate: %v", err) + scope.Error("generate: %v", err) return } @@ -78,7 +78,7 @@ func (self *GeneratorFunction) Call(ctx context.Context, arg := &GeneratorArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("generate: %s", err.Error()) + scope.Error("generate: %s", err.Error()) return false } @@ -94,7 +94,7 @@ func (self *GeneratorFunction) Call(ctx context.Context, b, err := services.GetBroadcastService(config_obj) if err != nil { - scope.Log("generate: %v", err) + scope.Error("generate: %v", err) return types.Null{} } diff --git a/vql/golang/profile.go b/vql/golang/profile.go index 037d751367..143c6c8ae6 100644 --- a/vql/golang/profile.go +++ b/vql/golang/profile.go @@ -55,7 +55,7 @@ func writeMetrics( ctx context.Context, scope vfilter.Scope, output_chan chan vfilter.Row) { gathering, err := prometheus.DefaultGatherer.Gather() if err != nil { - scope.Log("profile: while gathering metrics: %v", err) + scope.Error("profile: while gathering metrics: %v", err) return } @@ -126,7 +126,7 @@ func writeProfile( output_chan chan vfilter.Row, name string, debug int64) { tmpfile, err := ioutil.TempFile("", "tmp*.tmp") if err != nil { - scope.Log("profile: %s", err) + scope.Error("profile: %s", err) return } defer tmpfile.Close() @@ -147,7 +147,7 @@ func writeProfile( err = p.WriteTo(tmpfile, int(debug)) if err != nil { - scope.Log("profile: %s", err) + scope.Error("profile: %s", err) return } @@ -167,20 +167,20 @@ func writeCPUProfile( output_chan chan vfilter.Row, duration int64) { tmpfile, err := tempfile.TempFile("", "tmp", ".tmp") if err != nil { - scope.Log("profile: %s", err) + scope.Error("profile: %s", err) return } defer tmpfile.Close() err = scope.AddDestructor(func() { remove(scope, tmpfile.Name()) }) if err != nil { - scope.Log("profile: %s", err) + scope.Error("profile: %s", err) return } err = pprof.StartCPUProfile(tmpfile) if err != nil { - scope.Log("profile: %s", err) + scope.Error("profile: %s", err) return } @@ -206,7 +206,7 @@ func writeTraceProfile( output_chan chan vfilter.Row, duration int64) { tmpfile, err := tempfile.TempFile("", "tmp", ".tmp") if err != nil { - scope.Log("profile: %s", err) + scope.Error("profile: %s", err) return } defer tmpfile.Close() @@ -215,7 +215,7 @@ func writeTraceProfile( err = trace.Start(tmpfile) if err != nil { - scope.Log("profile: %s", err) + scope.Error("profile: %s", err) return } @@ -247,14 +247,14 @@ func (self *ProfilePlugin) Call(ctx context.Context, err := vql_subsystem.CheckAccess(scope, acls.MACHINE_STATE) if err != nil { - scope.Log("profile: %s", err) + scope.Error("profile: %s", err) return } arg := &ProfilePluginArgs{} err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("profile: %s", err.Error()) + scope.Error("profile: %s", err.Error()) return } diff --git a/vql/info.go b/vql/info.go index cd13ea3424..eb64f9fa5e 100644 --- a/vql/info.go +++ b/vql/info.go @@ -63,14 +63,14 @@ func init() { err := CheckAccess(scope, acls.MACHINE_STATE) if err != nil { - scope.Log("info: %s", err) + scope.Error("info: %s", err) return result } arg := &vfilter.Empty{} err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("info: %s", err.Error()) + scope.Error("info: %s", err.Error()) return result } @@ -81,7 +81,7 @@ func init() { if !ok { info, err = host.Info() if err != nil { - scope.Log("info: %s", err) + scope.Error("info: %s", err) return result } CacheSet(scope, "__info", info) diff --git a/vql/linux/audit.go b/vql/linux/audit.go index 7a6e184a6a..14db6980a0 100644 --- a/vql/linux/audit.go +++ b/vql/linux/audit.go @@ -1,3 +1,4 @@ +//go:build linux // +build linux package linux @@ -56,13 +57,13 @@ func (self AuditPlugin) Call( err := vql_subsystem.CheckAccess(scope, acls.MACHINE_STATE) if err != nil { - scope.Log("audit: %s", err) + scope.Error("audit: %s", err) return } client, err := libaudit.NewMulticastAuditClient(nil) if err != nil { - scope.Log("audit: %v", err) + scope.Error("audit: %v", err) return } defer client.Close() @@ -70,7 +71,7 @@ func (self AuditPlugin) Call( reassembler, err := libaudit.NewReassembler(5, 2*time.Second, &streamHandler{scope, output_chan}) if err != nil { - scope.Log("audit: %v", err) + scope.Error("audit: %v", err) return } defer reassembler.Close() @@ -95,7 +96,7 @@ func (self AuditPlugin) Call( for { rawEvent, err := client.Receive(false) if err != nil { - scope.Log("receive failed: %s", err) + scope.Error("receive failed: %s", err) continue } diff --git a/vql/linux/connections.go b/vql/linux/connections.go index 4653c09c0c..0a33b936cf 100755 --- a/vql/linux/connections.go +++ b/vql/linux/connections.go @@ -39,7 +39,7 @@ func init() { err := vql_subsystem.CheckAccess(scope, acls.MACHINE_STATE) if err != nil { - scope.Log("connections: %s", err) + scope.Error("connections: %s", err) return result } diff --git a/vql/networking/cidrmatch.go b/vql/networking/cidrmatch.go index 78ec4eb86d..eef82f0b4b 100644 --- a/vql/networking/cidrmatch.go +++ b/vql/networking/cidrmatch.go @@ -24,7 +24,7 @@ func (self _CIDRContains) Call( arg := &_CIDRContainsArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("cidr_contains: %s", err.Error()) + scope.Error("cidr_contains: %s", err.Error()) return vfilter.Null{} } @@ -36,7 +36,7 @@ func (self _CIDRContains) Call( for _, rng := range arg.Ranges { _, ipNet, err := net.ParseCIDR(rng) if err != nil { - scope.Log("cidr_contains: %v", err) + scope.Error("cidr_contains: %v", err) return false } diff --git a/vql/networking/http_client.go b/vql/networking/http_client.go index 148122a387..30e188ab7a 100644 --- a/vql/networking/http_client.go +++ b/vql/networking/http_client.go @@ -51,6 +51,14 @@ var ( mu sync.Mutex proxyHandler = http.ProxyFromEnvironment + + validHttpMethods = map[string]bool{ + "POST": true, + "GET": true, + "PUT": true, + "PATCH": true, + "DELETE": true, + } ) const ( @@ -338,7 +346,15 @@ func (self *_HttpPlugin) Call( err := vql_subsystem.CheckAccess(scope, acls.COLLECT_SERVER) if err != nil { - scope.Log("http_client: %s", err) + scope.Error("http_client: %s", err) + return + } + + // Validate HTTP Method + arg.Method = strings.ToUpper(arg.Method) + if _, ok := validHttpMethods[arg.Method]; !ok { + + scope.Log("http_client: Invalid HTTP Method!") return } @@ -356,7 +372,7 @@ func (self *_HttpPlugin) Call( client, err := GetHttpClient(config_obj, scope, arg) if err != nil { - scope.Log("http_client: %v", err) + scope.Error("http_client: %v", err) return } @@ -368,7 +384,7 @@ func (self *_HttpPlugin) Call( req, err = http.NewRequestWithContext( ctx, method, arg.Url, strings.NewReader(arg.Data)) if err != nil { - scope.Log("%s: %v", self.Name(), err) + scope.Error("%s: %v", self.Name(), err) return } req.URL.RawQuery = params.Encode() @@ -385,7 +401,7 @@ func (self *_HttpPlugin) Call( req, err = http.NewRequestWithContext( ctx, method, arg.Url, strings.NewReader(arg.Data)) if err != nil { - scope.Log("%s: %v", self.Name(), err) + scope.Error("%s: %v", self.Name(), err) return } } @@ -396,6 +412,10 @@ func (self *_HttpPlugin) Call( } } + if params != nil { + req.URL.RawQuery = params.Encode() + } + scope.Log("Fetching %v\n", arg.Url) req.Header.Set("User-Agent", constants.USER_AGENT) @@ -424,7 +444,7 @@ func (self *_HttpPlugin) Call( } if err != nil { - scope.Log("http_client: Error %v while fetching %v", + scope.Error("http_client: Error %v while fetching %v", err, arg.Url) select { case <-ctx.Done(): @@ -446,7 +466,7 @@ func (self *_HttpPlugin) Call( tmpfile, err := ioutil.TempFile("", "tmp*"+arg.TempfileExtension) if err != nil { - scope.Log("http_client: %v", err) + scope.Error("http_client: %v", err) return } diff --git a/vql/networking/netcat.go b/vql/networking/netcat.go index 64dbc1ffdd..7ad5791a28 100644 --- a/vql/networking/netcat.go +++ b/vql/networking/netcat.go @@ -36,13 +36,13 @@ func (self *NetcatPlugin) Call( arg := &NetcatPluginArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("netcat: %s", err) + scope.Error("netcat: %s", err) return } err = vql_subsystem.CheckAccess(scope, acls.COLLECT_SERVER) if err != nil { - scope.Log("netcat: %s", err) + scope.Error("netcat: %s", err) return } @@ -75,7 +75,7 @@ func (self NetcatPlugin) connectOnce( var d net.Dialer conn, err := d.DialContext(ctx, socket_type, arg.Address) if err != nil { - scope.Log("netcat: %s", err) + scope.Error("netcat: %s", err) return } defer conn.Close() @@ -84,7 +84,7 @@ func (self NetcatPlugin) connectOnce( go func() { _, err := conn.Write([]byte(arg.Send)) if err != nil { - scope.Log("netcat: %s", err) + scope.Error("netcat: %s", err) } }() } diff --git a/vql/networking/network.go b/vql/networking/network.go index 94d40b1ed5..e15ebaac9f 100644 --- a/vql/networking/network.go +++ b/vql/networking/network.go @@ -39,7 +39,7 @@ func init() { err := vql_subsystem.CheckAccess(scope, acls.MACHINE_STATE) if err != nil { - scope.Log("interfaces: %s", err) + scope.Error("interfaces: %s", err) return result } diff --git a/vql/networking/upload.go b/vql/networking/upload.go index 43fa0dfe6c..2a3d78273f 100644 --- a/vql/networking/upload.go +++ b/vql/networking/upload.go @@ -59,7 +59,7 @@ func (self *UploadFunction) Call(ctx context.Context, arg := &UploadFunctionArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("upload: %v", err) + scope.Error("upload: %v", err) return vfilter.Null{} } @@ -69,13 +69,13 @@ func (self *UploadFunction) Call(ctx context.Context, err = vql_subsystem.CheckFilesystemAccess(scope, arg.Accessor) if err != nil { - scope.Log("upload: %v", err) + scope.Error("upload: %v", err) return vfilter.Null{} } accessor, err := accessors.GetAccessor(arg.Accessor, scope) if err != nil { - scope.Log("upload: %v", err) + scope.Error("upload: %v", err) return &uploads.UploadResponse{ Error: err.Error(), } @@ -83,7 +83,7 @@ func (self *UploadFunction) Call(ctx context.Context, file, err := accessor.OpenWithOSPath(arg.File) if err != nil { - scope.Log("upload: Unable to open %s: %s", + scope.Error("upload: Unable to open %s: %s", arg.File, err.Error()) return &uploads.UploadResponse{ Error: err.Error(), @@ -93,7 +93,7 @@ func (self *UploadFunction) Call(ctx context.Context, stat, err := accessor.LstatWithOSPath(arg.File) if err != nil { - scope.Log("upload: Unable to stat %s: %v", + scope.Error("upload: Unable to stat %s: %v", arg.File, err) return vfilter.Null{} } @@ -153,7 +153,7 @@ func (self *UploadDirectoryFunction) Call(ctx context.Context, arg := &UploadDirectoryFunctionArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("upload_directory: %s", err.Error()) + scope.Error("upload_directory: %s", err.Error()) return vfilter.Null{} } @@ -168,20 +168,20 @@ func (self *UploadDirectoryFunction) Call(ctx context.Context, // We need to be able to read from the accessor err = vql_subsystem.CheckFilesystemAccess(scope, arg.Accessor) if err != nil { - scope.Log("upload_directory: %s", err) + scope.Error("upload_directory: %s", err) return vfilter.Null{} } // We are going to write on the filesystem. err = vql_subsystem.CheckAccess(scope, acls.FILESYSTEM_WRITE) if err != nil { - scope.Log("upload_directory: %s", err) + scope.Error("upload_directory: %s", err) return vfilter.Null{} } accessor, err := accessors.GetAccessor(arg.Accessor, scope) if err != nil { - scope.Log("upload_directory: %v", err) + scope.Error("upload_directory: %v", err) return &uploads.UploadResponse{ Error: err.Error(), } @@ -189,7 +189,7 @@ func (self *UploadDirectoryFunction) Call(ctx context.Context, file, err := accessor.OpenWithOSPath(arg.File) if err != nil { - scope.Log("upload_directory: Unable to open %s: %s", + scope.Error("upload_directory: Unable to open %s: %s", arg.File.String(), err.Error()) return &uploads.UploadResponse{ Error: err.Error(), @@ -199,7 +199,7 @@ func (self *UploadDirectoryFunction) Call(ctx context.Context, stat, err := accessor.LstatWithOSPath(arg.File) if err != nil { - scope.Log("upload_directory: Unable to stat %s: %v", + scope.Error("upload_directory: Unable to stat %s: %v", arg.File.String(), err) return vfilter.Null{} } diff --git a/vql/parsers/appcache.go b/vql/parsers/appcache.go index 4a58ce9c6d..94852e6320 100644 --- a/vql/parsers/appcache.go +++ b/vql/parsers/appcache.go @@ -27,7 +27,7 @@ func (self AppCompatCache) Call( arg := AppCompatCacheArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, &arg) if err != nil { - scope.Log("AppCompatCache: %v", err) + scope.Error("AppCompatCache: %v", err) return } diff --git a/vql/parsers/authenticode/authenticode.go b/vql/parsers/authenticode/authenticode.go index cc836d63bf..75081d242f 100644 --- a/vql/parsers/authenticode/authenticode.go +++ b/vql/parsers/authenticode/authenticode.go @@ -53,14 +53,14 @@ func (self *AuthenticodeFunction) Call(ctx context.Context, err := vql_subsystem.CheckAccess(scope, acls.MACHINE_STATE) if err != nil { - scope.Log("authenticode: %s", err) + scope.Error("authenticode: %s", err) return vfilter.Null{} } arg := &AuthenticodeArgs{} err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("authenticode: %v", err) + scope.Error("authenticode: %v", err) return vfilter.Null{} } @@ -68,7 +68,7 @@ func (self *AuthenticodeFunction) Call(ctx context.Context, paged_reader, err := readers.NewPagedReader( scope, arg.Accessor, arg.Filename, int(lru_size)) if err != nil { - scope.Log("authenticode: %v", err) + scope.Error("authenticode: %v", err) return vfilter.Null{} } defer paged_reader.Close() diff --git a/vql/parsers/binary.go b/vql/parsers/binary.go index 93f122d1af..f728aa4674 100644 --- a/vql/parsers/binary.go +++ b/vql/parsers/binary.go @@ -38,13 +38,13 @@ func (self ParseBinaryFunction) Call( arg := &ParseBinaryFunctionArg{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("parse_binary: %v", err) + scope.Error("parse_binary: %v", err) return &vfilter.Null{} } err = vql_subsystem.CheckFilesystemAccess(scope, arg.Accessor) if err != nil { - scope.Log("parse_binary: %s", err) + scope.Error("parse_binary: %s", err) return &vfilter.Null{} } @@ -57,7 +57,7 @@ func (self ParseBinaryFunction) Call( // Parse the profile. err := profile.ParseStructDefinitions(arg.Profile) if err != nil { - scope.Log("parse_binary: %s", err) + scope.Error("parse_binary: %s", err) return &vfilter.Null{} } vql_subsystem.CacheSet(scope, arg.Profile, profile) @@ -67,13 +67,13 @@ func (self ParseBinaryFunction) Call( paged_reader, err := readers.NewPagedReader( scope, arg.Accessor, arg.Filename, int(lru_size)) if err != nil { - scope.Log("parse_binary: %v", err) + scope.Error("parse_binary: %v", err) return &vfilter.Null{} } obj, err := profile.Parse(scope, arg.Struct, paged_reader, arg.Offset) if err != nil { - scope.Log("parse_binary: %v", err) + scope.Error("parse_binary: %v", err) return &vfilter.Null{} } diff --git a/vql/parsers/crypto/pkcs7.go b/vql/parsers/crypto/pkcs7.go index 80aef99cea..6ec6d0bb46 100644 --- a/vql/parsers/crypto/pkcs7.go +++ b/vql/parsers/crypto/pkcs7.go @@ -32,13 +32,13 @@ func (self ParsePKCS7Function) Call( arg := &ParsePKCS7FunctionArg{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("parse_pkcs7: %v", err) + scope.Error("parse_pkcs7: %v", err) return &vfilter.Null{} } pkcs7_obj, err := pkcs7.Parse([]byte(arg.Data)) if err != nil { - scope.Log("parse_pkcs7: %v", err) + scope.Error("parse_pkcs7: %v", err) return &vfilter.Null{} } @@ -64,13 +64,13 @@ func (self ParseX509Function) Call( arg := &ParseX509FunctionArg{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("parse_x509: %v", err) + scope.Error("parse_x509: %v", err) return &vfilter.Null{} } x509_obj, err := x509.ParseCertificates([]byte(arg.Data)) if err != nil { - scope.Log("parse_x509: %v", err) + scope.Error("parse_x509: %v", err) return &vfilter.Null{} } diff --git a/vql/parsers/crypto/pubkey.go b/vql/parsers/crypto/pubkey.go index 2e1427b5c5..cb11693927 100644 --- a/vql/parsers/crypto/pubkey.go +++ b/vql/parsers/crypto/pubkey.go @@ -45,7 +45,7 @@ func (self *PKEncryptFunction) Call(ctx context.Context, arg := &PKEncryptArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("ERROR:pk_encrypt: %s", err.Error()) + scope.Error("ERROR:pk_encrypt: %s", err.Error()) return vfilter.Null{} } @@ -66,7 +66,7 @@ func (self *PKEncryptFunction) Call(ctx context.Context, pk_entity, err := readPGPEntity(pub_key_reader) if err != nil { - scope.Log("ERROR:pk_encrypt: %s", err.Error()) + scope.Error("ERROR:pk_encrypt: %s", err.Error()) return vfilter.Null{} } @@ -75,7 +75,7 @@ func (self *PKEncryptFunction) Call(ctx context.Context, signing_key := strings.NewReader(arg.SigningKey) signing_key_entity, err = readPGPEntity(signing_key) if err != nil { - scope.Log("ERROR:pk_encrypt: %s", err.Error()) + scope.Error("ERROR:pk_encrypt: %s", err.Error()) return vfilter.Null{} } } @@ -94,13 +94,13 @@ func (self *PKEncryptFunction) Call(ctx context.Context, { cert, err := crypto_utils.ParseX509CertFromPemStr([]byte(arg.PublicKey)) if err != nil { - scope.Log("ERROR:pk_encrypt: %s", err.Error()) + scope.Error("ERROR:pk_encrypt: %s", err.Error()) return vfilter.Null{} } ciphertext, err := crypto_utils.EncryptWithX509PubKey([]byte(arg.Data), cert) if err != nil { - scope.Log("ERROR:pk_encrypt: %s", err.Error()) + scope.Error("ERROR:pk_encrypt: %s", err.Error()) return vfilter.Null{} } return ciphertext @@ -155,13 +155,13 @@ func (self *PKDecryptFunction) Call(ctx context.Context, arg := &PKDecryptArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("ERROR:pk_decrypt: %s", err.Error()) + scope.Error("ERROR:pk_decrypt: %s", err.Error()) return vfilter.Null{} } if arg.PrivateKey == "" && (arg.Scheme == "" || strings.ToLower(arg.Scheme) == "rsa") { err = vql_subsystem.CheckAccess(scope, acls.SERVER_ADMIN) if err != nil { - scope.Log("ERROR:pk_decrypt: Must be server admin to use private key") + scope.Error("ERROR:pk_decrypt: Must be server admin to use private key") return vfilter.Null{} } config_obj, ok := vql_subsystem.GetServerConfig(scope) @@ -181,7 +181,7 @@ func (self *PKDecryptFunction) Call(ctx context.Context, pk_entity, err := readPGPEntityList(priv_key_reader) if err != nil { - scope.Log("ERROR:pk_decrypt: %s", err.Error()) + scope.Error("ERROR:pk_decrypt: %s", err.Error()) return vfilter.Null{} } @@ -190,7 +190,7 @@ func (self *PKDecryptFunction) Call(ctx context.Context, signing_key := strings.NewReader(arg.SigningKey) signing_key_entity, err = readPGPEntity(signing_key) if err != nil { - scope.Log("ERROR:pk_decrypt: %s", err.Error()) + scope.Error("ERROR:pk_decrypt: %s", err.Error()) return vfilter.Null{} } } @@ -198,12 +198,12 @@ func (self *PKDecryptFunction) Call(ctx context.Context, reader := strings.NewReader(arg.Data) m, err := decryptPGP(pk_entity, signing_key_entity, reader) if err != nil { - scope.Log("ERROR:pk_decrypt: %s", err.Error()) + scope.Error("ERROR:pk_decrypt: %s", err.Error()) return vfilter.Null{} } bytes, err := ioutil.ReadAll(m.UnverifiedBody) if err != nil { - scope.Log("ERROR:pk_decrypt: %s", err.Error()) + scope.Error("ERROR:pk_decrypt: %s", err.Error()) return vfilter.Null{} } return bytes @@ -212,12 +212,12 @@ func (self *PKDecryptFunction) Call(ctx context.Context, { key, err := crypto_utils.ParseRsaPrivateKeyFromPemStr([]byte(arg.PrivateKey)) if err != nil { - scope.Log("ERROR:pk_decrypt: %s", err.Error()) + scope.Error("ERROR:pk_decrypt: %s", err.Error()) return vfilter.Null{} } plaintext, err := crypto_utils.DecryptRSAOAEP(key, []byte(arg.Data)) if err != nil { - scope.Log("ERROR:pk_decrypt: %s", err.Error()) + scope.Error("ERROR:pk_decrypt: %s", err.Error()) return vfilter.Null{} } return plaintext diff --git a/vql/parsers/csv/csv.go b/vql/parsers/csv/csv.go index 1064602c10..2c90c8ca16 100644 --- a/vql/parsers/csv/csv.go +++ b/vql/parsers/csv/csv.go @@ -55,13 +55,13 @@ func (self ParseCSVPlugin) Call( arg := &ParseCSVPluginArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("parse_csv: %s", err.Error()) + scope.Error("parse_csv: %s", err.Error()) return } err = vql_subsystem.CheckFilesystemAccess(scope, arg.Accessor) if err != nil { - scope.Log("parse_csv: %s", err) + scope.Error("parse_csv: %s", err) return } @@ -69,12 +69,12 @@ func (self ParseCSVPlugin) Call( func() { accessor, err := accessors.GetAccessor(arg.Accessor, scope) if err != nil { - scope.Log("parse_csv: %v", err) + scope.Error("parse_csv: %v", err) return } fd, err := accessor.Open(filename) if err != nil { - scope.Log("Unable to open file %s: %v", + scope.Error("Unable to open file %s: %v", filename, err) return } @@ -176,13 +176,13 @@ func (self _WatchCSVPlugin) Call( arg := &ParseCSVPluginArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("watch_csv: %s", err.Error()) + scope.Error("watch_csv: %s", err.Error()) return } err = vql_subsystem.CheckFilesystemAccess(scope, arg.Accessor) if err != nil { - scope.Log("watch_csv: %s", err) + scope.Error("watch_csv: %s", err) return } @@ -239,7 +239,7 @@ func (self WriteCSVPlugin) Call( arg := &WriteCSVPluginArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("write_csv: %s", err.Error()) + scope.Error("write_csv: %s", err.Error()) return } @@ -249,14 +249,14 @@ func (self WriteCSVPlugin) Call( case "", "auto", "file": err := vql_subsystem.CheckAccess(scope, acls.FILESYSTEM_WRITE) if err != nil { - scope.Log("write_csv: %s", err) + scope.Error("write_csv: %s", err) return } file, err := os.OpenFile(arg.Filename, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0700) if err != nil { - scope.Log("write_csv: Unable to open file %s: %s", + scope.Error("write_csv: Unable to open file %s: %s", arg.Filename, err.Error()) return } diff --git a/vql/parsers/ese/ese.go b/vql/parsers/ese/ese.go index c15fe1772c..524af6cf1a 100644 --- a/vql/parsers/ese/ese.go +++ b/vql/parsers/ese/ese.go @@ -68,13 +68,13 @@ func (self _SRUMLookupId) Call( arg := &_SRUMLookupIdArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("srum_lookup_id: %v", err) + scope.Error("srum_lookup_id: %v", err) return &vfilter.Null{} } err = vql_subsystem.CheckFilesystemAccess(scope, arg.Accessor) if err != nil { - scope.Log("srum_lookup_id: %s", err) + scope.Error("srum_lookup_id: %s", err) return &vfilter.Null{} } @@ -86,12 +86,12 @@ func (self _SRUMLookupId) Call( accessor, err := accessors.GetAccessor(arg.Accessor, scope) if err != nil { - scope.Log("srum_lookup_id: %v", err) + scope.Error("srum_lookup_id: %v", err) return &vfilter.Null{} } fd, err := accessor.Open(arg.Filename) if err != nil { - scope.Log("parse_ese: Unable to open file %s: %v", + scope.Error("parse_ese: Unable to open file %s: %v", arg.Filename, err) return &vfilter.Null{} } @@ -100,21 +100,21 @@ func (self _SRUMLookupId) Call( reader, err := ntfs.NewPagedReader( utils.MakeReaderAtter(fd), 1024, 10000) if err != nil { - scope.Log("parse_ese: Unable to open file %s: %v", + scope.Error("parse_ese: Unable to open file %s: %v", arg.Filename, err) return &vfilter.Null{} } ese_ctx, err := parser.NewESEContext(reader) if err != nil { - scope.Log("parse_ese: Unable to open file %s: %v", + scope.Error("parse_ese: Unable to open file %s: %v", arg.Filename, err) return &vfilter.Null{} } catalog, err := parser.ReadCatalog(ese_ctx) if err != nil { - scope.Log("parse_ese: Unable to open file %s: %v", + scope.Error("parse_ese: Unable to open file %s: %v", arg.Filename, err) return &vfilter.Null{} } @@ -138,7 +138,7 @@ func (self _SRUMLookupId) Call( return nil }) if err != nil { - scope.Log("parse_ese: Unable to open file %s: %v", + scope.Error("parse_ese: Unable to open file %s: %v", arg.Filename, err) return &vfilter.Null{} } @@ -197,7 +197,7 @@ func (self _ESEPlugin) Call( arg := &_ESEArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("parse_ese: %v", err) + scope.Error("parse_ese: %v", err) return } @@ -207,18 +207,18 @@ func (self _ESEPlugin) Call( err = vql_subsystem.CheckFilesystemAccess(scope, arg.Accessor) if err != nil { - scope.Log("parse_ese: %s", err) + scope.Error("parse_ese: %s", err) return } accessor, err := accessors.GetAccessor(arg.Accessor, scope) if err != nil { - scope.Log("parse_ese: %v", err) + scope.Error("parse_ese: %v", err) return } fd, err := accessor.Open(arg.Filename) if err != nil { - scope.Log("parse_ese: Unable to open file %s: %v", + scope.Error("parse_ese: Unable to open file %s: %v", arg.Filename, err) return } @@ -227,21 +227,21 @@ func (self _ESEPlugin) Call( reader, err := ntfs.NewPagedReader( utils.MakeReaderAtter(fd), 1024, 10000) if err != nil { - scope.Log("parse_ese: Unable to open file %s: %v", + scope.Error("parse_ese: Unable to open file %s: %v", arg.Filename, err) return } ese_ctx, err := parser.NewESEContext(reader) if err != nil { - scope.Log("parse_ese: Unable to open file %s: %v", + scope.Error("parse_ese: Unable to open file %s: %v", arg.Filename, err) return } catalog, err := parser.ReadCatalog(ese_ctx) if err != nil { - scope.Log("parse_ese: Unable to open file %s: %v", + scope.Error("parse_ese: Unable to open file %s: %v", arg.Filename, err) return } @@ -259,7 +259,7 @@ func (self _ESEPlugin) Call( } if err != nil { - scope.Log("parse_ese: Unable to dump file %s: %v", + scope.Error("parse_ese: Unable to dump file %s: %v", arg.Filename, err) return } @@ -295,7 +295,7 @@ func (self _ESECatalogPlugin) Call( arg := &_ESECatalogArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("parse_ese_catalog: %v", err) + scope.Error("parse_ese_catalog: %v", err) return } @@ -305,18 +305,18 @@ func (self _ESECatalogPlugin) Call( err = vql_subsystem.CheckFilesystemAccess(scope, arg.Accessor) if err != nil { - scope.Log("parse_ese_catalog: %s", err) + scope.Error("parse_ese_catalog: %s", err) return } accessor, err := accessors.GetAccessor(arg.Accessor, scope) if err != nil { - scope.Log("parse_ese_catalog: %v", err) + scope.Error("parse_ese_catalog: %v", err) return } fd, err := accessor.Open(arg.Filename) if err != nil { - scope.Log("parse_ese_catalog: Unable to open file %s: %v", + scope.Error("parse_ese_catalog: Unable to open file %s: %v", arg.Filename, err) return } @@ -325,21 +325,21 @@ func (self _ESECatalogPlugin) Call( reader, err := ntfs.NewPagedReader( utils.MakeReaderAtter(fd), 1024, 10000) if err != nil { - scope.Log("parse_ese_catalog: Unable to open file %s: %v", + scope.Error("parse_ese_catalog: Unable to open file %s: %v", arg.Filename, err) return } ese_ctx, err := parser.NewESEContext(reader) if err != nil { - scope.Log("parse_ese_catalog: Unable to open file %s: %v", + scope.Error("parse_ese_catalog: Unable to open file %s: %v", arg.Filename, err) return } catalog, err := parser.ReadCatalog(ese_ctx) if err != nil { - scope.Log("parse_ese_catalog: Unable to open file %s: %v", + scope.Error("parse_ese_catalog: Unable to open file %s: %v", arg.Filename, err) return } diff --git a/vql/parsers/event_logs/evtx.go b/vql/parsers/event_logs/evtx.go index 7dce9caa17..e0ce7afe8e 100644 --- a/vql/parsers/event_logs/evtx.go +++ b/vql/parsers/event_logs/evtx.go @@ -49,7 +49,7 @@ func (self _ParseEvtxPlugin) Call( arg := &_ParseEvtxPluginArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("parse_evtx: %s", err.Error()) + scope.Error("parse_evtx: %s", err.Error()) return } @@ -63,7 +63,7 @@ func (self _ParseEvtxPlugin) Call( } if err != nil { - scope.Log("parse_evtx: %s", err.Error()) + scope.Error("parse_evtx: %s", err.Error()) return } @@ -76,18 +76,18 @@ func (self _ParseEvtxPlugin) Call( err := vql_subsystem.CheckFilesystemAccess(scope, arg.Accessor) if err != nil { - scope.Log("parse_evtx: %s", err) + scope.Error("parse_evtx: %s", err) return } accessor, err := accessors.GetAccessor(arg.Accessor, scope) if err != nil { - scope.Log("parse_evtx: %v", err) + scope.Error("parse_evtx: %v", err) return } fd, err := accessor.Open(filename) if err != nil { - scope.Log("Unable to open file %s: %v", + scope.Error("Unable to open file %s: %v", filename, err) return } @@ -95,7 +95,7 @@ func (self _ParseEvtxPlugin) Call( chunks, err := evtx.GetChunks(fd) if err != nil { - scope.Log("Unable to parse file %s: %v", + scope.Error("Unable to parse file %s: %v", filename, err) return } @@ -156,13 +156,13 @@ func (self _WatchEvtxPlugin) Call( arg := &_ParseEvtxPluginArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("watch_evtx: %s", err.Error()) + scope.Error("watch_evtx: %s", err.Error()) return } err = vql_subsystem.CheckFilesystemAccess(scope, arg.Accessor) if err != nil { - scope.Log("watch_evtx: %s", err) + scope.Error("watch_evtx: %s", err) return } diff --git a/vql/parsers/event_logs/watcher.go b/vql/parsers/event_logs/watcher.go index 51016579a5..cbcf5f50b9 100644 --- a/vql/parsers/event_logs/watcher.go +++ b/vql/parsers/event_logs/watcher.go @@ -102,7 +102,7 @@ func (self *EventLogWatcherService) StartMonitoring( resolver, _ := evtx.GetNativeResolver() accessor, err := accessors.GetAccessor(accessor_name, scope) if err != nil { - scope.Log("Registering watcher error: %v", err) + scope.Error("Registering watcher error: %v", err) return } @@ -133,14 +133,14 @@ func (self *EventLogWatcherService) findLastEvent( fd, err := accessor.Open(filename) if err != nil { - scope.Log("findLastEvent Open error: %v", err) + scope.Error("findLastEvent Open error: %v", err) return 0 } defer fd.Close() chunks, err := evtx.GetChunks(fd) if err != nil { - scope.Log("findLastEvent GetChunks error: %v", err) + scope.Error("findLastEvent GetChunks error: %v", err) return 0 } diff --git a/vql/parsers/grok.go b/vql/parsers/grok.go index 5d9a742ac8..a992fe03bd 100644 --- a/vql/parsers/grok.go +++ b/vql/parsers/grok.go @@ -34,7 +34,7 @@ func (self GrokParseFunction) Call( arg := &GrokParseFunctionArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("grok: %v", err) + scope.Error("grok: %v", err) return &vfilter.Null{} } @@ -46,7 +46,7 @@ func (self GrokParseFunction) Call( NamedCapturesOnly: !arg.AllCaptures, }) if err != nil { - scope.Log("grok: %v", err) + scope.Error("grok: %v", err) return &vfilter.Null{} } @@ -57,7 +57,7 @@ func (self GrokParseFunction) Call( if ok { err = grok_parser.AddPattern(k, pattern) if err != nil { - scope.Log("grok: %v", err) + scope.Error("grok: %v", err) return &vfilter.Null{} } } diff --git a/vql/parsers/json.go b/vql/parsers/json.go index b6a2283652..8d68c16c55 100644 --- a/vql/parsers/json.go +++ b/vql/parsers/json.go @@ -53,14 +53,14 @@ func (self ParseJsonFunction) Call( arg := &ParseJsonFunctionArg{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("parse_json: %v", err) + scope.Error("parse_json: %v", err) return &vfilter.Null{} } result := ordereddict.NewDict() err = json.Unmarshal([]byte(arg.Data), result) if err != nil { - scope.Log("parse_json: %v", err) + scope.Error("parse_json: %v", err) return &vfilter.Null{} } return result @@ -82,14 +82,14 @@ func (self ParseJsonArray) Call( arg := &ParseJsonFunctionArg{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("parse_json_array: %v", err) + scope.Error("parse_json_array: %v", err) return &vfilter.Null{} } result_array := []json.RawMessage{} err = json.Unmarshal([]byte(arg.Data), &result_array) if err != nil { - scope.Log("parse_json_array: %v", err) + scope.Error("parse_json_array: %v", err) return &vfilter.Null{} } @@ -102,7 +102,7 @@ func (self ParseJsonArray) Call( var any_value interface{} err = json.Unmarshal(item, &any_value) if err != nil { - scope.Log("parse_json_array: %v", err) + scope.Error("parse_json_array: %v", err) return &vfilter.Null{} } @@ -135,25 +135,25 @@ func (self ParseJsonlPlugin) Call( arg := &ParseJsonlPluginArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("parse_jsonl: %s", err.Error()) + scope.Error("parse_jsonl: %s", err.Error()) return } err = vql_subsystem.CheckFilesystemAccess(scope, arg.Accessor) if err != nil { - scope.Log("parse_jsonl: %s", err) + scope.Error("parse_jsonl: %s", err) return } accessor, err := accessors.GetAccessor(arg.Accessor, scope) if err != nil { - scope.Log("parse_jsonl: %v", err) + scope.Error("parse_jsonl: %v", err) return } fd, err := accessor.Open(arg.Filename) if err != nil { - scope.Log("Unable to open file %s: %v", + scope.Error("Unable to open file %s: %v", arg.Filename, err) return } diff --git a/vql/parsers/lzxpress.go b/vql/parsers/lzxpress.go index 8922424e1f..db5a6c3787 100644 --- a/vql/parsers/lzxpress.go +++ b/vql/parsers/lzxpress.go @@ -24,14 +24,14 @@ func (self *LZXpressFunction) Call(ctx context.Context, arg := &LZXpressFunctionArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("lzxpress_decompress: %v", err) + scope.Error("lzxpress_decompress: %v", err) return vfilter.Null{} } decompressed, err := prefetch.LZXpressHuffmanDecompressWithFallback( []byte(arg.Data), len(arg.Data)) if err != nil { - scope.Log("lzxpress_decompress: %v", err) + scope.Error("lzxpress_decompress: %v", err) return vfilter.Null{} } diff --git a/vql/parsers/ntfs.go b/vql/parsers/ntfs.go index 8ee74842f8..15261f3d51 100644 --- a/vql/parsers/ntfs.go +++ b/vql/parsers/ntfs.go @@ -66,21 +66,21 @@ func (self NTFSFunction) Call( arg := &NTFSFunctionArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("parse_ntfs: %v", err) + scope.Error("parse_ntfs: %v", err) return &vfilter.Null{} } arg.Filename, arg.Accessor, err = getOSPathAndAccessor(arg.Device, arg.Filename, arg.Accessor) if err != nil { - scope.Log("parse_ntfs: %v", err) + scope.Error("parse_ntfs: %v", err) return &vfilter.Null{} } if arg.Inode != "" { mft_idx, _, _, err := ntfs.ParseMFTId(arg.Inode) if err != nil { - scope.Log("parse_ntfs: %v", err) + scope.Error("parse_ntfs: %v", err) return &vfilter.Null{} } arg.MFT = mft_idx @@ -88,7 +88,7 @@ func (self NTFSFunction) Call( ntfs_ctx, err := readers.GetNTFSContext(scope, arg.Filename, arg.Accessor) if err != nil { - scope.Log("parse_ntfs: GetNTFSContext %v", err) + scope.Error("parse_ntfs: GetNTFSContext %v", err) return &vfilter.Null{} } defer ntfs_ctx.Close() @@ -104,13 +104,13 @@ func (self NTFSFunction) Call( mft_entry, err := ntfs_ctx.GetMFT(arg.MFT) if err != nil { - scope.Log("parse_ntfs: GetMFT %v", err) + scope.Error("parse_ntfs: GetMFT %v", err) return &vfilter.Null{} } result, err := ntfs.ModelMFTEntry(ntfs_ctx, mft_entry) if err != nil { - scope.Log("parse_ntfs: ModelMFTEntry %v", err) + scope.Error("parse_ntfs: ModelMFTEntry %v", err) return &vfilter.Null{} } @@ -137,24 +137,24 @@ func (self MFTScanPlugin) Call( arg := &MFTScanPluginArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("parse_mft: %v", err) + scope.Error("parse_mft: %v", err) return } err = vql_subsystem.CheckFilesystemAccess(scope, arg.Accessor) if err != nil { - scope.Log("parse_mft: %s", err) + scope.Error("parse_mft: %s", err) return } accessor, err := accessors.GetAccessor(arg.Accessor, scope) if err != nil { - scope.Log("parse_mft: %v", err) + scope.Error("parse_mft: %v", err) return } fd, err := accessor.Open(arg.Filename) if err != nil { - scope.Log("parse_mft: Unable to open file %s: %v", + scope.Error("parse_mft: Unable to open file %s: %v", arg.Filename, err) return } @@ -162,7 +162,7 @@ func (self MFTScanPlugin) Call( st, err := accessor.Lstat(arg.Filename) if err != nil { - scope.Log("parse_mft: Unable to open file %s: %v", + scope.Error("parse_mft: Unable to open file %s: %v", arg.Filename, err) return } @@ -205,21 +205,21 @@ func (self NTFSI30ScanPlugin) Call( arg := &NTFSFunctionArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("parse_ntfs_i30: %v", err) + scope.Error("parse_ntfs_i30: %v", err) return } arg.Filename, arg.Accessor, err = getOSPathAndAccessor(arg.Device, arg.Filename, arg.Accessor) if err != nil { - scope.Log("parse_ntfs_i30: %v", err) + scope.Error("parse_ntfs_i30: %v", err) return } if arg.Inode != "" { mft_idx, _, _, err := ntfs.ParseMFTId(arg.Inode) if err != nil { - scope.Log("parse_ntfs_i30: %v", err) + scope.Error("parse_ntfs_i30: %v", err) return } arg.MFT = mft_idx @@ -227,7 +227,7 @@ func (self NTFSI30ScanPlugin) Call( ntfs_ctx, err := readers.GetNTFSContext(scope, arg.Filename, arg.Accessor) if err != nil { - scope.Log("parse_ntfs_i30: %v", err) + scope.Error("parse_ntfs_i30: %v", err) return } defer ntfs_ctx.Close() @@ -238,7 +238,7 @@ func (self NTFSI30ScanPlugin) Call( mft_entry, err := ntfs_ctx.GetMFT(arg.MFT) if err != nil { - scope.Log("parse_ntfs_i30: %v", err) + scope.Error("parse_ntfs_i30: %v", err) return } @@ -278,14 +278,14 @@ func (self NTFSRangesPlugin) Call( arg := &NTFSFunctionArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("parse_ntfs_ranges: %v", err) + scope.Error("parse_ntfs_ranges: %v", err) return } arg.Filename, arg.Accessor, err = getOSPathAndAccessor(arg.Device, arg.Filename, arg.Accessor) if err != nil { - scope.Log("parse_ntfs_ranges: %v", err) + scope.Error("parse_ntfs_ranges: %v", err) return } @@ -296,7 +296,7 @@ func (self NTFSRangesPlugin) Call( if arg.Inode != "" { mft_idx, attr_type, attr_id, err = ntfs.ParseMFTId(arg.Inode) if err != nil { - scope.Log("parse_ntfs_ranges: %v", err) + scope.Error("parse_ntfs_ranges: %v", err) return } } else { @@ -305,7 +305,7 @@ func (self NTFSRangesPlugin) Call( ntfs_ctx, err := readers.GetNTFSContext(scope, arg.Filename, arg.Accessor) if err != nil { - scope.Log("parse_ntfs_ranges: %v", err) + scope.Error("parse_ntfs_ranges: %v", err) return } defer ntfs_ctx.Close() @@ -316,14 +316,14 @@ func (self NTFSRangesPlugin) Call( mft_entry, err := ntfs_ctx.GetMFT(mft_idx) if err != nil { - scope.Log("parse_ntfs_ranges: %v", err) + scope.Error("parse_ntfs_ranges: %v", err) return } reader, err := ntfs.OpenStream(ntfs_ctx, mft_entry, uint64(attr_type), uint16(attr_id)) if err != nil { - scope.Log("parse_ntfs_ranges: %v", err) + scope.Error("parse_ntfs_ranges: %v", err) return } diff --git a/vql/parsers/ole.go b/vql/parsers/ole.go index 4cb41098bf..e1fd92c471 100644 --- a/vql/parsers/ole.go +++ b/vql/parsers/ole.go @@ -52,7 +52,7 @@ func _OLEVBAPlugin_ParseFile( err := vql_subsystem.CheckFilesystemAccess(scope, arg.Accessor) if err != nil { - scope.Log("olevba: %s", err) + scope.Error("olevba: %s", err) return nil, err } @@ -147,14 +147,14 @@ func (self _OLEVBAPlugin) Call( arg := &_OLEVBAArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("olevba: %s", err.Error()) + scope.Error("olevba: %s", err.Error()) return } for _, filename := range arg.Filenames { macros, err := _OLEVBAPlugin_ParseFile(ctx, filename, scope, arg) if err != nil { - scope.Log("olevba: while parsing %v: %s", filename, err) + scope.Error("olevba: while parsing %v: %s", filename, err) continue } diff --git a/vql/parsers/pack.go b/vql/parsers/pack.go index 55a14b53d2..a1cd1260a6 100644 --- a/vql/parsers/pack.go +++ b/vql/parsers/pack.go @@ -1,3 +1,4 @@ +//go:build xXXX // +build xXXX package parsers @@ -34,13 +35,13 @@ func (self ParseBinaryFunction) Call( arg := &ParseBinaryFunctionArg{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("parse_binary: %v", err) + scope.Error("parse_binary: %v", err) return &vfilter.Null{} } err = vql_subsystem.CheckFilesystemAccess(scope, arg.Accessor) if err != nil { - scope.Log("parse_binary: %s", err) + scope.Error("parse_binary: %s", err) return &vfilter.Null{} } @@ -53,7 +54,7 @@ func (self ParseBinaryFunction) Call( // Parse the profile. err := profile.ParseStructDefinitions(arg.Profile) if err != nil { - scope.Log("parse_binary: %s", err) + scope.Error("parse_binary: %s", err) return &vfilter.Null{} } vql_subsystem.CacheSet(scope, arg.Profile, profile) @@ -63,13 +64,13 @@ func (self ParseBinaryFunction) Call( paged_reader, err := readers.NewPagedReader( scope, arg.Accessor, arg.Filename, int(lru_size)) if err != nil { - scope.Log("parse_binary: %v", err) + scope.Error("parse_binary: %v", err) return &vfilter.Null{} } obj, err := profile.Parse(scope, arg.Struct, paged_reader, arg.Offset) if err != nil { - scope.Log("parse_binary: %v", err) + scope.Error("parse_binary: %v", err) return &vfilter.Null{} } diff --git a/vql/parsers/pe.go b/vql/parsers/pe.go index 03a87de4de..ffd073dd0f 100644 --- a/vql/parsers/pe.go +++ b/vql/parsers/pe.go @@ -51,13 +51,13 @@ func (self _PEFunction) Call( arg := &_PEFunctionArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("parse_pe: %v", err) + scope.Error("parse_pe: %v", err) return &vfilter.Null{} } err = vql_subsystem.CheckFilesystemAccess(scope, arg.Accessor) if err != nil { - scope.Log("parse_pe: %s", err) + scope.Error("parse_pe: %s", err) return &vfilter.Null{} } diff --git a/vql/parsers/plist.go b/vql/parsers/plist.go index 4bae82d203..d73c571431 100644 --- a/vql/parsers/plist.go +++ b/vql/parsers/plist.go @@ -49,25 +49,25 @@ func (self *PlistFunction) Call(ctx context.Context, arg := &_PlistFunctionArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("plist: %s", err.Error()) + scope.Error("plist: %s", err.Error()) return vfilter.Null{} } err = vql_subsystem.CheckFilesystemAccess(scope, arg.Accessor) if err != nil { - scope.Log("plist: %s", err) + scope.Error("plist: %s", err) return } accessor, err := accessors.GetAccessor(arg.Accessor, scope) if err != nil { - scope.Log("plist: %v", err) + scope.Error("plist: %v", err) return vfilter.Null{} } file, err := accessor.Open(arg.Filename) if err != nil { - scope.Log("plist: %v", err) + scope.Error("plist: %v", err) return vfilter.Null{} } defer file.Close() @@ -76,14 +76,14 @@ func (self *PlistFunction) Call(ctx context.Context, dec := plist.NewDecoder(file) err = dec.Decode(&val) if err != nil { - scope.Log("plist: %v", err) + scope.Error("plist: %v", err) return vfilter.Null{} } // Force the results into dicts serialized, err := json.Marshal(val) if err != nil { - scope.Log("plist: %v", err) + scope.Error("plist: %v", err) return vfilter.Null{} } @@ -129,13 +129,13 @@ func (self _PlistPlugin) Call( arg := &_PlistPluginArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("plist: %s", err.Error()) + scope.Error("plist: %s", err.Error()) return } err = vql_subsystem.CheckFilesystemAccess(scope, arg.Accessor) if err != nil { - scope.Log("plist: %s", err) + scope.Error("plist: %s", err) return } @@ -145,13 +145,13 @@ func (self _PlistPlugin) Call( accessor, err := accessors.GetAccessor(arg.Accessor, scope) if err != nil { - scope.Log("plist: %v", err) + scope.Error("plist: %v", err) return } file, err := accessor.Open(filename) if err != nil { - scope.Log("Unable to open file %s: %v", + scope.Error("Unable to open file %s: %v", filename, err) return } @@ -162,7 +162,7 @@ func (self _PlistPlugin) Call( dec := plist.NewDecoder(file) err = dec.Decode(&val) if err != nil { - scope.Log("plist: Unable to parse file %s: %v", + scope.Error("plist: Unable to parse file %s: %v", filename, err) } diff --git a/vql/parsers/prefetch.go b/vql/parsers/prefetch.go index 6c93e6a319..a0f4e7ac12 100644 --- a/vql/parsers/prefetch.go +++ b/vql/parsers/prefetch.go @@ -50,7 +50,7 @@ func (self _PrefetchPlugin) Call( arg := &_PrefetchPluginArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("prefetch: %s", err.Error()) + scope.Error("prefetch: %s", err.Error()) return } @@ -60,18 +60,18 @@ func (self _PrefetchPlugin) Call( err := vql_subsystem.CheckFilesystemAccess(scope, arg.Accessor) if err != nil { - scope.Log("prefetch: %s", err) + scope.Error("prefetch: %s", err) return } accessor, err := accessors.GetAccessor(arg.Accessor, scope) if err != nil { - scope.Log("prefetch: %v", err) + scope.Error("prefetch: %v", err) return } fd, err := accessor.Open(filename) if err != nil { - scope.Log("Unable to open file %s: %v", + scope.Error("Unable to open file %s: %v", filename, err) return } @@ -86,7 +86,7 @@ func (self _PrefetchPlugin) Call( prefetch_info, err := prefetch.LoadPrefetch(reader) if err != nil { - scope.Log("prefetch: Unable to parse file %s: %v", + scope.Error("prefetch: Unable to parse file %s: %v", filename, err) return } diff --git a/vql/parsers/recyclebin.go b/vql/parsers/recyclebin.go index 066a29ca9d..6ad524cab8 100644 --- a/vql/parsers/recyclebin.go +++ b/vql/parsers/recyclebin.go @@ -55,13 +55,13 @@ func (self _RecycleBinPlugin) Call( arg := &_RecycleBinPluginArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("parse_recyclebin: %s", err.Error()) + scope.Error("parse_recyclebin: %s", err.Error()) return } err = vql_subsystem.CheckFilesystemAccess(scope, arg.Accessor) if err != nil { - scope.Log("parse_recyclebin: %s", err) + scope.Error("parse_recyclebin: %s", err) return } @@ -71,12 +71,12 @@ func (self _RecycleBinPlugin) Call( accessor, err := accessors.GetAccessor(arg.Accessor, scope) if err != nil { - scope.Log("parse_recyclebin: %v", err) + scope.Error("parse_recyclebin: %v", err) return } fd, err := accessor.Open(filename) if err != nil { - scope.Log("parse_recyclebin: Unable to open file %s: %v", + scope.Error("parse_recyclebin: Unable to open file %s: %v", filename, err) return } @@ -91,7 +91,7 @@ func (self _RecycleBinPlugin) Call( info, err := recyclebin.ParseRecycleBin(reader) if err != nil { - scope.Log("parse_recyclebin: Unable to parse file %s: %v", + scope.Error("parse_recyclebin: Unable to parse file %s: %v", filename, err) return } diff --git a/vql/parsers/regexparser.go b/vql/parsers/regexparser.go index 6eb9e6c53b..045a61eb00 100644 --- a/vql/parsers/regexparser.go +++ b/vql/parsers/regexparser.go @@ -51,19 +51,19 @@ func _ParseFile( err := vql_subsystem.CheckFilesystemAccess(scope, arg.Accessor) if err != nil { - scope.Log("parse_records_with_regex: %s", err) + scope.Error("parse_records_with_regex: %s", err) return } accessor, err := accessors.GetAccessor(arg.Accessor, scope) if err != nil { - scope.Log("error: %v", err) + scope.Error("error: %v", err) return } file, err := accessor.Open(filename) if err != nil { - scope.Log("Unable to open file %s", filename) + scope.Error("Unable to open file %s", filename) return } defer file.Close() @@ -126,7 +126,7 @@ func (self _ParseFileWithRegex) Call( arg := &_ParseFileWithRegexArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("parse_records_with_regex: %s", err.Error()) + scope.Error("parse_records_with_regex: %s", err.Error()) close(output_chan) return output_chan } @@ -134,7 +134,7 @@ func (self _ParseFileWithRegex) Call( for _, regex := range arg.Regex { r, err := regexp.Compile("(?i)" + regex) if err != nil { - scope.Log("Unable to compile regex %s", regex) + scope.Error("Unable to compile regex %s", regex) close(output_chan) return output_chan } @@ -182,7 +182,7 @@ func (self *_ParseStringWithRegexFunction) Call(ctx context.Context, arg := &_ParseStringWithRegexFunctionArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("parse_string_with_regex: %s", err.Error()) + scope.Error("parse_string_with_regex: %s", err.Error()) return vfilter.Null{} } row := ordereddict.NewDict() @@ -190,7 +190,7 @@ func (self *_ParseStringWithRegexFunction) Call(ctx context.Context, for _, regex := range arg.Regex { r, err := regexp.Compile("(?i)" + regex) if err != nil { - scope.Log("Unable to compile regex %s", regex) + scope.Error("Unable to compile regex %s", regex) return vfilter.Null{} } @@ -253,12 +253,12 @@ func (self _RegexReplace) Call( arg := &_RegexReplaceArg{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("regex_replace: %v", err) + scope.Error("regex_replace: %v", err) return vfilter.Null{} } re, err := regexp.Compile("(?i)" + arg.Re) if err != nil { - scope.Log("Unable to compile regex %s", arg.Re) + scope.Error("Unable to compile regex %s", arg.Re) return vfilter.Null{} } @@ -274,7 +274,7 @@ func (self _RegexReplace) Call( if lambda == nil { lambda, err = vfilter.ParseLambda(arg.ReplaceLambda) if err != nil { - scope.Log("regex_replace: Unable to compile lambda %s", + scope.Error("regex_replace: Unable to compile lambda %s", arg.ReplaceLambda) return vfilter.Null{} } @@ -320,7 +320,7 @@ func (self _RegexMap) Call( arg := &_RegexMapArg{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("regex_transform: %s", err.Error()) + scope.Error("regex_transform: %s", err.Error()) return vfilter.Null{} } @@ -339,7 +339,7 @@ func (self _RegexMap) Call( re, err := regexp.Compile("(?i)" + search) if err != nil { - scope.Log("regex_transform: Unable to compile regex %s: %v", search, err) + scope.Error("regex_transform: Unable to compile regex %s: %v", search, err) return vfilter.Null{} } diff --git a/vql/parsers/splitparser.go b/vql/parsers/splitparser.go index cf61b23ef1..64b48917cf 100644 --- a/vql/parsers/splitparser.go +++ b/vql/parsers/splitparser.go @@ -58,18 +58,18 @@ func processFile( err := vql_subsystem.CheckFilesystemAccess(scope, arg.Accessor) if err != nil { - scope.Log("split_records: %s", err) + scope.Error("split_records: %s", err) return } accessor, err := accessors.GetAccessor(arg.Accessor, scope) if err != nil { - scope.Log("split_records: %v", err) + scope.Error("split_records: %v", err) return } fd, err := accessor.Open(file) if err != nil { - scope.Log("split_records: %v", err) + scope.Error("split_records: %v", err) return } defer fd.Close() diff --git a/vql/parsers/sql.go b/vql/parsers/sql.go index ae2d764e5c..939f54aaa2 100644 --- a/vql/parsers/sql.go +++ b/vql/parsers/sql.go @@ -90,7 +90,7 @@ func (self SQLPlugin) Call( arg := &SQLPluginArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("sql: %v", err) + scope.Error("sql: %v", err) return } @@ -108,20 +108,20 @@ func (self SQLPlugin) Call( case "sqlite": err = vql_subsystem.CheckFilesystemAccess(scope, arg.Accessor) if err != nil { - scope.Log("sql: %s", err) + scope.Error("sql: %s", err) return } handle, err = GetHandleSqlite(ctx, arg, scope) if err != nil { - scope.Log("sql: %s", err) + scope.Error("sql: %s", err) return } case "mysql", "postgres": handle, err = self.GetHandleOther(scope, arg.ConnString, arg.Driver) if err != nil { - scope.Log("sql: %s", err) + scope.Error("sql: %s", err) return } } @@ -145,19 +145,19 @@ func (self SQLPlugin) Call( } rows, err := handle.Queryx(query, query_parameters...) if err != nil { - scope.Log("sql: %v", err) + scope.Error("sql: %v", err) return } defer rows.Close() columns, err := rows.Columns() if err != nil { - scope.Log("sql: %s", err) + scope.Error("sql: %s", err) } for rows.Next() { row := ordereddict.NewDict() values, err := rows.SliceScan() if err != nil { - scope.Log("sql: %v", err) + scope.Error("sql: %v", err) return } diff --git a/vql/parsers/sqlite.go b/vql/parsers/sqlite.go index 740d483ce7..34f5842dda 100644 --- a/vql/parsers/sqlite.go +++ b/vql/parsers/sqlite.go @@ -112,7 +112,7 @@ func GetHandleSqlite(ctx context.Context, parts := strings.Split(filename, "?") filename, err = _MakeTempfile(ctx, arg, parts[0], scope) if err != nil { - scope.Log("Unable to create temp file: %v", err) + scope.Error("Unable to create temp file: %v", err) return nil, err } scope.Log("Using local copy %v", filename) diff --git a/vql/parsers/syslog/auditd.go b/vql/parsers/syslog/auditd.go index cd03659b62..da0e6a5df4 100644 --- a/vql/parsers/syslog/auditd.go +++ b/vql/parsers/syslog/auditd.go @@ -38,7 +38,7 @@ func (self AuditdPlugin) Call( reassembler, err := libaudit.NewReassembler(5, 2*time.Second, &streamHandler{scope: scope, ctx: ctx, output_chan: output_chan}) if err != nil { - scope.Log("parse_auditd: %v", err) + scope.Error("parse_auditd: %v", err) return } defer reassembler.Close() @@ -126,7 +126,7 @@ func (self WatchAuditdPlugin) Call( reassembler, err := libaudit.NewReassembler(5, 2*time.Second, &streamHandler{scope: scope, ctx: ctx, output_chan: output_chan}) if err != nil { - scope.Log("watch_auditd: %v", err) + scope.Error("watch_auditd: %v", err) return } defer reassembler.Close() diff --git a/vql/parsers/syslog/scanner.go b/vql/parsers/syslog/scanner.go index aa5e08ef3d..371532064c 100644 --- a/vql/parsers/syslog/scanner.go +++ b/vql/parsers/syslog/scanner.go @@ -43,13 +43,13 @@ func (self ScannerPlugin) Call( arg := &ScannerPluginArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("parse_lines: %v", err) + scope.Error("parse_lines: %v", err) return } err = vql_subsystem.CheckFilesystemAccess(scope, arg.Accessor) if err != nil { - scope.Log("parse_lines: %s", err) + scope.Error("parse_lines: %s", err) return } @@ -57,7 +57,7 @@ func (self ScannerPlugin) Call( func() { fd, err := maybeOpenGzip(scope, arg.Accessor, filename) if err != nil { - scope.Log("parse_lines: %v", err) + scope.Error("parse_lines: %v", err) return } defer fd.Close() @@ -81,7 +81,7 @@ func (self ScannerPlugin) Call( } err = scanner.Err() if err != nil { - scope.Log("parse_lines: %v", err) + scope.Error("parse_lines: %v", err) return } }() @@ -105,13 +105,13 @@ func (self _WatchSyslogPlugin) Call( arg := &ScannerPluginArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("watch_syslog: %v", err) + scope.Error("watch_syslog: %v", err) return } err = vql_subsystem.CheckFilesystemAccess(scope, arg.Accessor) if err != nil { - scope.Log("watch_syslog: %v", err) + scope.Error("watch_syslog: %v", err) return } diff --git a/vql/parsers/syslog/watcher.go b/vql/parsers/syslog/watcher.go index a2c0ef0ad2..aec9d6a7fd 100644 --- a/vql/parsers/syslog/watcher.go +++ b/vql/parsers/syslog/watcher.go @@ -98,7 +98,7 @@ func (self *SyslogWatcherService) StartMonitoring( accessor, err := accessors.GetAccessor(accessor_name, scope) if err != nil { - //scope.Log("Registering watcher error: %v", err) + //scope.Error("Registering watcher error: %v", err) return } diff --git a/vql/parsers/usn/usn.go b/vql/parsers/usn/usn.go index 9254cd3889..51b5b19c04 100644 --- a/vql/parsers/usn/usn.go +++ b/vql/parsers/usn/usn.go @@ -34,7 +34,7 @@ func (self USNPlugin) Call( arg := &USNPluginArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("parse_usn: %v", err) + scope.Error("parse_usn: %v", err) return } @@ -44,7 +44,7 @@ func (self USNPlugin) Call( arg.Accessor = "ntfs" arg.Device, err = accessors.NewWindowsNTFSPath(arg.Device.String()) if err != nil { - scope.Log("parse_usn: %v", err) + scope.Error("parse_usn: %v", err) return } } @@ -52,13 +52,13 @@ func (self USNPlugin) Call( device, accessor, err := readers.GetRawDeviceAndAccessor( scope, arg.Device, arg.Accessor) if err != nil { - scope.Log("parse_usn: %v", err) + scope.Error("parse_usn: %v", err) return } ntfs_ctx, err := readers.GetNTFSContext(scope, device, accessor) if err != nil { - scope.Log("parse_usn: %v", err) + scope.Error("parse_usn: %v", err) return } defer ntfs_ctx.Close() @@ -98,7 +98,7 @@ func (self WatchUSNPlugin) Call( arg := &WatchUSNPluginArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("watch_usn: %v", err) + scope.Error("watch_usn: %v", err) return } @@ -115,7 +115,7 @@ func (self WatchUSNPlugin) Call( // (it does not make sense to watch a static file). ntfs_device, err := accessors.NewWindowsNTFSPath(arg.Device) if err != nil { - scope.Log("watch_usn: %v", err) + scope.Error("watch_usn: %v", err) return } @@ -123,7 +123,7 @@ func (self WatchUSNPlugin) Call( cancel, err := GlobalEventLogService.Register( ntfs_device, "ntfs", ctx, config_obj, scope, event_channel) if err != nil { - scope.Log("watch_usn: %v", err) + scope.Error("watch_usn: %v", err) return } diff --git a/vql/parsers/xml.go b/vql/parsers/xml.go index ec8d20d50e..e3c459638c 100644 --- a/vql/parsers/xml.go +++ b/vql/parsers/xml.go @@ -41,24 +41,24 @@ func (self _ParseXMLFunction) Call( arg := &_ParseXMLFunctionArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("parse_xml: %s", err.Error()) + scope.Error("parse_xml: %s", err.Error()) return vfilter.Null{} } err = vql_subsystem.CheckFilesystemAccess(scope, arg.Accessor) if err != nil { - scope.Log("parse_xml: %s", err) + scope.Error("parse_xml: %s", err) return vfilter.Null{} } accessor, err := accessors.GetAccessor(arg.Accessor, scope) if err != nil { - scope.Log("parse_xml: %v", err) + scope.Error("parse_xml: %v", err) return vfilter.Null{} } file, err := accessor.Open(arg.File) if err != nil { - scope.Log("Unable to open file %s", arg.File) + scope.Error("Unable to open file %s", arg.File) return vfilter.Null{} } defer file.Close() @@ -66,7 +66,7 @@ func (self _ParseXMLFunction) Call( mxj.SetAttrPrefix("Attr") result, err := mxj.NewMapXmlReader(file) if err != nil { - scope.Log("NewMapXmlReader: %v", err) + scope.Error("NewMapXmlReader: %v", err) return vfilter.Null{} } diff --git a/vql/parsers/yaml.go b/vql/parsers/yaml.go index f4df9164c3..a206305701 100644 --- a/vql/parsers/yaml.go +++ b/vql/parsers/yaml.go @@ -27,25 +27,25 @@ func (self ParseYamlFunction) Call( arg := &ParseYamlFunctionArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("parse_yaml: %s", err.Error()) + scope.Error("parse_yaml: %s", err.Error()) return nil } err = vql_subsystem.CheckFilesystemAccess(scope, arg.Accessor) if err != nil { - scope.Log("parse_yaml: %s", err) + scope.Error("parse_yaml: %s", err) return nil } accessor, err := accessors.GetAccessor(arg.Accessor, scope) if err != nil { - scope.Log("parse_yaml: %v", err) + scope.Error("parse_yaml: %v", err) return nil } fd, err := accessor.Open(arg.Filename) if err != nil { - scope.Log("Unable to open file %s: %v", + scope.Error("Unable to open file %s: %v", arg.Filename, err) return nil } @@ -53,7 +53,7 @@ func (self ParseYamlFunction) Call( data, err := ioutil.ReadAll(fd) if err != nil { - scope.Log("parse_yaml: %v", err) + scope.Error("parse_yaml: %v", err) return nil } @@ -62,7 +62,7 @@ func (self ParseYamlFunction) Call( var result yaml.MapSlice err = yaml.Unmarshal(data, &result) if err != nil { - scope.Log("parse_yaml: %v", err) + scope.Error("parse_yaml: %v", err) return nil } return mapSlice2OrderedDict(result) diff --git a/vql/process.go b/vql/process.go index c78283ac6e..0197436f72 100755 --- a/vql/process.go +++ b/vql/process.go @@ -1,3 +1,4 @@ +//go:build !windows // +build !windows /* @@ -47,14 +48,14 @@ func init() { err := CheckAccess(scope, acls.MACHINE_STATE) if err != nil { - scope.Log("pslist: %s", err) + scope.Error("pslist: %s", err) return result } arg := &PslistArgs{} err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("pslist: %s", err.Error()) + scope.Error("pslist: %s", err.Error()) return result } diff --git a/vql/remapping/impersonation.go b/vql/remapping/impersonation.go index 8601a11302..7e4100b7d4 100644 --- a/vql/remapping/impersonation.go +++ b/vql/remapping/impersonation.go @@ -36,7 +36,7 @@ func (self ImpersonatedExpand) Call( arg := &ExpandPathArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("expand: %s", err.Error()) + scope.Error("expand: %s", err.Error()) return vfilter.Null{} } diff --git a/vql/remapping/mocker.go b/vql/remapping/mocker.go index 735bd47306..1c8557792d 100644 --- a/vql/remapping/mocker.go +++ b/vql/remapping/mocker.go @@ -185,7 +185,7 @@ func (self *MockFunction) Call(ctx context.Context, arg := &MockerFunctionArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("mock: %s", err.Error()) + scope.Error("mock: %s", err.Error()) return types.Null{} } @@ -290,7 +290,7 @@ func (self *MockCheckFunction) Call(ctx context.Context, arg := &MockCheckArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("mock_check: %s", err.Error()) + scope.Error("mock_check: %s", err.Error()) return vfilter.Null{} } diff --git a/vql/remapping/remapping.go b/vql/remapping/remapping.go index e20562ff83..296b74ff89 100644 --- a/vql/remapping/remapping.go +++ b/vql/remapping/remapping.go @@ -27,14 +27,14 @@ func (self RemappingFunc) Call(ctx context.Context, arg := &RemappingArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("remap: %s", err.Error()) + scope.Error("remap: %s", err.Error()) return false } config_obj := &config_proto.Config{} err = yaml.UnmarshalStrict([]byte(arg.Configuration), config_obj) if err != nil { - scope.Log("remap: %v", err) + scope.Error("remap: %v", err) return vfilter.Null{} } @@ -51,7 +51,7 @@ func (self RemappingFunc) Call(ctx context.Context, for _, cp := range arg.Copy { accessor, err := global_device_manager.GetAccessor(cp, scope) if err != nil { - scope.Log("remap: %v", err) + scope.Error("remap: %v", err) return vfilter.Null{} } @@ -67,7 +67,7 @@ func (self RemappingFunc) Call(ctx context.Context, err = ApplyRemappingOnScope(ctx, config_obj, pristine_scope, scope, manager, ordereddict.NewDict(), remapping_config) if err != nil { - scope.Log("remap: %v", err) + scope.Error("remap: %v", err) return vfilter.Null{} } diff --git a/vql/server/clients/clients.go b/vql/server/clients/clients.go index 2800620485..c689984d54 100644 --- a/vql/server/clients/clients.go +++ b/vql/server/clients/clients.go @@ -1,3 +1,4 @@ +//go:build server_vql // +build server_vql /* @@ -53,14 +54,14 @@ func (self ClientsPlugin) Call( err := vql_subsystem.CheckAccess(scope, acls.READ_RESULTS) if err != nil { - scope.Log("clients: %v", err) + scope.Error("clients: %v", err) return } arg := &ClientsPluginArgs{} err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("clients: %v", err) + scope.Error("clients: %v", err) return } @@ -74,7 +75,7 @@ func (self ClientsPlugin) Call( if arg.ClientId != "" { indexer, err := services.GetIndexer(config_obj) if err != nil { - scope.Log("clients: %v", err) + scope.Error("clients: %v", err) return } @@ -102,14 +103,14 @@ func (self ClientsPlugin) Call( indexer, err := services.GetIndexer(config_obj) if err != nil { - scope.Log("client_info: %s", err.Error()) + scope.Error("client_info: %s", err.Error()) return } search_chan, err := indexer.SearchClientsChan(ctx, scope, config_obj, search_term, vql_subsystem.GetPrincipal(scope)) if err != nil { - scope.Log("clients: %v", err) + scope.Error("clients: %v", err) return } @@ -145,14 +146,14 @@ func (self *ClientInfoFunction) Call(ctx context.Context, err := vql_subsystem.CheckAccess(scope, acls.READ_RESULTS) if err != nil { - scope.Log("client_info: %s", err) + scope.Error("client_info: %s", err) return vfilter.Null{} } arg := &ClientInfoFunctionArgs{} err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("client_info: %s", err.Error()) + scope.Error("client_info: %s", err.Error()) return vfilter.Null{} } @@ -164,14 +165,14 @@ func (self *ClientInfoFunction) Call(ctx context.Context, indexer, err := services.GetIndexer(config_obj) if err != nil { - scope.Log("client_info: %s", err.Error()) + scope.Error("client_info: %s", err.Error()) return vfilter.Null{} } api_client, err := indexer.FastGetApiClient(ctx, config_obj, arg.ClientId) if err != nil { - scope.Log("client_info: %s", err.Error()) + scope.Error("client_info: %s", err.Error()) return vfilter.Null{} } return json.ConvertProtoToOrderedDict(api_client) diff --git a/vql/server/clients/delete.go b/vql/server/clients/delete.go index 97a88e87b0..4d032d5a3d 100644 --- a/vql/server/clients/delete.go +++ b/vql/server/clients/delete.go @@ -39,13 +39,13 @@ func (self DeleteClientPlugin) Call(ctx context.Context, err := vql_subsystem.CheckAccess(scope, acls.SERVER_ADMIN) if err != nil { - scope.Log("client_delete: %s", err) + scope.Error("client_delete: %s", err) return } err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("client_delete: %s", err) + scope.Error("client_delete: %s", err) return } @@ -93,7 +93,7 @@ func (self DeleteClientPlugin) Call(ctx context.Context, return nil }) if err != nil { - scope.Log("client_delete: %s", err.Error()) + scope.Error("client_delete: %s", err.Error()) return } @@ -115,14 +115,14 @@ func (self DeleteClientPlugin) Call(ctx context.Context, if arg.ReallyDoIt { err := file_store_factory.Delete(filename) if err != nil { - scope.Log("client_delete: while deleting %v: %s", + scope.Error("client_delete: while deleting %v: %s", filename, err) } } return nil }) if err != nil { - scope.Log("client_delete: %s", err) + scope.Error("client_delete: %s", err) return } @@ -132,7 +132,7 @@ func (self DeleteClientPlugin) Call(ctx context.Context, func(filename api.DSPathSpec) error { err := db.DeleteSubject(config_obj, filename) if err != nil { - scope.Log("client_delete: Removig directory %v: %v", + scope.Error("client_delete: Removig directory %v: %v", filename.AsClientPath(), err) } return nil @@ -142,7 +142,7 @@ func (self DeleteClientPlugin) Call(ctx context.Context, if arg.ReallyDoIt { err = reallyDeleteClient(ctx, config_obj, scope, db, arg) if err != nil { - scope.Log("client_delete: %s", err) + scope.Error("client_delete: %s", err) return } @@ -151,7 +151,7 @@ func (self DeleteClientPlugin) Call(ctx context.Context, config_obj, paths.NewClientPathManager(arg.ClientId).Path().SetDir()) if err != nil { - scope.Log("client_delete: %s", err) + scope.Error("client_delete: %s", err) } } @@ -162,7 +162,7 @@ func (self DeleteClientPlugin) Call(ctx context.Context, err = notifier.NotifyListener( config_obj, arg.ClientId, "DeleteClient") if err != nil { - scope.Log("client_delete: %s", err) + scope.Error("client_delete: %s", err) } } }() diff --git a/vql/server/clients/metadata.go b/vql/server/clients/metadata.go index 59b4262050..19c1f01479 100644 --- a/vql/server/clients/metadata.go +++ b/vql/server/clients/metadata.go @@ -1,3 +1,4 @@ +//go:build server_vql // +build server_vql package clients @@ -30,7 +31,7 @@ func (self *ClientMetadataFunction) Call(ctx context.Context, arg := &ClientMetadataFunctionArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("client_metadata: %s", err.Error()) + scope.Error("client_metadata: %s", err.Error()) return vfilter.Null{} } @@ -40,7 +41,7 @@ func (self *ClientMetadataFunction) Call(ctx context.Context, } err = vql_subsystem.CheckAccess(scope, permission) if err != nil { - scope.Log("client_metadata: %s", err) + scope.Error("client_metadata: %s", err) return vfilter.Null{} } @@ -53,7 +54,7 @@ func (self *ClientMetadataFunction) Call(ctx context.Context, client_path_manager := paths.NewClientPathManager(arg.ClientId) db, err := datastore.GetDB(config_obj) if err != nil { - scope.Log("client_metadata: %s", err.Error()) + scope.Error("client_metadata: %s", err.Error()) return vfilter.Null{} } @@ -117,7 +118,7 @@ func (self *ClientSetMetadataFunction) Call(ctx context.Context, err := vql_subsystem.CheckAccess(scope, permission) if err != nil { - scope.Log("client_set_metadata: %s", err) + scope.Error("client_set_metadata: %s", err) return vfilter.Null{} } @@ -130,7 +131,7 @@ func (self *ClientSetMetadataFunction) Call(ctx context.Context, client_path_manager := paths.NewClientPathManager(client_id) db, err := datastore.GetDB(config_obj) if err != nil { - scope.Log("client_set_metadata: %s", err.Error()) + scope.Error("client_set_metadata: %s", err.Error()) return vfilter.Null{} } @@ -156,7 +157,7 @@ func (self *ClientSetMetadataFunction) Call(ctx context.Context, err = db.SetSubject(config_obj, client_path_manager.Metadata(), result) if err != nil { - scope.Log("client_set_metadata: %s", err.Error()) + scope.Error("client_set_metadata: %s", err.Error()) return vfilter.Null{} } diff --git a/vql/server/clients/new.go b/vql/server/clients/new.go index 0d111e7369..bb40dc90d7 100644 --- a/vql/server/clients/new.go +++ b/vql/server/clients/new.go @@ -34,13 +34,13 @@ func (self NewClientFunction) Call(ctx context.Context, err := vql_subsystem.CheckAccess(scope, acls.SERVER_ADMIN) if err != nil { - scope.Log("client_create: %s", err) + scope.Error("client_create: %s", err) return &vfilter.Null{} } err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("client_create: %s", err) + scope.Error("client_create: %s", err) return &vfilter.Null{} } @@ -52,7 +52,7 @@ func (self NewClientFunction) Call(ctx context.Context, client_info_manager, err := services.GetClientInfoManager(config_obj) if err != nil { - scope.Log("client_create: %s", err) + scope.Error("client_create: %s", err) return &vfilter.Null{} } @@ -78,13 +78,13 @@ func (self NewClientFunction) Call(ctx context.Context, err = client_info_manager.Set(ctx, &services.ClientInfo{record}) if err != nil { - scope.Log("client_create: %s", err) + scope.Error("client_create: %s", err) return &vfilter.Null{} } indexer, err := services.GetIndexer(config_obj) if err != nil { - scope.Log("client_create: %s", err) + scope.Error("client_create: %s", err) return &vfilter.Null{} } @@ -97,7 +97,7 @@ func (self NewClientFunction) Call(ctx context.Context, } { err = indexer.SetIndex(arg.ClientId, term) if err != nil { - scope.Log("client_create: %s", err) + scope.Error("client_create: %s", err) return &vfilter.Null{} } } diff --git a/vql/server/compress.go b/vql/server/compress.go index 4cf3a5b7ce..41fc5031b9 100644 --- a/vql/server/compress.go +++ b/vql/server/compress.go @@ -44,20 +44,20 @@ func (self *Compress) Call(ctx context.Context, err := vql_subsystem.CheckAccess(scope, acls.FILESYSTEM_WRITE) if err != nil { - scope.Log("compress: %v", err) + scope.Error("compress: %v", err) return vfilter.Null{} } arg := &CompressArgs{} err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("compress: %s", err.Error()) + scope.Error("compress: %s", err.Error()) return vfilter.Null{} } fd, err := os.Open(arg.Path) if err != nil { - scope.Log("compress: %v", err) + scope.Error("compress: %v", err) return vfilter.Null{} } defer fd.Close() @@ -65,7 +65,7 @@ func (self *Compress) Call(ctx context.Context, out_fd, err := os.OpenFile(arg.Output, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0660) if err != nil { - scope.Log("compress: %v", err) + scope.Error("compress: %v", err) return vfilter.Null{} } defer out_fd.Close() @@ -77,7 +77,7 @@ func (self *Compress) Call(ctx context.Context, _, err = utils.Copy(ctx, zw, fd) if err != nil { - scope.Log("compress: %v", err) + scope.Error("compress: %v", err) err2 := os.Remove(arg.Output) if err2 != nil { scope.Log("compress: cleaning up %v (%v)", err2, err) diff --git a/vql/server/crypto.go b/vql/server/crypto.go index e64f6faae6..c7550efbc2 100644 --- a/vql/server/crypto.go +++ b/vql/server/crypto.go @@ -17,14 +17,14 @@ func (self *ServerFrontendCertFunction) Call(ctx context.Context, args *ordereddict.Dict) vfilter.Any { err := vql_subsystem.CheckAccess(scope, acls.MACHINE_STATE) if err != nil { - scope.Log("ERROR:server_frontend_cert%s", err) + scope.Error("ERROR:server_frontend_cert%s", err) return vfilter.Null{} } arg := vfilter.Empty{} err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("ERROR:server_frontend_cert %s", err.Error()) + scope.Error("ERROR:server_frontend_cert %s", err.Error()) return vfilter.Null{} } config_obj, ok := vql_subsystem.GetServerConfig(scope) diff --git a/vql/server/downloads/downloads.go b/vql/server/downloads/downloads.go index fb80a12d6f..a899857674 100644 --- a/vql/server/downloads/downloads.go +++ b/vql/server/downloads/downloads.go @@ -53,13 +53,13 @@ func (self *CreateFlowDownload) Call(ctx context.Context, arg := &CreateFlowDownloadArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("create_flow_download: %s", err.Error()) + scope.Error("create_flow_download: %s", err.Error()) return vfilter.Null{} } err = vql_subsystem.CheckAccess(scope, acls.PREPARE_RESULTS) if err != nil { - scope.Log("create_flow_download: %s", err) + scope.Error("create_flow_download: %s", err) return vfilter.Null{} } @@ -71,7 +71,7 @@ func (self *CreateFlowDownload) Call(ctx context.Context, format, err := reporting.GetContainerFormat(arg.Format) if err != nil { - scope.Log("create_flow_download: %v", err) + scope.Error("create_flow_download: %v", err) return vfilter.Null{} } @@ -80,7 +80,7 @@ func (self *CreateFlowDownload) Call(ctx context.Context, arg.FlowId, arg.ClientId, arg.Password, arg.ExpandSparse, arg.Name, arg.Wait) if err != nil { - scope.Log("create_flow_download: %s", err) + scope.Error("create_flow_download: %s", err) return vfilter.Null{} } @@ -114,13 +114,13 @@ func (self *CreateHuntDownload) Call(ctx context.Context, arg := &CreateHuntDownloadArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("create_hunt_download: %s", err.Error()) + scope.Error("create_hunt_download: %s", err.Error()) return vfilter.Null{} } err = vql_subsystem.CheckAccess(scope, acls.PREPARE_RESULTS) if err != nil { - scope.Log("create_hunt_download: %s", err) + scope.Error("create_hunt_download: %s", err) return vfilter.Null{} } @@ -132,7 +132,7 @@ func (self *CreateHuntDownload) Call(ctx context.Context, format, err := reporting.GetContainerFormat(arg.Format) if err != nil { - scope.Log("create_hunt_download: %v", err) + scope.Error("create_hunt_download: %v", err) return vfilter.Null{} } @@ -141,7 +141,7 @@ func (self *CreateHuntDownload) Call(ctx context.Context, format, arg.ExpandSparse, arg.Wait, arg.OnlyCombined, arg.Filename, arg.Password) if err != nil { - scope.Log("create_hunt_download: %s", err) + scope.Error("create_hunt_download: %s", err) return vfilter.Null{} } diff --git a/vql/server/elastic.go b/vql/server/elastic.go index ac3387ce99..45f23bb242 100644 --- a/vql/server/elastic.go +++ b/vql/server/elastic.go @@ -92,14 +92,14 @@ func (self _ElasticPlugin) Call(ctx context.Context, err := vql_subsystem.CheckAccess(scope, acls.COLLECT_SERVER) if err != nil { - scope.Log("elastic: %v", err) + scope.Error("elastic: %v", err) return } arg := _ElasticPluginArgs{} err = arg_parser.ExtractArgsWithContext(ctx, scope, args, &arg) if err != nil { - scope.Log("elastic: %v", err) + scope.Error("elastic: %v", err) return } @@ -152,7 +152,7 @@ func upload_rows( crypto.AddPublicRoots(CA_Pool) err := crypto.AddDefaultCerts(config_obj, CA_Pool) if err != nil { - scope.Log("elastic: %v", err) + scope.Error("elastic: %v", err) return } @@ -181,7 +181,7 @@ func upload_rows( client, err := elasticsearch.NewClient(cfg) if err != nil { - scope.Log("elastic: %v", err) + scope.Error("elastic: %v", err) return } @@ -209,7 +209,7 @@ func upload_rows( id = id + 3 err := append_row_to_buffer(ctx, scope, row, id, &buf, arg, opts) if err != nil { - scope.Log("elastic: %v", err) + scope.Error("elastic: %v", err) continue } diff --git a/vql/server/events.go b/vql/server/events.go index bb8aa3410e..4849b05778 100644 --- a/vql/server/events.go +++ b/vql/server/events.go @@ -24,7 +24,7 @@ func (self *SendEventFunction) Call(ctx context.Context, arg := &SendEventArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("send_event: %v", err) + scope.Error("send_event: %v", err) return &vfilter.Null{} } @@ -36,7 +36,7 @@ func (self *SendEventFunction) Call(ctx context.Context, err = vql_subsystem.CheckAccessWithArgs( scope, acls.PUBLISH, arg.Artifact) if err != nil { - scope.Log("send_event: %v", err) + scope.Error("send_event: %v", err) return &vfilter.Null{} } } @@ -57,7 +57,7 @@ func (self *SendEventFunction) Call(ctx context.Context, err = journal.PushRowsToArtifact(config_obj, []*ordereddict.Dict{arg.Row}, arg.Artifact, "server", "") if err != nil { - scope.Log("send_event: %v", err) + scope.Error("send_event: %v", err) return &vfilter.Null{} } diff --git a/vql/server/favorites/create.go b/vql/server/favorites/create.go index 16cfed6cff..f2026f99c2 100644 --- a/vql/server/favorites/create.go +++ b/vql/server/favorites/create.go @@ -30,7 +30,7 @@ func (self *AddFavorite) Call(ctx context.Context, arg := &AddFavoriteArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("favorites_save: %s", err.Error()) + scope.Error("favorites_save: %s", err.Error()) return vfilter.Null{} } @@ -46,13 +46,13 @@ func (self *AddFavorite) Call(ctx context.Context, value := arg.Specs.Reduce(ctx) specs, err := validateSpec(ctx, scope, value) if err != nil { - scope.Log("favorites_save: %s", err) + scope.Error("favorites_save: %s", err) return vfilter.Null{} } db, err := datastore.GetDB(config_obj) if err != nil { - scope.Log("favorites_save: %s", err) + scope.Error("favorites_save: %s", err) return vfilter.Null{} } @@ -72,7 +72,7 @@ func (self *AddFavorite) Call(ctx context.Context, err = db.SetSubject(config_obj, path_manager.Favorites(arg.Name, arg.Type), fav) if err != nil { - scope.Log("favorites_save: %s", err) + scope.Error("favorites_save: %s", err) return vfilter.Null{} } return vfilter.Null{} diff --git a/vql/server/favorites/delete.go b/vql/server/favorites/delete.go index 40be60e334..6d6634b788 100644 --- a/vql/server/favorites/delete.go +++ b/vql/server/favorites/delete.go @@ -25,7 +25,7 @@ func (self *RmFavorite) Call(ctx context.Context, arg := &RmFavoriteArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("favorites_delete: %v", err) + scope.Error("favorites_delete: %v", err) return vfilter.Null{} } @@ -39,7 +39,7 @@ func (self *RmFavorite) Call(ctx context.Context, db, err := datastore.GetDB(config_obj) if err != nil { - scope.Log("favorites_delete: %s", err) + scope.Error("favorites_delete: %s", err) return vfilter.Null{} } @@ -53,7 +53,7 @@ func (self *RmFavorite) Call(ctx context.Context, err = db.DeleteSubject(config_obj, path_manager.Favorites(arg.Name, arg.Type)) if err != nil { - scope.Log("favorites_delete: %s", err) + scope.Error("favorites_delete: %s", err) return vfilter.Null{} } return vfilter.Null{} diff --git a/vql/server/file_store.go b/vql/server/file_store.go index ff3cfb4e77..c085f2548a 100644 --- a/vql/server/file_store.go +++ b/vql/server/file_store.go @@ -1,3 +1,4 @@ +//go:build server_vql // +build server_vql /* @@ -51,13 +52,13 @@ func (self *DeleteFileStore) Call(ctx context.Context, err := vql_subsystem.CheckAccess(scope, acls.SERVER_ADMIN) if err != nil { - scope.Log("file_store_delete: %v", err) + scope.Error("file_store_delete: %v", err) return vfilter.Null{} } err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("file_store_delete: %v", err) + scope.Error("file_store_delete: %v", err) return vfilter.Null{} } @@ -135,7 +136,7 @@ func (self *FileStore) Call(ctx context.Context, arg := &FileStoreArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("file_store: %s", err.Error()) + scope.Error("file_store: %s", err.Error()) return vfilter.Null{} } diff --git a/vql/server/flows/create.go b/vql/server/flows/create.go index e2a68363cd..0dabcff176 100644 --- a/vql/server/flows/create.go +++ b/vql/server/flows/create.go @@ -58,7 +58,7 @@ func (self *ScheduleCollectionFunction) Call(ctx context.Context, arg := &ScheduleCollectionFunctionArg{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("collect_client: %s", err.Error()) + scope.Error("collect_client: %s", err.Error()) return vfilter.Null{} } @@ -89,39 +89,39 @@ func (self *ScheduleCollectionFunction) Call(ctx context.Context, if arg.OrgId == "" { err = vql_subsystem.CheckAccess(scope, permission) if err != nil { - scope.Log("collect_client: %v", err) + scope.Error("collect_client: %v", err) return vfilter.Null{} } } else { err = vql_subsystem.CheckAccessInOrg(scope, arg.OrgId, permission) if err != nil { - scope.Log("collect_client: %v", err) + scope.Error("collect_client: %v", err) return vfilter.Null{} } org_manager, err := services.GetOrgManager() if err != nil { - scope.Log("collect_client: %v", err) + scope.Error("collect_client: %v", err) return vfilter.Null{} } // If an org is specied we use the config obj from the org. config_obj, err = org_manager.GetOrgConfig(arg.OrgId) if err != nil { - scope.Log("collect_client: %v", err) + scope.Error("collect_client: %v", err) return vfilter.Null{} } } manager, err := services.GetRepositoryManager(config_obj) if err != nil { - scope.Log("collect_client: Command can only run on the server") + scope.Error("collect_client: Command can only run on the server") return vfilter.Null{} } repository, err := manager.GetGlobalRepository(config_obj) if err != nil { - scope.Log("collect_client: Command can only run on the server") + scope.Error("collect_client: Command can only run on the server") return vfilter.Null{} } @@ -151,7 +151,7 @@ func (self *ScheduleCollectionFunction) Call(ctx context.Context, err = collector.AddSpecProtobuf(config_obj, repository, scope, arg.Spec, request) if err != nil { - scope.Log("collect_client: %v", err) + scope.Error("collect_client: %v", err) return vfilter.Null{} } @@ -177,7 +177,7 @@ func (self *ScheduleCollectionFunction) Call(ctx context.Context, } }) if err != nil { - scope.Log("collect_client: %v", err) + scope.Error("collect_client: %v", err) return vfilter.Null{} } diff --git a/vql/server/flows/delete.go b/vql/server/flows/delete.go index 5f6390a61b..ed67c31fb0 100644 --- a/vql/server/flows/delete.go +++ b/vql/server/flows/delete.go @@ -30,14 +30,14 @@ func (self DeleteFlowPlugin) Call( err := vql_subsystem.CheckAccess(scope, acls.READ_RESULTS) if err != nil { - scope.Log("delete_flow: %s", err) + scope.Error("delete_flow: %s", err) return } arg := &DeleteFlowPluginArgs{} err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("delete_flow: %v", err) + scope.Error("delete_flow: %v", err) return } @@ -49,14 +49,14 @@ func (self DeleteFlowPlugin) Call( launcher, err := services.GetLauncher(config_obj) if err != nil { - scope.Log("delete_flow: %v", err) + scope.Error("delete_flow: %v", err) return } responses, err := launcher.DeleteFlow(ctx, config_obj, arg.ClientId, arg.FlowId, arg.ReallyDoIt) if err != nil { - scope.Log("delete_flow: %v", err) + scope.Error("delete_flow: %v", err) return } diff --git a/vql/server/flows/flows.go b/vql/server/flows/flows.go index a3a671b18e..29b7bbadb3 100644 --- a/vql/server/flows/flows.go +++ b/vql/server/flows/flows.go @@ -1,3 +1,4 @@ +//go:build server_vql // +build server_vql package flows @@ -32,14 +33,14 @@ func (self FlowsPlugin) Call( err := vql_subsystem.CheckAccess(scope, acls.READ_RESULTS) if err != nil { - scope.Log("flows: %s", err) + scope.Error("flows: %s", err) return } arg := &FlowsPluginArgs{} err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("flows: %v", err) + scope.Error("flows: %v", err) return } @@ -51,7 +52,7 @@ func (self FlowsPlugin) Call( launcher, err := services.GetLauncher(config_obj) if err != nil { - scope.Log("flows: %v", err) + scope.Error("flows: %v", err) return } @@ -80,7 +81,7 @@ func (self FlowsPlugin) Call( result, err := launcher.GetFlows(config_obj, arg.ClientId, true, nil, offset, length) if err != nil { - scope.Log("flows: %v", err) + scope.Error("flows: %v", err) return } @@ -120,7 +121,7 @@ func (self *CancelFlowFunction) Call(ctx context.Context, arg := &FlowsPluginArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("cancel_flow: %s", err.Error()) + scope.Error("cancel_flow: %s", err.Error()) return vfilter.Null{} } @@ -131,7 +132,7 @@ func (self *CancelFlowFunction) Call(ctx context.Context, err = vql_subsystem.CheckAccess(scope, permissions) if err != nil { - scope.Log("cancel_flow: %v", err) + scope.Error("cancel_flow: %v", err) return vfilter.Null{} } @@ -143,13 +144,13 @@ func (self *CancelFlowFunction) Call(ctx context.Context, launcher, err := services.GetLauncher(config_obj) if err != nil { - scope.Log("cancel_flow: %v", err) + scope.Error("cancel_flow: %v", err) return vfilter.Null{} } res, err := launcher.CancelFlow(ctx, config_obj, arg.ClientId, arg.FlowId, "VQL query") if err != nil { - scope.Log("cancel_flow: %v", err.Error()) + scope.Error("cancel_flow: %v", err.Error()) return vfilter.Null{} } @@ -177,14 +178,14 @@ func (self EnumerateFlowPlugin) Call( err := vql_subsystem.CheckAccess(scope, acls.READ_RESULTS) if err != nil { - scope.Log("enumerate_flow: %s", err) + scope.Error("enumerate_flow: %s", err) return } arg := &FlowsPluginArgs{} err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("enumerate_flow: %v", err) + scope.Error("enumerate_flow: %v", err) return } @@ -196,14 +197,14 @@ func (self EnumerateFlowPlugin) Call( launcher, err := services.GetLauncher(config_obj) if err != nil { - scope.Log("delete_flow: %v", err) + scope.Error("delete_flow: %v", err) return } responses, err := launcher.DeleteFlow(ctx, config_obj, arg.ClientId, arg.FlowId, false /* really_do_it */) if err != nil { - scope.Log("delete_flow: %v", err) + scope.Error("delete_flow: %v", err) return } diff --git a/vql/server/flows/logs.go b/vql/server/flows/logs.go index fedb96a3ac..2da20c8956 100644 --- a/vql/server/flows/logs.go +++ b/vql/server/flows/logs.go @@ -30,14 +30,14 @@ func (self FlowLogsPlugin) Call( err := vql_subsystem.CheckAccess(scope, acls.READ_RESULTS) if err != nil { - scope.Log("flow_logs: %s", err) + scope.Error("flow_logs: %s", err) return } arg := &FlowLogsPluginArgs{} err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("flow_logs: %v", err) + scope.Error("flow_logs: %v", err) return } @@ -52,7 +52,7 @@ func (self FlowLogsPlugin) Call( rs_reader, err := result_sets.NewResultSetReader( file_store_factory, path_manager.Log()) if err != nil { - scope.Log("flow_logs: %v", err) + scope.Error("flow_logs: %v", err) return } diff --git a/vql/server/flows/monitoring.go b/vql/server/flows/monitoring.go index cfe6bd9fc1..5b7d560027 100644 --- a/vql/server/flows/monitoring.go +++ b/vql/server/flows/monitoring.go @@ -1,3 +1,4 @@ +//go:build server_vql // +build server_vql /* @@ -49,7 +50,7 @@ func (self MonitoringPlugin) Call( err := vql_subsystem.CheckAccess(scope, acls.READ_RESULTS) if err != nil { - scope.Log("monitoring: %s", err) + scope.Error("monitoring: %s", err) return } @@ -61,7 +62,7 @@ func (self MonitoringPlugin) Call( err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("monitoring: %v", err) + scope.Error("monitoring: %v", err) return } @@ -81,7 +82,7 @@ func (self MonitoringPlugin) Call( path_manager, err := artifact_paths.NewArtifactPathManager( config_obj, arg.ClientId, arg.FlowId, arg.Artifact) if err != nil { - scope.Log("monitoring: %v", err) + scope.Error("monitoring: %v", err) return } @@ -89,7 +90,7 @@ func (self MonitoringPlugin) Call( reader, err := result_sets.NewTimedResultSetReader( ctx, file_store_factory, path_manager) if err != nil { - scope.Log("monitoring: %v", err) + scope.Error("monitoring: %v", err) return } @@ -98,7 +99,7 @@ func (self MonitoringPlugin) Call( if err == nil { err = reader.SeekToTime(start) if err != nil { - scope.Log("monitoring: %v", err) + scope.Error("monitoring: %v", err) return } } @@ -158,7 +159,7 @@ func (self WatchMonitoringPlugin) Call( err := vql_subsystem.CheckAccess(scope, acls.READ_RESULTS) if err != nil { - scope.Log("watch_monitoring: %s", err) + scope.Error("watch_monitoring: %s", err) return } @@ -181,14 +182,14 @@ func (self WatchMonitoringPlugin) Call( arg := &WatchMonitoringPluginArgs{} err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("watch_monitoring: %v", err) + scope.Error("watch_monitoring: %v", err) return } mode, err := artifact_paths.GetArtifactMode( config_obj, arg.Artifact) if err != nil { - scope.Log("Artifact %s not known", arg.Artifact) + scope.Error("Artifact %s not known", arg.Artifact) return } diff --git a/vql/server/flows/parallel.go b/vql/server/flows/parallel.go index b5d36473cf..27693e1ad7 100644 --- a/vql/server/flows/parallel.go +++ b/vql/server/flows/parallel.go @@ -1,3 +1,4 @@ +//go:build server_vql // +build server_vql package flows @@ -67,7 +68,7 @@ func (self ParallelPlugin) Call( err := vql_subsystem.CheckAccess(scope, acls.READ_RESULTS) if err != nil { - scope.Log("parallel: %s", err) + scope.Error("parallel: %s", err) return } @@ -80,7 +81,7 @@ func (self ParallelPlugin) Call( err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("parallel: %v", err) + scope.Error("parallel: %v", err) return } @@ -93,7 +94,7 @@ func (self ParallelPlugin) Call( job_chan, err := breakIntoScopes(ctx, config_obj, scope, arg) if err != nil { - scope.Log("parallel: %v", err) + scope.Error("parallel: %v", err) return } diff --git a/vql/server/flows/results.go b/vql/server/flows/results.go index c86077fe53..cc8518235e 100644 --- a/vql/server/flows/results.go +++ b/vql/server/flows/results.go @@ -1,3 +1,4 @@ +//go:build server_vql // +build server_vql /* @@ -94,7 +95,7 @@ func (self SourcePlugin) Call( err := vql_subsystem.CheckAccess(scope, acls.READ_RESULTS) if err != nil { - scope.Log("uploads: %s", err) + scope.Error("uploads: %s", err) close(output_chan) return output_chan } @@ -116,7 +117,7 @@ func (self SourcePlugin) Call( // Allow the plugin args to override the environment scope. err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("source: %v", err) + scope.Error("source: %v", err) close(output_chan) return output_chan } @@ -150,14 +151,14 @@ func (self SourcePlugin) Call( // different places. result_set_reader, err := getResultSetReader(ctx, config_obj, arg) if err != nil { - scope.Log("source: %v", err) + scope.Error("source: %v", err) return } if arg.StartRow > 0 { err = result_set_reader.SeekToRow(arg.StartRow) if err != nil { - scope.Log("source: %v", err) + scope.Error("source: %v", err) return } } @@ -364,14 +365,14 @@ func (self FlowResultsPlugin) Call( err := vql_subsystem.CheckAccess(scope, acls.READ_RESULTS) if err != nil { - scope.Log("flow_results: %s", err) + scope.Error("flow_results: %s", err) return } arg := &FlowResultsPluginArgs{} err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("flow_results: %v", err) + scope.Error("flow_results: %v", err) return } @@ -386,13 +387,13 @@ func (self FlowResultsPlugin) Call( if arg.Artifact == "" { launcher, err := services.GetLauncher(config_obj) if err != nil { - scope.Log("flow_results: %v", err) + scope.Error("flow_results: %v", err) return } flow, err := launcher.GetFlowDetails( config_obj, arg.ClientId, arg.FlowId) if err != nil { - scope.Log("flow_results: %v", err) + scope.Error("flow_results: %v", err) return } @@ -414,7 +415,7 @@ func (self FlowResultsPlugin) Call( path_manager, err := artifact_paths.NewArtifactPathManager( config_obj, arg.ClientId, arg.FlowId, arg.Artifact) if err != nil { - scope.Log("source: %v", err) + scope.Error("source: %v", err) return } @@ -422,7 +423,7 @@ func (self FlowResultsPlugin) Call( rs_reader, err := result_sets.NewResultSetReader( file_store_factory, path_manager.Path()) if err != nil { - scope.Log("source: %v", err) + scope.Error("source: %v", err) return } diff --git a/vql/server/flows/uploads.go b/vql/server/flows/uploads.go index d448a14ed8..98ad8d1aeb 100644 --- a/vql/server/flows/uploads.go +++ b/vql/server/flows/uploads.go @@ -35,7 +35,7 @@ func (self UploadsPlugins) Call( err := vql_subsystem.CheckAccess(scope, acls.READ_RESULTS) if err != nil { - scope.Log("uploads: %s", err) + scope.Error("uploads: %s", err) return } @@ -52,7 +52,7 @@ func (self UploadsPlugins) Call( // Allow the plugin args to override the environment scope. err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("uploads: %v", err) + scope.Error("uploads: %v", err) return } @@ -61,7 +61,7 @@ func (self UploadsPlugins) Call( reader, err := result_sets.NewResultSetReader( file_store_factory, flow_path_manager.UploadMetadata()) if err != nil { - scope.Log("uploads: %v", err) + scope.Error("uploads: %v", err) return } defer reader.Close() diff --git a/vql/server/hunts/create.go b/vql/server/hunts/create.go index 744f4a08d8..05738ca672 100644 --- a/vql/server/hunts/create.go +++ b/vql/server/hunts/create.go @@ -1,3 +1,4 @@ +//go:build server_vql // +build server_vql /* @@ -67,14 +68,14 @@ func (self *ScheduleHuntFunction) Call(ctx context.Context, err := vql_subsystem.CheckAccess(scope, acls.COLLECT_CLIENT) if err != nil { - scope.Log("hunt: %v", err) + scope.Error("hunt: %v", err) return vfilter.Null{} } arg := &ScheduleHuntFunctionArg{} err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("hunt: %v", err) + scope.Error("hunt: %v", err) return vfilter.Null{} } @@ -82,7 +83,7 @@ func (self *ScheduleHuntFunction) Call(ctx context.Context, if !utils.IsNil(arg.Expires) { expiry_time, err := functions.TimeFromAny(scope, arg.Expires.Reduce(ctx)) if err != nil { - scope.Log("hunt: expiry time invalid: %v", err) + scope.Error("hunt: expiry time invalid: %v", err) return vfilter.Null{} } @@ -105,7 +106,7 @@ func (self *ScheduleHuntFunction) Call(ctx context.Context, if len(arg.OrgIds) > 0 { err := vql_subsystem.CheckAccess(scope, acls.ORG_ADMIN) if err != nil { - scope.Log("hunt: %v", err) + scope.Error("hunt: %v", err) return vfilter.Null{} } @@ -116,12 +117,12 @@ func (self *ScheduleHuntFunction) Call(ctx context.Context, manager, err := services.GetRepositoryManager(config_obj) if err != nil { - scope.Log("hunt: %v", err) + scope.Error("hunt: %v", err) return vfilter.Null{} } repository, err := manager.GetGlobalRepository(config_obj) if err != nil { - scope.Log("hunt: %v", err) + scope.Error("hunt: %v", err) return vfilter.Null{} } @@ -140,7 +141,7 @@ func (self *ScheduleHuntFunction) Call(ctx context.Context, err = collector.AddSpecProtobuf(config_obj, repository, scope, arg.Spec, request) if err != nil { - scope.Log("hunt: %v", err) + scope.Error("hunt: %v", err) return vfilter.Null{} } @@ -213,7 +214,7 @@ func (self *ScheduleHuntFunction) Call(ctx context.Context, org_manager, err := services.GetOrgManager() if err != nil { - scope.Log("hunt: %v", err) + scope.Error("hunt: %v", err) return vfilter.Null{} } @@ -223,14 +224,14 @@ func (self *ScheduleHuntFunction) Call(ctx context.Context, for _, org_id := range arg.OrgIds { org_config_obj, err := org_manager.GetOrgConfig(org_id) if err != nil { - scope.Log("hunt: %v", err) + scope.Error("hunt: %v", err) continue } // Make sure the user is allowed to collect in that org err = vql_subsystem.CheckAccessInOrg(scope, org_id, acls.COLLECT_CLIENT) if err != nil { - scope.Log("hunt: %v", err) + scope.Error("hunt: %v", err) continue } @@ -240,14 +241,14 @@ func (self *ScheduleHuntFunction) Call(ctx context.Context, hunt_dispatcher, err := services.GetHuntDispatcher(org_config_obj) if err != nil { - scope.Log("hunt: %v", err) + scope.Error("hunt: %v", err) continue } hunt_id, err := hunt_dispatcher.CreateHunt( ctx, org_config_obj, acl_manager, hunt_request) if err != nil { - scope.Log("hunt: %v", err) + scope.Error("hunt: %v", err) continue } @@ -291,14 +292,14 @@ func (self *AddToHuntFunction) Call(ctx context.Context, err := vql_subsystem.CheckAccess(scope, acls.COLLECT_CLIENT) if err != nil { - scope.Log("hunt_add: %v", err) + scope.Error("hunt_add: %v", err) return vfilter.Null{} } arg := &AddToHuntFunctionArg{} err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("hunt_add: %v", err) + scope.Error("hunt_add: %v", err) return vfilter.Null{} } @@ -336,7 +337,7 @@ func (self *AddToHuntFunction) Call(ctx context.Context, } if err != nil { - scope.Log("hunt_add: %v", err) + scope.Error("hunt_add: %v", err) return vfilter.Null{} } diff --git a/vql/server/hunts/delete.go b/vql/server/hunts/delete.go index 72c5d56426..1959882d8d 100644 --- a/vql/server/hunts/delete.go +++ b/vql/server/hunts/delete.go @@ -32,13 +32,13 @@ func (self DeleteHuntPlugin) Call(ctx context.Context, err := vql_subsystem.CheckAccess(scope, acls.SERVER_ADMIN) if err != nil { - scope.Log("hunt_delete: %s", err) + scope.Error("hunt_delete: %s", err) return } err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("hunt_delete: %s", err) + scope.Error("hunt_delete: %s", err) return } @@ -50,13 +50,13 @@ func (self DeleteHuntPlugin) Call(ctx context.Context, launcher, err := services.GetLauncher(config_obj) if err != nil { - scope.Log("hunt_delete: %s", err) + scope.Error("hunt_delete: %s", err) return } hunt_dispatcher, err := services.GetHuntDispatcher(config_obj) if err != nil { - scope.Log("hunt_delete: %s", err) + scope.Error("hunt_delete: %s", err) return } for flow_details := range hunt_dispatcher.GetFlows( @@ -66,7 +66,7 @@ func (self DeleteHuntPlugin) Call(ctx context.Context, flow_details.Context.ClientId, flow_details.Context.SessionId, arg.ReallyDoIt) if err != nil { - scope.Log("hunt_delete: %v", err) + scope.Error("hunt_delete: %v", err) return } @@ -87,7 +87,7 @@ func (self DeleteHuntPlugin) Call(ctx context.Context, } journal, err := services.GetJournal(config_obj) if err != nil { - scope.Log("hunt_delete: %s", err) + scope.Error("hunt_delete: %s", err) return } diff --git a/vql/server/hunts/hunts.go b/vql/server/hunts/hunts.go index ad4af16e97..aabfd56a41 100644 --- a/vql/server/hunts/hunts.go +++ b/vql/server/hunts/hunts.go @@ -1,3 +1,4 @@ +//go:build server_vql // +build server_vql /* @@ -57,14 +58,14 @@ func (self HuntsPlugin) Call( err := vql_subsystem.CheckAccess(scope, acls.READ_RESULTS) if err != nil { - scope.Log("hunts: %s", err) + scope.Error("hunts: %s", err) return } arg := &HuntsPluginArgs{} err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("hunts: %v", err) + scope.Error("hunts: %v", err) return } @@ -81,7 +82,7 @@ func (self HuntsPlugin) Call( hunt_dispatcher, err := services.GetHuntDispatcher(config_obj) if err != nil { - scope.Log("hunts: %v", err) + scope.Error("hunts: %v", err) return } @@ -105,7 +106,7 @@ func (self HuntsPlugin) Call( Offset: arg.Offset, }) if err != nil { - scope.Log("hunts: %v", err) + scope.Error("hunts: %v", err) return } @@ -149,14 +150,14 @@ func (self HuntResultsPlugin) Call( err := vql_subsystem.CheckAccess(scope, acls.READ_RESULTS) if err != nil { - scope.Log("hunt_results: %s", err) + scope.Error("hunt_results: %s", err) return } arg := &HuntResultsPluginArgs{} err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("hunt_results: %v", err) + scope.Error("hunt_results: %v", err) return } @@ -171,7 +172,7 @@ func (self HuntResultsPlugin) Call( if arg.Artifact == "" { hunt_dispatcher_service, err := services.GetHuntDispatcher(config_obj) if err != nil { - scope.Log("hunt_results: %v", err) + scope.Error("hunt_results: %v", err) return } @@ -197,7 +198,7 @@ func (self HuntResultsPlugin) Call( if arg.Source == "" { manager, err := services.GetRepositoryManager(config_obj) if err != nil { - scope.Log("hunt_results: %v", err) + scope.Error("hunt_results: %v", err) return } repo, err := manager.GetGlobalRepository(config_obj) @@ -234,7 +235,7 @@ func (self HuntResultsPlugin) Call( api_client, err := indexer.FastGetApiClient(ctx, config_obj, flow_details.Context.ClientId) if err != nil { - scope.Log("hunt_results: %v", err) + scope.Error("hunt_results: %v", err) continue } @@ -304,14 +305,14 @@ func (self HuntFlowsPlugin) Call( err := vql_subsystem.CheckAccess(scope, acls.READ_RESULTS) if err != nil { - scope.Log("hunt_flows: %s", err) + scope.Error("hunt_flows: %s", err) return } arg := &HuntFlowsPluginArgs{} err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("hunt_flows: %v", err) + scope.Error("hunt_flows: %v", err) return } @@ -323,7 +324,7 @@ func (self HuntFlowsPlugin) Call( hunt_dispatcher, err := services.GetHuntDispatcher(config_obj) if err != nil { - scope.Log("hunt_flows: %v", err) + scope.Error("hunt_flows: %v", err) return } diff --git a/vql/server/inventory.go b/vql/server/inventory.go index 63875191a3..3acea25ea3 100644 --- a/vql/server/inventory.go +++ b/vql/server/inventory.go @@ -41,13 +41,13 @@ func (self *InventoryAddFunction) Call(ctx context.Context, arg := &InventoryAddFunctionArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("inventory_add: %s", err.Error()) + scope.Error("inventory_add: %s", err.Error()) return vfilter.Null{} } err = vql_subsystem.CheckAccess(scope, acls.SERVER_ADMIN) if err != nil { - scope.Log("inventory_add: %s", err) + scope.Error("inventory_add: %s", err) return vfilter.Null{} } @@ -68,13 +68,13 @@ func (self *InventoryAddFunction) Call(ctx context.Context, if arg.File != "" { accessor, err := accessors.GetAccessor(arg.Accessor, scope) if err != nil { - scope.Log("inventory_add: %s", err) + scope.Error("inventory_add: %s", err) return vfilter.Null{} } reader, err := accessor.Open(arg.File) if err != nil { - scope.Log("inventory_add: %s", err) + scope.Error("inventory_add: %s", err) return vfilter.Null{} } @@ -82,7 +82,7 @@ func (self *InventoryAddFunction) Call(ctx context.Context, file_store_factory := file_store.GetFileStore(config_obj) writer, err := file_store_factory.WriteFile(path_manager.Path()) if err != nil { - scope.Log("inventory_add: %s", err) + scope.Error("inventory_add: %s", err) return vfilter.Null{} } defer writer.Close() @@ -93,7 +93,7 @@ func (self *InventoryAddFunction) Call(ctx context.Context, _, err = utils.Copy(ctx, writer, io.TeeReader(reader, sha_sum)) if err != nil { - scope.Log("inventory_add: %s", err) + scope.Error("inventory_add: %s", err) return vfilter.Null{} } @@ -107,7 +107,7 @@ func (self *InventoryAddFunction) Call(ctx context.Context, inventory, err := services.GetInventory(config_obj) if err != nil { - scope.Log("inventory_add: %s", err.Error()) + scope.Error("inventory_add: %s", err.Error()) return vfilter.Null{} } @@ -116,7 +116,7 @@ func (self *InventoryAddFunction) Call(ctx context.Context, AdminOverride: true, }) if err != nil { - scope.Log("inventory_add: %s", err.Error()) + scope.Error("inventory_add: %s", err.Error()) return vfilter.Null{} } @@ -149,13 +149,13 @@ func (self *InventoryGetFunction) Call(ctx context.Context, arg := &InventoryGetFunctionArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("inventory_get: %s", err.Error()) + scope.Error("inventory_get: %s", err.Error()) return vfilter.Null{} } err = vql_subsystem.CheckAccess(scope, acls.SERVER_ADMIN) if err != nil { - scope.Log("inventory_get: %s", err) + scope.Error("inventory_get: %s", err) return vfilter.Null{} } @@ -167,13 +167,13 @@ func (self *InventoryGetFunction) Call(ctx context.Context, inventory, err := services.GetInventory(config_obj) if err != nil { - scope.Log("inventory_get: %s", err.Error()) + scope.Error("inventory_get: %s", err.Error()) return vfilter.Null{} } tool, err := inventory.GetToolInfo(ctx, config_obj, arg.Tool) if err != nil { - scope.Log("inventory_get: %s", err.Error()) + scope.Error("inventory_get: %s", err.Error()) return vfilter.Null{} } @@ -218,7 +218,7 @@ func (self InventoryPlugin) Call( inventory, err := services.GetInventory(config_obj) if err != nil { - scope.Log("inventory: %s", err.Error()) + scope.Error("inventory: %s", err.Error()) return } diff --git a/vql/server/kill.go b/vql/server/kill.go index 31b205d5ba..f76c48f0f4 100644 --- a/vql/server/kill.go +++ b/vql/server/kill.go @@ -33,14 +33,14 @@ func (self *KillClientFunction) Call(ctx context.Context, err := vql_subsystem.CheckAccess(scope, acls.MACHINE_STATE) if err != nil { - scope.Log("killkillkill: %s", err) + scope.Error("killkillkill: %s", err) return vfilter.Null{} } arg := &KillClientFunctionArgs{} err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("killkillkill: %s", err.Error()) + scope.Error("killkillkill: %s", err.Error()) return vfilter.Null{} } @@ -54,7 +54,7 @@ func (self *KillClientFunction) Call(ctx context.Context, // id. client_manager, err := services.GetClientInfoManager(config_obj) if err != nil { - scope.Log("killkillkill: %s", err.Error()) + scope.Error("killkillkill: %s", err.Error()) return vfilter.Null{} } err = client_manager.QueueMessageForClient(ctx, arg.ClientId, @@ -63,7 +63,7 @@ func (self *KillClientFunction) Call(ctx context.Context, SessionId: constants.MONITORING_WELL_KNOWN_FLOW, }, true, nil) if err != nil { - scope.Log("killkillkill: %s", err.Error()) + scope.Error("killkillkill: %s", err.Error()) return vfilter.Null{} } diff --git a/vql/server/labels.go b/vql/server/labels.go index 9cae7333a3..743de66fcc 100644 --- a/vql/server/labels.go +++ b/vql/server/labels.go @@ -1,3 +1,4 @@ +//go:build server_vql // +build server_vql /* @@ -45,13 +46,13 @@ func (self *AddLabels) Call(ctx context.Context, arg := &AddLabelsArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("label: %s", err.Error()) + scope.Error("label: %s", err.Error()) return vfilter.Null{} } err = vql_subsystem.CheckAccess(scope, acls.LABEL_CLIENT) if err != nil { - scope.Log("label: %s", err) + scope.Error("label: %s", err) return vfilter.Null{} } @@ -80,7 +81,7 @@ func (self *AddLabels) Call(ctx context.Context, } } if err != nil { - scope.Log("label: %s", err.Error()) + scope.Error("label: %s", err.Error()) return vfilter.Null{} } } diff --git a/vql/server/monitoring/add_monitoring.go b/vql/server/monitoring/add_monitoring.go index 9e7246aac5..e2d059dae0 100644 --- a/vql/server/monitoring/add_monitoring.go +++ b/vql/server/monitoring/add_monitoring.go @@ -28,14 +28,14 @@ func (self AddClientMonitoringFunction) Call( err := vql_subsystem.CheckAccess(scope, acls.SERVER_ADMIN) if err != nil { - scope.Log("add_client_monitoring: %s", err) + scope.Error("add_client_monitoring: %s", err) return vfilter.Null{} } arg := &AddClientMonitoringFunctionArgs{} err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("add_client_monitoring: %v", err) + scope.Error("add_client_monitoring: %v", err) return vfilter.Null{} } @@ -48,13 +48,13 @@ func (self AddClientMonitoringFunction) Call( // Now verify the artifact actually exists manager, err := services.GetRepositoryManager(config_obj) if err != nil { - scope.Log("add_client_monitoring: %v", err) + scope.Error("add_client_monitoring: %v", err) return vfilter.Null{} } repository, err := manager.GetGlobalRepository(config_obj) if err != nil { - scope.Log("add_client_monitoring: %v", err) + scope.Error("add_client_monitoring: %v", err) return vfilter.Null{} } @@ -73,7 +73,7 @@ func (self AddClientMonitoringFunction) Call( client_event_manager, err := services.ClientEventManager(config_obj) if err != nil { - scope.Log("add_client_monitoring: %v", err) + scope.Error("add_client_monitoring: %v", err) return vfilter.Null{} } @@ -122,7 +122,7 @@ func (self AddClientMonitoringFunction) Call( err = client_event_manager.SetClientMonitoringState( ctx, config_obj, principal, event_config) if err != nil { - scope.Log("add_client_monitoring: %v", err) + scope.Error("add_client_monitoring: %v", err) return vfilter.Null{} } @@ -191,14 +191,14 @@ func (self AddServerMonitoringFunction) Call( err := vql_subsystem.CheckAccess(scope, acls.SERVER_ADMIN) if err != nil { - scope.Log("add_server_monitoring: %s", err) + scope.Error("add_server_monitoring: %s", err) return vfilter.Null{} } arg := &AddServerMonitoringFunctionArgs{} err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("add_server_monitoring: %v", err) + scope.Error("add_server_monitoring: %v", err) return vfilter.Null{} } @@ -211,13 +211,13 @@ func (self AddServerMonitoringFunction) Call( // Now verify the artifact actually exists manager, err := services.GetRepositoryManager(config_obj) if err != nil { - scope.Log("add_server_monitoring: %v", err) + scope.Error("add_server_monitoring: %v", err) return vfilter.Null{} } repository, err := manager.GetGlobalRepository(config_obj) if err != nil { - scope.Log("add_server_monitoring: %v", err) + scope.Error("add_server_monitoring: %v", err) return vfilter.Null{} } @@ -236,7 +236,7 @@ func (self AddServerMonitoringFunction) Call( server_event_manager, err := services.GetServerEventManager(config_obj) if err != nil { - scope.Log("add_server_monitoring: %v", err) + scope.Error("add_server_monitoring: %v", err) return vfilter.Null{} } @@ -282,7 +282,7 @@ func (self AddServerMonitoringFunction) Call( principal := vql_subsystem.GetPrincipal(scope) err = server_event_manager.Update(config_obj, principal, event_config) if err != nil { - scope.Log("add_server_monitoring: %v", err) + scope.Error("add_server_monitoring: %v", err) return vfilter.Null{} } diff --git a/vql/server/monitoring/delete.go b/vql/server/monitoring/delete.go index 32d02afce7..cec0487cac 100644 --- a/vql/server/monitoring/delete.go +++ b/vql/server/monitoring/delete.go @@ -35,14 +35,14 @@ func (self DeleteEventsPlugin) Call( err := vql_subsystem.CheckAccess(scope, acls.SERVER_ADMIN) if err != nil { - scope.Log("delete_events: %v", err) + scope.Error("delete_events: %v", err) return } arg := &DeleteEventsPluginArgs{} err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("delete_events: %v", err) + scope.Error("delete_events: %v", err) return } @@ -62,14 +62,14 @@ func (self DeleteEventsPlugin) Call( launcher, err := services.GetLauncher(config_obj) if err != nil { - scope.Log("delete_events: %v", err) + scope.Error("delete_events: %v", err) return } responses, err := launcher.DeleteEvents(ctx, config_obj, arg.Artifact, arg.ClientId, arg.StartTime, arg.EndTime, arg.ReallyDoIt) if err != nil { - scope.Log("delete_events: %v", err) + scope.Error("delete_events: %v", err) return } diff --git a/vql/server/monitoring/event_monitoring.go b/vql/server/monitoring/event_monitoring.go index 45e234b195..03713b3fb1 100644 --- a/vql/server/monitoring/event_monitoring.go +++ b/vql/server/monitoring/event_monitoring.go @@ -26,14 +26,14 @@ func (self GetClientMonitoring) Call( err := vql_subsystem.CheckAccess(scope, acls.SERVER_ADMIN) if err != nil { - scope.Log("get_client_monitoring: %s", err) + scope.Error("get_client_monitoring: %s", err) return vfilter.Null{} } arg := &GetClientMonitoringArgs{} err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("get_client_monitoring: %v", err) + scope.Error("get_client_monitoring: %v", err) return vfilter.Null{} } @@ -45,7 +45,7 @@ func (self GetClientMonitoring) Call( client_event_manager, err := services.ClientEventManager(config_obj) if err != nil { - scope.Log("get_client_monitoring: %v", err) + scope.Error("get_client_monitoring: %v", err) return vfilter.Null{} } @@ -73,14 +73,14 @@ func (self SetClientMonitoring) Call( err := vql_subsystem.CheckAccess(scope, acls.SERVER_ADMIN) if err != nil { - scope.Log("set_client_monitoring: %s", err) + scope.Error("set_client_monitoring: %s", err) return vfilter.Null{} } arg := &SetClientMonitoringArgs{} err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("set_client_monitoring: %v", err) + scope.Error("set_client_monitoring: %v", err) return vfilter.Null{} } @@ -99,7 +99,7 @@ func (self SetClientMonitoring) Call( opts := vql_subsystem.EncOptsFromScope(scope) serialized, err := json.MarshalWithOptions(arg.Data, opts) if err != nil { - scope.Log("set_client_monitoring: %v", err) + scope.Error("set_client_monitoring: %v", err) return vfilter.Null{} } value_json = string(serialized) @@ -109,21 +109,21 @@ func (self SetClientMonitoring) Call( value := &flows_proto.ClientEventTable{} err = json.Unmarshal([]byte(value_json), value) if err != nil { - scope.Log("set_client_monitoring: %v", err) + scope.Error("set_client_monitoring: %v", err) return vfilter.Null{} } principal := vql_subsystem.GetPrincipal(scope) client_event_manager, err := services.ClientEventManager(config_obj) if err != nil { - scope.Log("set_client_monitoring: %v", err) + scope.Error("set_client_monitoring: %v", err) return vfilter.Null{} } err = client_event_manager.SetClientMonitoringState( ctx, config_obj, principal, value) if err != nil { - scope.Log("set_client_monitoring: %s", err.Error()) + scope.Error("set_client_monitoring: %s", err.Error()) return vfilter.Null{} } @@ -149,14 +149,14 @@ func (self GetServerMonitoring) Call( err := vql_subsystem.CheckAccess(scope, acls.SERVER_ADMIN) if err != nil { - scope.Log("get_server_monitoring: %s", err) + scope.Error("get_server_monitoring: %s", err) return vfilter.Null{} } arg := &GetServerMonitoringArgs{} err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("get_server_monitoring: %v", err) + scope.Error("get_server_monitoring: %v", err) return vfilter.Null{} } @@ -168,7 +168,7 @@ func (self GetServerMonitoring) Call( db, err := datastore.GetDB(config_obj) if err != nil { - scope.Log("get_server_monitoring: %v", err) + scope.Error("get_server_monitoring: %v", err) return vfilter.Null{} } @@ -178,7 +178,7 @@ func (self GetServerMonitoring) Call( result) if err != nil { - scope.Log("get_server_monitoring: %v", err) + scope.Error("get_server_monitoring: %v", err) return vfilter.Null{} } @@ -206,14 +206,14 @@ func (self SetServerMonitoring) Call( err := vql_subsystem.CheckAccess(scope, acls.SERVER_ADMIN) if err != nil { - scope.Log("set_server_monitoring: %s", err) + scope.Error("set_server_monitoring: %s", err) return vfilter.Null{} } arg := &SetServerMonitoringArgs{} err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("set_server_monitoring: %v", err) + scope.Error("set_server_monitoring: %v", err) return vfilter.Null{} } @@ -232,7 +232,7 @@ func (self SetServerMonitoring) Call( opts := vql_subsystem.EncOptsFromScope(scope) serialized, err := json.MarshalWithOptions(arg.Data, opts) if err != nil { - scope.Log("set_server_monitoring: %v", err) + scope.Error("set_server_monitoring: %v", err) return vfilter.Null{} } value_json = string(serialized) @@ -242,20 +242,20 @@ func (self SetServerMonitoring) Call( value := &flows_proto.ArtifactCollectorArgs{} err = json.Unmarshal([]byte(value_json), value) if err != nil { - scope.Log("set_server_monitoring: %v", err) + scope.Error("set_server_monitoring: %v", err) return vfilter.Null{} } server_manager, err := services.GetServerEventManager(config_obj) if err != nil { - scope.Log("set_server_monitoring: server_manager not ready") + scope.Error("set_server_monitoring: server_manager not ready") return vfilter.Null{} } principal := vql_subsystem.GetPrincipal(scope) err = server_manager.Update(config_obj, principal, value) if err != nil { - scope.Log("set_server_monitoring: %s", err.Error()) + scope.Error("set_server_monitoring: %s", err.Error()) return vfilter.Null{} } diff --git a/vql/server/monitoring/rm_monitoring.go b/vql/server/monitoring/rm_monitoring.go index 07123ea0ac..7804ababf3 100644 --- a/vql/server/monitoring/rm_monitoring.go +++ b/vql/server/monitoring/rm_monitoring.go @@ -25,14 +25,14 @@ func (self RemoveClientMonitoringFunction) Call( err := vql_subsystem.CheckAccess(scope, acls.SERVER_ADMIN) if err != nil { - scope.Log("rm_client_monitoring: %s", err) + scope.Error("rm_client_monitoring: %s", err) return vfilter.Null{} } arg := &AddClientMonitoringFunctionArgs{} err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("rm_client_monitoring: %v", err) + scope.Error("rm_client_monitoring: %v", err) return vfilter.Null{} } @@ -44,7 +44,7 @@ func (self RemoveClientMonitoringFunction) Call( client_event_manager, err := services.ClientEventManager(config_obj) if err != nil { - scope.Log("rm_client_monitoring: %v", err) + scope.Error("rm_client_monitoring: %v", err) return vfilter.Null{} } event_config := client_event_manager.GetClientMonitoringState() @@ -59,7 +59,7 @@ func (self RemoveClientMonitoringFunction) Call( err = client_event_manager.SetClientMonitoringState( ctx, config_obj, principal, event_config) if err != nil { - scope.Log("rm_client_monitoring: %v", err) + scope.Error("rm_client_monitoring: %v", err) return vfilter.Null{} } @@ -87,14 +87,14 @@ func (self RemoveServerMonitoringFunction) Call( err := vql_subsystem.CheckAccess(scope, acls.SERVER_ADMIN) if err != nil { - scope.Log("rm_server_monitoring: %s", err) + scope.Error("rm_server_monitoring: %s", err) return vfilter.Null{} } arg := &AddServerMonitoringFunctionArgs{} err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("rm_server_monitoring: %v", err) + scope.Error("rm_server_monitoring: %v", err) return vfilter.Null{} } @@ -106,7 +106,7 @@ func (self RemoveServerMonitoringFunction) Call( server_manager, err := services.GetServerEventManager(config_obj) if err != nil { - scope.Log("rm_server_monitoring: server_manager not ready") + scope.Error("rm_server_monitoring: server_manager not ready") return vfilter.Null{} } @@ -119,7 +119,7 @@ func (self RemoveServerMonitoringFunction) Call( principal := vql_subsystem.GetPrincipal(scope) err = server_manager.Update(config_obj, principal, event_config) if err != nil { - scope.Log("rm_server_monitoring: %v", err) + scope.Error("rm_server_monitoring: %v", err) return vfilter.Null{} } diff --git a/vql/server/notebooks/delete.go b/vql/server/notebooks/delete.go index 79769026e9..dd0ea9d459 100644 --- a/vql/server/notebooks/delete.go +++ b/vql/server/notebooks/delete.go @@ -35,13 +35,13 @@ func (self *DeleteNotebookPlugin) Call(ctx context.Context, err := vql_subsystem.CheckAccess(scope, acls.SERVER_ADMIN) if err != nil { - scope.Log("notebook_delete: %s", err) + scope.Error("notebook_delete: %s", err) return } err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("notebook_delete: %s", err.Error()) + scope.Error("notebook_delete: %s", err.Error()) return } @@ -63,7 +63,7 @@ func (self *DeleteNotebookPlugin) Call(ctx context.Context, if arg.ReallyDoIt { err = db.DeleteSubject(config_obj, notebook_path_manager.Path()) if err != nil { - scope.Log("notebook_delete: %s", err.Error()) + scope.Error("notebook_delete: %s", err.Error()) return } } @@ -92,7 +92,7 @@ func (self *DeleteNotebookPlugin) Call(ctx context.Context, return nil }) if err != nil { - scope.Log("notebook_delete: %s", err.Error()) + scope.Error("notebook_delete: %s", err.Error()) return } @@ -121,13 +121,13 @@ func (self *DeleteNotebookPlugin) Call(ctx context.Context, if arg.ReallyDoIt { err := file_store_factory.Delete(filename) if err != nil { - scope.Log("notebook_delete: %s", err.Error()) + scope.Error("notebook_delete: %s", err.Error()) } } return nil }) if err != nil { - scope.Log("notebook_delete: %s", err.Error()) + scope.Error("notebook_delete: %s", err.Error()) return } diff --git a/vql/server/orgs/create.go b/vql/server/orgs/create.go index 5fa7f17b9a..c7586deafc 100644 --- a/vql/server/orgs/create.go +++ b/vql/server/orgs/create.go @@ -25,14 +25,14 @@ func (self OrgCreateFunction) Call( err := vql_subsystem.CheckAccess(scope, acls.ORG_ADMIN) if err != nil { - scope.Log("org_create: %s", err) + scope.Error("org_create: %s", err) return vfilter.Null{} } arg := &OrgCreateFunctionArgs{} err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("org_create: %s", err) + scope.Error("org_create: %s", err) return vfilter.Null{} } @@ -43,13 +43,13 @@ func (self OrgCreateFunction) Call( org_manager, err := services.GetOrgManager() if err != nil { - scope.Log("org_create: %s", err) + scope.Error("org_create: %s", err) return vfilter.Null{} } org_record, err := org_manager.CreateNewOrg(arg.OrgName, arg.OrgId) if err != nil { - scope.Log("org_create: %s", err) + scope.Error("org_create: %s", err) return vfilter.Null{} } diff --git a/vql/server/orgs/current.go b/vql/server/orgs/current.go index 79f0a56ba5..a1a16b6908 100644 --- a/vql/server/orgs/current.go +++ b/vql/server/orgs/current.go @@ -23,13 +23,13 @@ func (self *CurrentOrgFunction) Call(ctx context.Context, org_manager, err := services.GetOrgManager() if err != nil { - scope.Log("org: %v", err) + scope.Error("org: %v", err) return vfilter.Null{} } org_record, err := org_manager.GetOrg(config_obj.OrgId) if err != nil { - scope.Log("org: %v", err) + scope.Error("org: %v", err) return vfilter.Null{} } diff --git a/vql/server/orgs/delete.go b/vql/server/orgs/delete.go index bfc6901880..1e4fab6e76 100644 --- a/vql/server/orgs/delete.go +++ b/vql/server/orgs/delete.go @@ -26,7 +26,7 @@ func (self OrgDeleteFunction) Call( err := vql_subsystem.CheckAccess(scope, acls.SERVER_ADMIN) if err != nil { - scope.Log("org_delete: %s", err) + scope.Error("org_delete: %s", err) return vfilter.Null{} } @@ -39,13 +39,13 @@ func (self OrgDeleteFunction) Call( arg := &OrgDeleteFunctionArgs{} err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("org_delete: %s", err) + scope.Error("org_delete: %s", err) return vfilter.Null{} } org_manager, err := services.GetOrgManager() if err != nil { - scope.Log("org_delete: %s", err) + scope.Error("org_delete: %s", err) return vfilter.Null{} } @@ -58,7 +58,7 @@ func (self OrgDeleteFunction) Call( err = org_manager.DeleteOrg(ctx, arg.OrgId) if err != nil { - scope.Log("org_delete: %s", err) + scope.Error("org_delete: %s", err) return vfilter.Null{} } diff --git a/vql/server/orgs/orgs.go b/vql/server/orgs/orgs.go index f7f03e5454..1dc69a2aed 100644 --- a/vql/server/orgs/orgs.go +++ b/vql/server/orgs/orgs.go @@ -25,13 +25,13 @@ func (self OrgsPlugin) Call( err := vql_subsystem.CheckAccess(scope, acls.ORG_ADMIN) if err != nil { - scope.Log("orgs: %v", err) + scope.Error("orgs: %v", err) return } org_manager, err := services.GetOrgManager() if err != nil { - scope.Log("orgs: %v", err) + scope.Error("orgs: %v", err) return } diff --git a/vql/server/repository.go b/vql/server/repository.go index 69ee393341..b679fdf4d3 100644 --- a/vql/server/repository.go +++ b/vql/server/repository.go @@ -28,7 +28,7 @@ func (self *ArtifactSetFunction) Call(ctx context.Context, arg := &ArtifactSetFunctionArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("artifact_set: %v", err) + scope.Error("artifact_set: %v", err) return vfilter.Null{} } @@ -73,7 +73,7 @@ func (self *ArtifactSetFunction) Call(ctx context.Context, err = vql_subsystem.CheckAccess(scope, permission) if err != nil { - scope.Log("artifact_set: %s", err) + scope.Error("artifact_set: %s", err) return vfilter.Null{} } @@ -82,7 +82,7 @@ func (self *ArtifactSetFunction) Call(ctx context.Context, definition, err = manager.SetArtifactFile( config_obj, principal, arg.Definition, arg.Prefix) if err != nil { - scope.Log("artifact_set: %s", err) + scope.Error("artifact_set: %s", err) return vfilter.Null{} } @@ -111,7 +111,7 @@ func (self *ArtifactDeleteFunction) Call(ctx context.Context, arg := &ArtifactDeleteFunctionArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("artifact_delete: %v", err) + scope.Error("artifact_delete: %v", err) return vfilter.Null{} } @@ -129,7 +129,7 @@ func (self *ArtifactDeleteFunction) Call(ctx context.Context, global_repository, err := manager.GetGlobalRepository(config_obj) if err != nil { - scope.Log("artifact_delete: %v", err) + scope.Error("artifact_delete: %v", err) return vfilter.Null{} } @@ -156,14 +156,14 @@ func (self *ArtifactDeleteFunction) Call(ctx context.Context, err = vql_subsystem.CheckAccess(scope, permission) if err != nil { - scope.Log("artifact_set: %s", err) + scope.Error("artifact_set: %s", err) return vfilter.Null{} } principal := vql_subsystem.GetPrincipal(scope) err = manager.DeleteArtifactFile(config_obj, principal, arg.Name) if err != nil { - scope.Log("artifact_delete: %s", err) + scope.Error("artifact_delete: %s", err) return vfilter.Null{} } @@ -197,14 +197,14 @@ func (self ArtifactsPlugin) Call( err := vql_subsystem.CheckAccess(scope, acls.READ_RESULTS) if err != nil { - scope.Log("artifact_definitions: %v", err) + scope.Error("artifact_definitions: %v", err) return } arg := &ArtifactsPluginArgs{} err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("artifact_definitions: %v", err) + scope.Error("artifact_definitions: %v", err) return } @@ -216,12 +216,12 @@ func (self ArtifactsPlugin) Call( manager, err := services.GetRepositoryManager(config_obj) if err != nil { - scope.Log("artifact_definitions: %v", err) + scope.Error("artifact_definitions: %v", err) return } repository, err := manager.GetGlobalRepository(config_obj) if err != nil { - scope.Log("artifact_definitions: %v", err) + scope.Error("artifact_definitions: %v", err) return } @@ -229,7 +229,7 @@ func (self ArtifactsPlugin) Call( if len(arg.Names) == 0 { names, err := repository.List(ctx, config_obj) if err != nil { - scope.Log("artifact_definitions: %v", err) + scope.Error("artifact_definitions: %v", err) return } for _, name := range names { @@ -255,14 +255,14 @@ func (self ArtifactsPlugin) Call( launcher, err := services.GetLauncher(config_obj) if err != nil { - scope.Log("artifact_definitions: Command can only run on the server %v", err) + scope.Error("artifact_definitions: Command can only run on the server %v", err) return } deps, err := launcher.GetDependentArtifacts( config_obj, repository, arg.Names) if err != nil { - scope.Log("artifact_definitions: %v", err) + scope.Error("artifact_definitions: %v", err) return } diff --git a/vql/server/splunk.go b/vql/server/splunk.go index 37ee968c25..934893ca98 100644 --- a/vql/server/splunk.go +++ b/vql/server/splunk.go @@ -137,7 +137,7 @@ func _upload_rows( if config_obj != nil { err := crypto.AddDefaultCerts(config_obj, CA_Pool) if err != nil { - scope.Log("splunk_upload: %v", err) + scope.Error("splunk_upload: %v", err) return } } diff --git a/vql/server/timelines/create.go b/vql/server/timelines/create.go index d79974ce2b..f660bb2288 100644 --- a/vql/server/timelines/create.go +++ b/vql/server/timelines/create.go @@ -34,14 +34,14 @@ func (self *AddTimelineFunction) Call(ctx context.Context, err := vql_subsystem.CheckAccess(scope, acls.READ_RESULTS) if err != nil { - scope.Log("timeline_add: %v", err) + scope.Error("timeline_add: %v", err) return vfilter.Null{} } arg := &AddTimelineFunctionArgs{} err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("timeline_add: %v", err) + scope.Error("timeline_add: %v", err) return vfilter.Null{} } @@ -65,7 +65,7 @@ func (self *AddTimelineFunction) Call(ctx context.Context, super, err := timelines.NewSuperTimelineWriter( config_obj, notebook_path_manager.SuperTimeline(arg.Timeline)) if err != nil { - scope.Log("timeline_add: %v", err) + scope.Error("timeline_add: %v", err) return vfilter.Null{} } defer super.Close() @@ -73,7 +73,7 @@ func (self *AddTimelineFunction) Call(ctx context.Context, // make a new timeline to store in the super timeline. writer, err := super.AddChild(arg.Name) if err != nil { - scope.Log("timeline_add: %v", err) + scope.Error("timeline_add: %v", err) return vfilter.Null{} } defer writer.Close() @@ -108,14 +108,14 @@ func (self *AddTimelineFunction) Call(ctx context.Context, // Now record the new timeline in the notebook if needed. db, err := datastore.GetDB(config_obj) if err != nil { - scope.Log("timeline_add: can only be used on the server: %v", err) + scope.Error("timeline_add: can only be used on the server: %v", err) return vfilter.Null{} } notebook_metadata := &api_proto.NotebookMetadata{} err = db.GetSubject(config_obj, notebook_path_manager.Path(), notebook_metadata) if err != nil { - scope.Log("timeline_add: %v", err) + scope.Error("timeline_add: %v", err) return vfilter.Null{} } @@ -128,7 +128,7 @@ func (self *AddTimelineFunction) Call(ctx context.Context, notebook_metadata.Timelines = append(notebook_metadata.Timelines, arg.Timeline) err = db.SetSubject(config_obj, notebook_path_manager.Path(), notebook_metadata) if err != nil { - scope.Log("timeline_add: %v", err) + scope.Error("timeline_add: %v", err) return vfilter.Null{} } diff --git a/vql/server/timelines/reader.go b/vql/server/timelines/reader.go index 5e4e3def55..8897afd727 100644 --- a/vql/server/timelines/reader.go +++ b/vql/server/timelines/reader.go @@ -34,14 +34,14 @@ func (self TimelinePlugin) Call( err := vql_subsystem.CheckAccess(scope, acls.READ_RESULTS) if err != nil { - scope.Log("timeline: %v", err) + scope.Error("timeline: %v", err) return } arg := &TimelinePluginArgs{} err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("timeline: %v", err) + scope.Error("timeline: %v", err) return } @@ -67,7 +67,7 @@ func (self TimelinePlugin) Call( reader, err := timelines.NewSuperTimelineReader(config_obj, super_path_manager, arg.SkipComponents) if err != nil { - scope.Log("timeline: %v", err) + scope.Error("timeline: %v", err) return } defer reader.Close() @@ -75,7 +75,7 @@ func (self TimelinePlugin) Call( if !utils.IsNil(arg.StartTime) { start, err := functions.TimeFromAny(scope, arg.StartTime) if err != nil { - scope.Log("timeline: %v", err) + scope.Error("timeline: %v", err) return } diff --git a/vql/server/users/create.go b/vql/server/users/create.go index 2054755bbf..a6b3be6667 100644 --- a/vql/server/users/create.go +++ b/vql/server/users/create.go @@ -33,14 +33,14 @@ func (self UserCreateFunction) Call( err := vql_subsystem.CheckAccess(scope, acls.SERVER_ADMIN) if err != nil { - scope.Log("user_create: %s", err) + scope.Error("user_create: %s", err) return vfilter.Null{} } arg := &UserCreateFunctionArgs{} err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("user_create: %s", err) + scope.Error("user_create: %s", err) return vfilter.Null{} } @@ -56,19 +56,19 @@ func (self UserCreateFunction) Call( // OK - Lets make the user now user_record, err = users.NewUserRecord(arg.Username) if err != nil { - scope.Log("user_create: %s", err) + scope.Error("user_create: %s", err) return vfilter.Null{} } } else if err != nil { - scope.Log("user_create: %s", err) + scope.Error("user_create: %s", err) return vfilter.Null{} } // Check the password if needed authenticator, err := authenticators.NewAuthenticator(config_obj) if err != nil { - scope.Log("user_create: %s", err) + scope.Error("user_create: %s", err) return vfilter.Null{} } @@ -79,7 +79,7 @@ func (self UserCreateFunction) Call( password := make([]byte, 100) _, err = rand.Read(password) if err != nil { - scope.Log("user_create: %s", err) + scope.Error("user_create: %s", err) return vfilter.Null{} } users.SetPassword(user_record, string(password)) @@ -105,7 +105,7 @@ func (self UserCreateFunction) Call( // Grant the roles to the user err = acls.GrantRoles(config_obj, arg.Username, arg.Roles) if err != nil { - scope.Log("user_create: %s", err) + scope.Error("user_create: %s", err) return vfilter.Null{} } @@ -113,21 +113,21 @@ func (self UserCreateFunction) Call( } else { org_manager, err := services.GetOrgManager() if err != nil { - scope.Log("user_create: %v", err) + scope.Error("user_create: %v", err) return vfilter.Null{} } for _, org_id := range arg.OrgIds { org_config_obj, err = org_manager.GetOrgConfig(org_id) if err != nil { - scope.Log("user_create: %v", err) + scope.Error("user_create: %v", err) return vfilter.Null{} } // Grant the roles to the user err = acls.GrantRoles(org_config_obj, arg.Username, arg.Roles) if err != nil { - scope.Log("user_create: %s", err) + scope.Error("user_create: %s", err) return vfilter.Null{} } } @@ -151,7 +151,7 @@ func (self UserCreateFunction) Call( // Write the user record. err = users_manager.SetUser(ctx, user_record) if err != nil { - scope.Log("user_create: %s", err) + scope.Error("user_create: %s", err) return vfilter.Null{} } diff --git a/vql/server/users/delete.go b/vql/server/users/delete.go index 4652abab2d..e48b0a5afa 100644 --- a/vql/server/users/delete.go +++ b/vql/server/users/delete.go @@ -26,7 +26,7 @@ func (self UserDeleteFunction) Call( err := vql_subsystem.CheckAccess(scope, acls.SERVER_ADMIN) if err != nil { - scope.Log("user_delete: %s", err) + scope.Error("user_delete: %s", err) return vfilter.Null{} } @@ -39,7 +39,7 @@ func (self UserDeleteFunction) Call( arg := &UserDeleteFunctionArgs{} err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("user_delete: %s", err) + scope.Error("user_delete: %s", err) return vfilter.Null{} } @@ -54,7 +54,7 @@ func (self UserDeleteFunction) Call( err = user_manager.DeleteUser(ctx, config_obj, arg.Username) if err != nil { - scope.Log("user_delete: %s", err) + scope.Error("user_delete: %s", err) return vfilter.Null{} } diff --git a/vql/server/users/grant.go b/vql/server/users/grant.go index d9f9acf3ec..49945b8317 100644 --- a/vql/server/users/grant.go +++ b/vql/server/users/grant.go @@ -27,14 +27,14 @@ func (self GrantFunction) Call( err := vql_subsystem.CheckAccess(scope, acls.SERVER_ADMIN) if err != nil { - scope.Log("user_grant: %s", err) + scope.Error("user_grant: %s", err) return vfilter.Null{} } arg := &GrantFunctionArgs{} err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("user_grant: %s", err) + scope.Error("user_grant: %s", err) return vfilter.Null{} } @@ -47,7 +47,7 @@ func (self GrantFunction) Call( users_manager := services.GetUserManager() user_record, err := users_manager.GetUserWithHashes(ctx, arg.Username) if err != nil { - scope.Log("user_grant: %s", err) + scope.Error("user_grant: %s", err) return vfilter.Null{} } @@ -59,7 +59,7 @@ func (self GrantFunction) Call( // Grant the roles to the user err = acls.GrantRoles(config_obj, arg.Username, arg.Roles) if err != nil { - scope.Log("user_grant: %s", err) + scope.Error("user_grant: %s", err) return vfilter.Null{} } @@ -67,21 +67,21 @@ func (self GrantFunction) Call( } else { org_manager, err := services.GetOrgManager() if err != nil { - scope.Log("user_grant: %v", err) + scope.Error("user_grant: %v", err) return vfilter.Null{} } for _, org_id := range arg.OrgIds { org_config_obj, err = org_manager.GetOrgConfig(org_id) if err != nil { - scope.Log("user_grant: %v", err) + scope.Error("user_grant: %v", err) return vfilter.Null{} } // Grant the roles to the user err = acls.GrantRoles(org_config_obj, arg.Username, arg.Roles) if err != nil { - scope.Log("user_grant: %s", err) + scope.Error("user_grant: %s", err) return vfilter.Null{} } } diff --git a/vql/server/users/password.go b/vql/server/users/password.go index 0908e19786..84c8ccb7db 100644 --- a/vql/server/users/password.go +++ b/vql/server/users/password.go @@ -30,7 +30,7 @@ func (self SetPasswordFunction) Call( arg := &SetPasswordFunctionArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("passwd: %v", err) + scope.Error("passwd: %v", err) return vfilter.Null{} } @@ -44,7 +44,7 @@ func (self SetPasswordFunction) Call( // Only an admin can set another user's password. err := vql_subsystem.CheckAccess(scope, acls.SERVER_ADMIN) if err != nil { - scope.Log( + scope.Error( "passwd: %v setting %v password: %v", principal, arg.Username, err) return vfilter.Null{} @@ -62,7 +62,7 @@ func (self SetPasswordFunction) Call( authenticator, err := authenticators.NewAuthenticator(config_obj) if err != nil { - scope.Log("passwd: %v", err) + scope.Error("passwd: %v", err) return vfilter.Null{} } @@ -74,7 +74,7 @@ func (self SetPasswordFunction) Call( users_manager := services.GetUserManager() user_record, err := users_manager.GetUserWithHashes(ctx, principal) if err != nil { - scope.Log("passwd: %v", err) + scope.Error("passwd: %v", err) return vfilter.Null{} } @@ -90,7 +90,7 @@ func (self SetPasswordFunction) Call( // Store the record err = users_manager.SetUser(ctx, user_record) if err != nil { - scope.Log("passwd: Unable to set user account: %v", err) + scope.Error("passwd: Unable to set user account: %v", err) return vfilter.Null{} } diff --git a/vql/server/users/users.go b/vql/server/users/users.go index 57844ef999..61e678618e 100644 --- a/vql/server/users/users.go +++ b/vql/server/users/users.go @@ -31,14 +31,14 @@ func (self UsersPlugin) Call( err := vql_subsystem.CheckAccess(scope, acls.SERVER_ADMIN) if err != nil { - scope.Log("users: %v", err) + scope.Error("users: %v", err) return } arg := &UsersPluginArgs{} err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("users: %v", err) + scope.Error("users: %v", err) return } @@ -53,14 +53,14 @@ func (self UsersPlugin) Call( org_manager, err := services.GetOrgManager() if err != nil { - scope.Log("users: %v", err) + scope.Error("users: %v", err) return } users := services.GetUserManager() user_list, err := users.ListUsers(ctx) if err != nil { - scope.Log("users: %v", err) + scope.Error("users: %v", err) return } diff --git a/vql/sorter/mergesort.go b/vql/sorter/mergesort.go index e264fe47d0..88bfa35fe0 100644 --- a/vql/sorter/mergesort.go +++ b/vql/sorter/mergesort.go @@ -305,19 +305,19 @@ func newDataFile(scope types.Scope, items []types.Row, key string) *dataFile { tmpfile, err := ioutil.TempFile("", "vql") if err != nil { - scope.Log("Unable to create tempfile: %v", err) + scope.Error("Unable to create tempfile: %v", err) return result } // Serialize all the rows into the file. serialized, err := json.MarshalJsonl(items) if err != nil { - scope.Log("Unable to serialize: %v", err) + scope.Error("Unable to serialize: %v", err) return result } _, err = tmpfile.Write(serialized) if err != nil { - scope.Log("Unable to serialize: %v", err) + scope.Error("Unable to serialize: %v", err) return result } tmpfile.Close() @@ -325,7 +325,7 @@ func newDataFile(scope types.Scope, items []types.Row, key string) *dataFile { // Reopen the file for reading. fd, err := os.Open(tmpfile.Name()) if err != nil { - scope.Log("Unable to open file: %v", err) + scope.Error("Unable to open file: %v", err) return result } diff --git a/vql/tools/atexit.go b/vql/tools/atexit.go index f7c01f8d82..86c93691d6 100644 --- a/vql/tools/atexit.go +++ b/vql/tools/atexit.go @@ -27,7 +27,7 @@ func (self AtExitFunction) Call( arg := &AtExitFunctionArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("atexit: %v", err) + scope.Error("atexit: %v", err) return vfilter.Null{} } diff --git a/vql/tools/collector/collector.go b/vql/tools/collector/collector.go index 1d1ec987ba..a5a6930ad7 100644 --- a/vql/tools/collector/collector.go +++ b/vql/tools/collector/collector.go @@ -62,14 +62,14 @@ func (self CollectPlugin) Call( // zip), It is very privileged. err := vql_subsystem.CheckAccess(scope, acls.FILESYSTEM_WRITE) if err != nil { - scope.Log("collect: %s", err) + scope.Error("collect: %s", err) return } arg := &CollectPluginArgs{} err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("collect: %v", err) + scope.Error("collect: %v", err) return } @@ -84,13 +84,13 @@ func (self CollectPlugin) Call( request, err := self.configureCollection(collection_manager, arg) if err != nil { - scope.Log("collect: %v", err) + scope.Error("collect: %v", err) return } err = collection_manager.Collect(request) if err != nil { - scope.Log("collect: %v", err) + scope.Error("collect: %v", err) return } @@ -320,7 +320,7 @@ func AddSpecProtobuf( if !is_str && !utils.IsNil(value_any) { value_time, err := functions.TimeFromAny(scope, value_any) if err != nil { - scope.Log("Invalid timestamp for %v", + scope.Error("Invalid timestamp for %v", parameter_definition.Name) continue } @@ -332,7 +332,7 @@ func AddSpecProtobuf( value_str, err = csv.EncodeToCSV( config_obj, scope, value_any) if err != nil { - scope.Log("Invalid CSV for %v", + scope.Error("Invalid CSV for %v", parameter_definition.Name) continue } diff --git a/vql/tools/collector/import.go b/vql/tools/collector/import.go index a5077d7de8..0903311385 100644 --- a/vql/tools/collector/import.go +++ b/vql/tools/collector/import.go @@ -52,14 +52,14 @@ func (self ImportCollectionFunction) Call(ctx context.Context, err := vql_subsystem.CheckAccess(scope, acls.COLLECT_SERVER) if err != nil { - scope.Log("import_collection: %s", err) + scope.Error("import_collection: %s", err) return vfilter.Null{} } arg := &ImportCollectionFunctionArgs{} err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("import_collection: %v", err) + scope.Error("import_collection: %v", err) return vfilter.Null{} } @@ -71,20 +71,20 @@ func (self ImportCollectionFunction) Call(ctx context.Context, err = vql_subsystem.CheckFilesystemAccess(scope, "collector") if err != nil { - scope.Log("import_collection: %v", err) + scope.Error("import_collection: %v", err) return vfilter.Null{} } db, err := datastore.GetDB(config_obj) if err != nil { - scope.Log("import_collection: %v", err) + scope.Error("import_collection: %v", err) return vfilter.Null{} } // Open the collection using the accessor accessor, err := accessors.GetAccessor("collector", scope) if err != nil { - scope.Log("import_collection: %v", err) + scope.Error("import_collection: %v", err) return vfilter.Null{} } @@ -106,7 +106,7 @@ func (self ImportCollectionFunction) Call(ctx context.Context, arg.ClientId, err = self.getClientId( ctx, scope, config_obj, arg.Hostname) if err != nil { - scope.Log("import_collection: %v", err) + scope.Error("import_collection: %v", err) return vfilter.Null{} } } @@ -118,7 +118,7 @@ func (self ImportCollectionFunction) Call(ctx context.Context, err = db.SetSubject(config_obj, flow_path_manager.Path(), collection_context) if err != nil { - scope.Log("import_collection: %v", err) + scope.Error("import_collection: %v", err) return vfilter.Null{} } @@ -128,7 +128,7 @@ func (self ImportCollectionFunction) Call(ctx context.Context, if err == nil { err = db.SetSubject(config_obj, flow_path_manager.Task(), tasks) if err != nil { - scope.Log("import_collection: %v", err) + scope.Error("import_collection: %v", err) return vfilter.Null{} } } else { @@ -139,7 +139,7 @@ func (self ImportCollectionFunction) Call(ctx context.Context, err = self.copyResultSet(ctx, config_obj, scope, accessor, root.Append("log.json"), flow_path_manager.Log()) if err != nil { - scope.Log("import_collection: %v", err) + scope.Error("import_collection: %v", err) return vfilter.Null{} } @@ -152,7 +152,7 @@ func (self ImportCollectionFunction) Call(ctx context.Context, accessor, root.Append("results", artifact+".json"), artifact_path_manager.Path()) if err != nil { - scope.Log("import_collection: %v", err) + scope.Error("import_collection: %v", err) } } @@ -170,7 +170,7 @@ func (self ImportCollectionFunction) Call(ctx context.Context, reader, err := result_sets.NewResultSetReader(file_store_factory, flow_path_manager.UploadMetadata()) if err != nil { - scope.Log("import_collection: %v", err) + scope.Error("import_collection: %v", err) return vfilter.Null{} } defer reader.Close() @@ -188,7 +188,7 @@ func (self ImportCollectionFunction) Call(ctx context.Context, err := self.copyFileWithIndex(ctx, config_obj, scope, accessor, src, dest) if err != nil { - scope.Log("import_collection: %v", err) + scope.Error("import_collection: %v", err) } } } @@ -312,7 +312,7 @@ func (self ImportCollectionFunction) copyFile( _, err = utils.Copy(ctx, out_fd, fd) if err != nil { - scope.Log("import_collection: Error copying %v", err) + scope.Error("import_collection: Error copying %v", err) } return err diff --git a/vql/tools/delay.go b/vql/tools/delay.go index 26ee4250a1..582f97c5c1 100644 --- a/vql/tools/delay.go +++ b/vql/tools/delay.go @@ -63,7 +63,7 @@ func (self DelayPlugin) Call(ctx context.Context, arg := &DelayPluginArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("delay: %v", err) + scope.Error("delay: %v", err) return } diff --git a/vql/tools/gcs_pubsub_publish.go b/vql/tools/gcs_pubsub_publish.go index 67b01d21ed..3d2813eaa2 100644 --- a/vql/tools/gcs_pubsub_publish.go +++ b/vql/tools/gcs_pubsub_publish.go @@ -1,4 +1,5 @@ -//+build extras +//go:build extras +// +build extras package tools @@ -34,7 +35,7 @@ func (self *GCSPubsubPublishFunction) Call(ctx context.Context, arg := &GCSPubsubPublishArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("gcs_pubsub_publish: %s", err.Error()) + scope.Error("gcs_pubsub_publish: %s", err.Error()) return vfilter.Null{} } @@ -67,7 +68,7 @@ func (self *GCSPubsubPublishFunction) Call(ctx context.Context, } result := t.Publish(ctx, &pubsub.Message{ - Data: []byte(serialized), + Data: []byte(serialized), Attributes: attributesStringMap, }) diff --git a/vql/tools/gcs_upload.go b/vql/tools/gcs_upload.go index e41bb68c69..4ba852ee23 100644 --- a/vql/tools/gcs_upload.go +++ b/vql/tools/gcs_upload.go @@ -1,4 +1,5 @@ -//+build extras +//go:build extras +// +build extras package tools @@ -39,25 +40,25 @@ func (self *GCSUploadFunction) Call(ctx context.Context, arg := &GCSUploadArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("upload_gcs: %s", err.Error()) + scope.Error("upload_gcs: %s", err.Error()) return vfilter.Null{} } err = vql_subsystem.CheckFilesystemAccess(scope, arg.Accessor) if err != nil { - scope.Log("upload_gcs: %s", err) + scope.Error("upload_gcs: %s", err) return vfilter.Null{} } accessor, err := accessors.GetAccessor(arg.Accessor, scope) if err != nil { - scope.Log("upload_gcs: %v", err) + scope.Error("upload_gcs: %v", err) return vfilter.Null{} } file, err := accessor.Open(arg.File) if err != nil { - scope.Log("upload_gcs: Unable to open %s: %s", + scope.Error("upload_gcs: Unable to open %s: %s", arg.File, err.Error()) return &vfilter.Null{} } @@ -69,7 +70,7 @@ func (self *GCSUploadFunction) Call(ctx context.Context, stat, err := accessor.Lstat(arg.File) if err != nil { - scope.Log("upload_gcs: Unable to stat %s: %v", + scope.Error("upload_gcs: Unable to stat %s: %v", arg.File, err) } else if !stat.IsDir() { upload_response, err := upload_gcs( @@ -77,7 +78,7 @@ func (self *GCSUploadFunction) Call(ctx context.Context, arg.Bucket, arg.Name, arg.Credentials) if err != nil { - scope.Log("upload_gcs: %v", err) + scope.Error("upload_gcs: %v", err) return vfilter.Null{} } return upload_response @@ -119,7 +120,7 @@ func upload_gcs(ctx context.Context, scope vfilter.Scope, defer func() { err := writer.Close() if err != nil { - scope.Log("upload_gcs: ERROR writing to object: %v", err) + scope.Error("upload_gcs: ERROR writing to object: %v", err) } else { attr := writer.Attrs() serialized, _ := json.Marshal(attr) diff --git a/vql/tools/geoip.go b/vql/tools/geoip.go index bee4c285bb..bf4b4d3c1d 100644 --- a/vql/tools/geoip.go +++ b/vql/tools/geoip.go @@ -30,7 +30,7 @@ func (self GeoIPFunction) Call( arg := &GeoIPFunctionArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("geoip: %v", err) + scope.Error("geoip: %v", err) return vfilter.Null{} } @@ -47,7 +47,7 @@ func (self GeoIPFunction) Call( case nil: db, err = maxminddb.Open(arg.Database) if err != nil { - scope.Log("geoip: %v", err) + scope.Error("geoip: %v", err) // Cache failures for next lookup. vql_subsystem.CacheSet(scope, key, err) return vfilter.Null{} @@ -75,7 +75,7 @@ func (self GeoIPFunction) Call( var record interface{} err = db.Lookup(ip, &record) if err != nil { - scope.Log("geoip: %v", err) + scope.Error("geoip: %v", err) return vfilter.Null{} } return record diff --git a/vql/tools/js.go b/vql/tools/js.go index f5f2ddf3f2..58946e723e 100644 --- a/vql/tools/js.go +++ b/vql/tools/js.go @@ -28,7 +28,7 @@ func logIfPanic(scope vfilter.Scope) { } if err != nil { - scope.Log("PANIC %v: %v\n", err, string(debug.Stack())) + scope.Error("PANIC %v: %v\n", err, string(debug.Stack())) } } @@ -63,7 +63,7 @@ func (self *JSCompile) Call(ctx context.Context, arg := &JSCompileArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("js: %s", err.Error()) + scope.Error("js: %s", err.Error()) return vfilter.Null{} } @@ -72,7 +72,7 @@ func (self *JSCompile) Call(ctx context.Context, vm := getVM(ctx, scope, arg.Key) _, err = vm.Run(arg.JS) if err != nil { - scope.Log("js: %s", err.Error()) + scope.Error("js: %s", err.Error()) return vfilter.Null{} } @@ -102,7 +102,7 @@ func (self *JSCall) Call(ctx context.Context, arg := &JSCallArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("js_call: %s", err.Error()) + scope.Error("js_call: %s", err.Error()) return vfilter.Null{} } @@ -126,7 +126,7 @@ func (self *JSCall) Call(ctx context.Context, vm := getVM(ctx, scope, arg.Key) value, err := vm.Call(arg.Func, nil, call_args...) if err != nil { - scope.Log("js_call: %s", err.Error()) + scope.Error("js_call: %s", err.Error()) return vfilter.Null{} } @@ -160,7 +160,7 @@ func (self *JSSet) Call(ctx context.Context, arg := &JSSetArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("js_set: %s", err.Error()) + scope.Error("js_set: %s", err.Error()) return vfilter.Null{} } @@ -185,7 +185,7 @@ func (self *JSSet) Call(ctx context.Context, } if err != nil { - scope.Log("js_set: %s", err.Error()) + scope.Error("js_set: %s", err.Error()) return vfilter.Null{} } @@ -214,7 +214,7 @@ func (self *JSGet) Call(ctx context.Context, arg := &JSGetArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("js_get: %s", err.Error()) + scope.Error("js_get: %s", err.Error()) return vfilter.Null{} } @@ -224,12 +224,12 @@ func (self *JSGet) Call(ctx context.Context, otto_val, err := vm.Get(arg.Var) if err != nil { - scope.Log("js_get: %s", err.Error()) + scope.Error("js_get: %s", err.Error()) return vfilter.Null{} } value, err := otto_val.Export() if err != nil { - scope.Log("js_get: %s", err.Error()) + scope.Error("js_get: %s", err.Error()) return vfilter.Null{} } diff --git a/vql/tools/magic.go b/vql/tools/magic.go index ca629d454b..1c54496c73 100644 --- a/vql/tools/magic.go +++ b/vql/tools/magic.go @@ -1,3 +1,4 @@ +//go:build cgo // +build cgo package tools @@ -36,7 +37,7 @@ func (self MagicFunction) Call( arg := &MagicFunctionArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("magic: %v", err) + scope.Error("magic: %v", err) return vfilter.Null{} } @@ -96,14 +97,14 @@ func (self MagicFunction) Call( err = vql_subsystem.CheckFilesystemAccess(scope, arg.Accessor) if err != nil { - scope.Log("magic: %v", err) + scope.Error("magic: %v", err) return vfilter.Null{} } // Read a header from the file and pass to the libmagic accessor, err := accessors.GetAccessor(arg.Accessor, scope) if err != nil { - scope.Log("magic: %v", err) + scope.Error("magic: %v", err) return vfilter.Null{} } diff --git a/vql/tools/process/callchain.go b/vql/tools/process/callchain.go index d095aea075..eae666bb99 100644 --- a/vql/tools/process/callchain.go +++ b/vql/tools/process/callchain.go @@ -24,7 +24,7 @@ func (self getChain) Call(ctx context.Context, arg := &getChainArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("process_tracker_callchain: %v", err) + scope.Error("process_tracker_callchain: %v", err) return vfilter.Null{} } diff --git a/vql/tools/process/children.go b/vql/tools/process/children.go index 13b47a9214..ec32fbb9e2 100644 --- a/vql/tools/process/children.go +++ b/vql/tools/process/children.go @@ -18,7 +18,7 @@ func (self getChildren) Call(ctx context.Context, arg := &getChainArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("process_tracker_children: %v", err) + scope.Error("process_tracker_children: %v", err) return vfilter.Null{} } diff --git a/vql/tools/process/pid.go b/vql/tools/process/pid.go index 9fc8a30d54..7877bb47d9 100644 --- a/vql/tools/process/pid.go +++ b/vql/tools/process/pid.go @@ -18,7 +18,7 @@ func (self getProcess) Call(ctx context.Context, arg := &getChainArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("process_tracker_get: %v", err) + scope.Error("process_tracker_get: %v", err) return &vfilter.Null{} } diff --git a/vql/tools/process/tracker.go b/vql/tools/process/tracker.go index fa715a43e6..1a89085ede 100644 --- a/vql/tools/process/tracker.go +++ b/vql/tools/process/tracker.go @@ -263,7 +263,7 @@ func (self *ProcessTracker) doUpdateQuery( vfilter.RowToDict(ctx, scope, row), update) if err != nil { - scope.Log("tracker update query error: %v\n", err) + scope.Error("tracker update query error: %v\n", err) continue } switch update.UpdateType { @@ -427,7 +427,7 @@ func (self _InstallProcessTracker) Call(ctx context.Context, err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("process_tracker: %v", err) + scope.Error("process_tracker: %v", err) return false } @@ -446,7 +446,7 @@ func (self _InstallProcessTracker) Call(ctx context.Context, for _, enrichment := range arg.Enrichments { lambda, err := vfilter.ParseLambda(enrichment) if err != nil { - scope.Log("process_tracker: while parsing enrichment %v: %v", + scope.Error("process_tracker: while parsing enrichment %v: %v", enrichment, err) return false } @@ -460,7 +460,7 @@ func (self _InstallProcessTracker) Call(ctx context.Context, // Do the first sync inline so we are all ready when we return. err = tracker.doFullSync(ctx, scope, sync_duration, arg.SyncQuery) if err != nil { - scope.Log("process_tracker: %v", err) + scope.Error("process_tracker: %v", err) return false } diff --git a/vql/tools/process/tree.go b/vql/tools/process/tree.go index 23dde39d00..01b272519f 100644 --- a/vql/tools/process/tree.go +++ b/vql/tools/process/tree.go @@ -35,7 +35,7 @@ func (self getProcessTree) Call(ctx context.Context, arg := &getProcessTreeArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("process_tracker_tree: %v", err) + scope.Error("process_tracker_tree: %v", err) return vfilter.Null{} } diff --git a/vql/tools/query.go b/vql/tools/query.go index f01b1c61ca..1448d49119 100644 --- a/vql/tools/query.go +++ b/vql/tools/query.go @@ -43,7 +43,7 @@ func (self QueryPlugin) Call( arg := &QueryPluginArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("query: %v", err) + scope.Error("query: %v", err) return } @@ -51,7 +51,7 @@ func (self QueryPlugin) Call( // root config from the org manager. org_manager, err := services.GetOrgManager() if err != nil { - scope.Log("query: %v", err) + scope.Error("query: %v", err) return } @@ -59,7 +59,7 @@ func (self QueryPlugin) Call( if !ok { config_obj, err = org_manager.GetOrgConfig("") if err != nil { - scope.Log("query: %v", err) + scope.Error("query: %v", err) return } } @@ -74,7 +74,7 @@ func (self QueryPlugin) Call( if arg.OrgId != "" { org_config_obj, err = org_manager.GetOrgConfig(arg.OrgId) if err != nil { - scope.Log("query: %v", err) + scope.Error("query: %v", err) return } @@ -86,7 +86,7 @@ func (self QueryPlugin) Call( // Impersonation is only allowed for administrator users. err := vql_subsystem.CheckAccess(scope, acls.IMPERSONATION) if err != nil { - scope.Log("ERROR:query: Permission required for runas: %v", err) + scope.Error("ERROR:query: Permission required for runas: %v", err) return } @@ -98,7 +98,7 @@ func (self QueryPlugin) Call( // Make a new scope for each artifact. manager, err := services.GetRepositoryManager(org_config_obj) if err != nil { - scope.Log("ERROR:query: %v", err) + scope.Error("ERROR:query: %v", err) return } @@ -186,7 +186,7 @@ func runStringQuery( scope.Log("query: running query %v", query_string) statements, err := vfilter.MultiParse(query_string) if err != nil { - scope.Log("ERROR:query: %v", err) + scope.Error("ERROR:query: %v", err) return } diff --git a/vql/tools/rekey.go b/vql/tools/rekey.go index 956e897d62..f1d2009756 100644 --- a/vql/tools/rekey.go +++ b/vql/tools/rekey.go @@ -31,14 +31,14 @@ func (self *RekeyFunction) Call(ctx context.Context, arg := &RekeyFunctionArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("rekey: %v", err) + scope.Error("rekey: %v", err) return vfilter.Null{} } // This is a privileged operation err = vql_subsystem.CheckAccess(scope, acls.EXECVE) if err != nil { - scope.Log("rekey: %v", err) + scope.Error("rekey: %v", err) return vfilter.Null{} } @@ -51,19 +51,19 @@ func (self *RekeyFunction) Call(ctx context.Context, writeback, err := config.GetWriteback(config_obj) if err != nil { - scope.Log("rekey: %v", err) + scope.Error("rekey: %v", err) return vfilter.Null{} } pem, err := crypto_utils.GeneratePrivateKey() if err != nil { - scope.Log("rekey: %v", err) + scope.Error("rekey: %v", err) return vfilter.Null{} } private_key, err := crypto_utils.ParseRsaPrivateKeyFromPemStr(pem) if err != nil { - scope.Log("rekey: %v", err) + scope.Error("rekey: %v", err) return vfilter.Null{} } @@ -71,7 +71,7 @@ func (self *RekeyFunction) Call(ctx context.Context, writeback.PrivateKey = string(pem) err = config.UpdateWriteback(config_obj, writeback) if err != nil { - scope.Log("rekey: %v", err) + scope.Error("rekey: %v", err) return vfilter.Null{} } diff --git a/vql/tools/s3_upload.go b/vql/tools/s3_upload.go index e288b78a04..51f5429adf 100644 --- a/vql/tools/s3_upload.go +++ b/vql/tools/s3_upload.go @@ -1,4 +1,5 @@ -//+build extras +//go:build extras +// +build extras package tools @@ -42,25 +43,25 @@ func (self *S3UploadFunction) Call(ctx context.Context, arg := &S3UploadArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("upload_S3: %s", err.Error()) + scope.Error("upload_S3: %s", err.Error()) return vfilter.Null{} } err = vql_subsystem.CheckFilesystemAccess(scope, arg.Accessor) if err != nil { - scope.Log("upload_S3: %s", err) + scope.Error("upload_S3: %s", err) return vfilter.Null{} } accessor, err := accessors.GetAccessor(arg.Accessor, scope) if err != nil { - scope.Log("upload_S3: %v", err) + scope.Error("upload_S3: %v", err) return vfilter.Null{} } file, err := accessor.Open(arg.File) if err != nil { - scope.Log("upload_S3: Unable to open %s: %s", + scope.Error("upload_S3: Unable to open %s: %s", arg.File, err.Error()) return &vfilter.Null{} } @@ -72,7 +73,7 @@ func (self *S3UploadFunction) Call(ctx context.Context, stat, err := accessor.Lstat(arg.File) if err != nil { - scope.Log("upload_S3: Unable to stat %s: %v", + scope.Error("upload_S3: Unable to stat %s: %v", arg.File, err) } else if !stat.IsDir() { // Abort uploading when the scope is destroyed. @@ -91,7 +92,7 @@ func (self *S3UploadFunction) Call(ctx context.Context, arg.NoVerifyCert, uint64(stat.Size())) if err != nil { - scope.Log("upload_S3: %v", err) + scope.Error("upload_S3: %v", err) // Relay the error in the UploadResponse return upload_response } diff --git a/vql/tools/sftp_upload.go b/vql/tools/sftp_upload.go index e838cd2b8f..682c9e6d60 100644 --- a/vql/tools/sftp_upload.go +++ b/vql/tools/sftp_upload.go @@ -1,4 +1,5 @@ -//+build extras +//go:build extras +// +build extras package tools @@ -42,25 +43,25 @@ func (self *SFTPUploadFunction) Call(ctx context.Context, arg := &SFTPUploadArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("upload_sftp: %s", err.Error()) + scope.Error("upload_sftp: %s", err.Error()) return vfilter.Null{} } err = vql_subsystem.CheckFilesystemAccess(scope, arg.Accessor) if err != nil { - scope.Log("upload_SFTP: %s", err) + scope.Error("upload_SFTP: %s", err) return vfilter.Null{} } accessor, err := accessors.GetAccessor(arg.Accessor, scope) if err != nil { - scope.Log("upload_SFTP: %v", err) + scope.Error("upload_SFTP: %v", err) return vfilter.Null{} } file, err := accessor.Open(arg.File) if err != nil { - scope.Log("upload_SFTP: Unable to open %s: %s", + scope.Error("upload_SFTP: Unable to open %s: %s", arg.File, err.Error()) return &vfilter.Null{} } @@ -72,7 +73,7 @@ func (self *SFTPUploadFunction) Call(ctx context.Context, stat, err := accessor.Lstat(arg.File) if err != nil { - scope.Log("upload_SFTP: Unable to stat %s: %v", + scope.Error("upload_SFTP: Unable to stat %s: %v", arg.File, err) } else if !stat.IsDir() { // Abort uploading when the scope is destroyed. @@ -88,7 +89,7 @@ func (self *SFTPUploadFunction) Call(ctx context.Context, arg.Endpoint, arg.HostKey) if err != nil { - scope.Log("upload_SFTP: %v", err) + scope.Error("upload_SFTP: %v", err) // Relay the error in the UploadResponse return upload_response } diff --git a/vql/tools/starlark.go b/vql/tools/starlark.go index 8c73735902..11f1cc0944 100644 --- a/vql/tools/starlark.go +++ b/vql/tools/starlark.go @@ -426,7 +426,7 @@ func (self StarlarkCompileFunction) Call(ctx context.Context, arg := StarlarkCompileArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, &arg) if err != nil { - scope.Log("starl: %s", err.Error()) + scope.Error("starl: %s", err.Error()) return vfilter.Null{} } @@ -435,7 +435,7 @@ func (self StarlarkCompileFunction) Call(ctx context.Context, // grab compiled code compiled_args, err := compileStarlark(ctx, scope, arg.Code, arg.Globals) if err != nil { - scope.Log("starl: %v", err) + scope.Error("starl: %v", err) return vfilter.Null{} } @@ -475,19 +475,19 @@ func (self starlarkFuncWrapper) Call(ctx context.Context, kwargs, err := makeKwargsTuple(ctx, scope, args) if err != nil { - scope.Log("starl: %v", err) + scope.Error("starl: %v", err) return vfilter.Null{} } value, err := starlark.Call(sthread, self.delegate, starlark.Tuple{}, kwargs) if err != nil { - scope.Log("starl: %v", err) + scope.Error("starl: %v", err) return vfilter.Null{} } result, err := starlarkValueAsInterface(value) if err != nil { - scope.Log("starl: %v", err) + scope.Error("starl: %v", err) return vfilter.Null{} } return result diff --git a/vql/tools/unzip.go b/vql/tools/unzip.go index 2d7b656e75..7bd8992258 100644 --- a/vql/tools/unzip.go +++ b/vql/tools/unzip.go @@ -1,4 +1,5 @@ -//+build extras +//go:build extras +// +build extras package tools @@ -45,26 +46,26 @@ func (self UnzipPlugin) Call( err := vql_subsystem.CheckAccess(scope, acls.FILESYSTEM_WRITE) if err != nil { - scope.Log("unzip: %s", err) + scope.Error("unzip: %s", err) return } arg := &UnzipPluginArgs{} err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("unzip: %s", err.Error()) + scope.Error("unzip: %s", err.Error()) return } err = vql_subsystem.CheckFilesystemAccess(scope, arg.Accessor) if err != nil { - scope.Log("unzip: %s", err) + scope.Error("unzip: %s", err) return } accessor, err := accessors.GetAccessor(arg.Accessor, scope) if err != nil { - scope.Log("unzip: %v", err) + scope.Error("unzip: %v", err) return } @@ -75,31 +76,31 @@ func (self UnzipPlugin) Call( filter_reg, err := regexp.Compile("(?i)" + filter) if err != nil { - scope.Log("unzip: %v", err) + scope.Error("unzip: %v", err) return } output_directory, err := filepath.Abs(arg.OutputDirectory) if err != nil { - scope.Log("unzip: %v", err) + scope.Error("unzip: %v", err) return } s, err := accessor.Lstat(arg.Filename) if err != nil { - scope.Log("unzip: %v", err) + scope.Error("unzip: %v", err) return } fd, err := accessor.Open(arg.Filename) if err != nil { - scope.Log("unzip: %v", err) + scope.Error("unzip: %v", err) return } zip, err := zip.NewReader(utils.MakeReaderAtter(fd), s.Size()) if err != nil { - scope.Log("unzip: %v", err) + scope.Error("unzip: %v", err) return } @@ -121,28 +122,28 @@ func (self UnzipPlugin) Call( func() { err = os.MkdirAll(filepath.Dir(output_path), 0700) if err != nil { - scope.Log("unzip: %v", err) + scope.Error("unzip: %v", err) return } out_fd, err := os.OpenFile(output_path, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0700) if err != nil { - scope.Log("unzip: %v", err) + scope.Error("unzip: %v", err) return } defer out_fd.Close() in_fd, err := member.Open() if err != nil { - scope.Log("unzip: %v", err) + scope.Error("unzip: %v", err) return } defer in_fd.Close() n, err := utils.Copy(ctx, out_fd, in_fd) if err != nil { - scope.Log("unzip: %v", err) + scope.Error("unzip: %v", err) return } diff --git a/vql/tools/webdav_upload.go b/vql/tools/webdav_upload.go index 71ea0a6d5d..c65c2b093b 100644 --- a/vql/tools/webdav_upload.go +++ b/vql/tools/webdav_upload.go @@ -1,4 +1,5 @@ -//+build extras +//go:build extras +// +build extras package tools @@ -40,25 +41,25 @@ func (self *WebDAVUploadFunction) Call(ctx context.Context, arg := &WebDAVUploadArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("upload_webdav: %s", err.Error()) + scope.Error("upload_webdav: %s", err.Error()) return vfilter.Null{} } err = vql_subsystem.CheckFilesystemAccess(scope, arg.Accessor) if err != nil { - scope.Log("upload_webdav: %s", err) + scope.Error("upload_webdav: %s", err) return vfilter.Null{} } accessor, err := accessors.GetAccessor(arg.Accessor, scope) if err != nil { - scope.Log("upload_webdav: %v", err) + scope.Error("upload_webdav: %v", err) return vfilter.Null{} } file, err := accessor.Open(arg.File) if err != nil { - scope.Log("upload_webdav: Unable to open %s: %s", + scope.Error("upload_webdav: Unable to open %s: %s", arg.File, err.Error()) return &vfilter.Null{} } @@ -70,7 +71,7 @@ func (self *WebDAVUploadFunction) Call(ctx context.Context, stat, err := accessor.Lstat(arg.File) if err != nil { - scope.Log("upload_webdav: Unable to stat %s: %v", + scope.Error("upload_webdav: Unable to stat %s: %v", arg.File, err) } else if !stat.IsDir() { // Abort uploading when the scope is destroyed. @@ -85,7 +86,7 @@ func (self *WebDAVUploadFunction) Call(ctx context.Context, arg.BasicAuthPassword, arg.NoVerifyCert) if err != nil { - scope.Log("upload_webdav: %v", err) + scope.Error("upload_webdav: %v", err) return vfilter.Null{} } return upload_response diff --git a/vql/windows/amsi.go b/vql/windows/amsi.go index 0b2ed2073a..2618076ab2 100644 --- a/vql/windows/amsi.go +++ b/vql/windows/amsi.go @@ -1,3 +1,4 @@ +//go:build windows // +build windows package windows @@ -29,7 +30,7 @@ func (self _AMSIFunction) Call( arg := &_AMSIFunctionArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("amsi: %v", err) + scope.Error("amsi: %v", err) return vfilter.Null{} } @@ -38,7 +39,7 @@ func (self _AMSIFunction) Call( if session_any == nil { err := amsi.Initialize() if err != nil { - scope.Log("amsi: %v", err) + scope.Error("amsi: %v", err) return vfilter.Null{} } session := amsi.OpenSession() diff --git a/vql/windows/crypto.go b/vql/windows/crypto.go index 3ae252f64d..e17ef2e6bd 100644 --- a/vql/windows/crypto.go +++ b/vql/windows/crypto.go @@ -1,3 +1,4 @@ +//go:build windows // +build windows /* @@ -158,7 +159,7 @@ func runCertificates( err := vql_subsystem.CheckAccess(scope, acls.MACHINE_STATE) if err != nil { - scope.Log("certificates: %s", err) + scope.Error("certificates: %s", err) return result } diff --git a/vql/windows/etw/watch.go b/vql/windows/etw/watch.go index f15feb1dac..cfd5904679 100644 --- a/vql/windows/etw/watch.go +++ b/vql/windows/etw/watch.go @@ -1,3 +1,4 @@ +//go:build windows && cgo // +build windows,cgo package etw @@ -44,7 +45,7 @@ func (self WatchETWPlugin) Call( arg := &WatchETWArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("watch_etw: %s", err.Error()) + scope.Error("watch_etw: %s", err.Error()) return } @@ -61,14 +62,14 @@ func (self WatchETWPlugin) Call( guid, err := windows.GUIDFromString(arg.Provider) if err != nil { - scope.Log("watch_etw: %s", err.Error()) + scope.Error("watch_etw: %s", err.Error()) return } for { err = createSession(ctx, scope, guid, arg, output_chan) if err != nil { - scope.Log("watch_etw: %v", err) + scope.Error("watch_etw: %v", err) } scope.Log("ETW session interrupted, will retry again.") @@ -93,7 +94,7 @@ func createSession(ctx context.Context, scope types.Scope, guid windows.GUID, cfg.Name = arg.Name }) if err != nil { - scope.Log("watch_etw: %s", err.Error()) + scope.Error("watch_etw: %s", err.Error()) return err } @@ -135,7 +136,7 @@ func createSession(ctx context.Context, scope types.Scope, guid windows.GUID, defer cancel() err := session.Process(cb) if err != nil { - scope.Log("watch_etw: %v", err) + scope.Error("watch_etw: %v", err) } }() diff --git a/vql/windows/network.go b/vql/windows/network.go index ac43f7f817..e8c21cbd2f 100644 --- a/vql/windows/network.go +++ b/vql/windows/network.go @@ -1,3 +1,4 @@ +//go:build windows // +build windows /* @@ -115,7 +116,7 @@ func runNetstat( err := vql_subsystem.CheckAccess(scope, acls.MACHINE_STATE) if err != nil { - scope.Log("netstat: %s", err) + scope.Error("netstat: %s", err) return result } diff --git a/vql/windows/process/dump.go b/vql/windows/process/dump.go index d66bba92b8..8ce33f7f3d 100644 --- a/vql/windows/process/dump.go +++ b/vql/windows/process/dump.go @@ -1,3 +1,4 @@ +//go:build windows && cgo // +build windows,cgo /* @@ -55,7 +56,7 @@ func (self ProcDumpPlugin) Call( err := vql_subsystem.CheckAccess(scope, acls.MACHINE_STATE) if err != nil { - scope.Log("proc_dump: %s", err) + scope.Error("proc_dump: %s", err) return } @@ -64,13 +65,13 @@ func (self ProcDumpPlugin) Call( err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("proc_dump: %s", err.Error()) + scope.Error("proc_dump: %s", err.Error()) return } tmpfile, err := ioutil.TempFile(os.TempDir(), "dmp") if err != nil { - scope.Log("proc_dump: %s", err.Error()) + scope.Error("proc_dump: %s", err.Error()) return } diff --git a/vql/windows/process/handles.go b/vql/windows/process/handles.go index e01f211f9d..837a4f2533 100644 --- a/vql/windows/process/handles.go +++ b/vql/windows/process/handles.go @@ -1,3 +1,4 @@ +//go:build windows && amd64 && cgo // +build windows,amd64,cgo // References: https://www.geoffchappell.com/studies/windows/km/ntoskrnl/api/ex/sysinfo/query.htm @@ -74,7 +75,7 @@ func (self HandlesPlugin) Call( err := vql_subsystem.CheckAccess(scope, acls.MACHINE_STATE) if err != nil { - scope.Log("handles: %s", err) + scope.Error("handles: %s", err) return } @@ -89,13 +90,13 @@ func (self HandlesPlugin) Call( arg := &HandlesPluginArgs{} err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("handles: %s", err.Error()) + scope.Error("handles: %s", err.Error()) return } err = TryToGrantSeDebugPrivilege() if err != nil { - scope.Log("handles while trying to grant SeDebugPrivilege: %v", err) + scope.Error("handles while trying to grant SeDebugPrivilege: %v", err) } GetHandles(scope, arg, output_chan) @@ -158,7 +159,7 @@ func GetHandles(scope vfilter.Scope, arg *HandlesPluginArgs, out chan<- vfilter. // This should be large enough to fit all the handles. buffer, err := SaneNtQuerySystemInformation(windows.SystemHandleInformation) if err != nil { - scope.Log("GetHandles %v", err) + scope.Error("GetHandles %v", err) return } @@ -193,7 +194,7 @@ func GetHandles(scope vfilter.Scope, arg *HandlesPluginArgs, out chan<- vfilter. windows.PROCESS_DUP_HANDLE, false, uint32(pid)) if err != nil { - scope.Log("OpenProcess for pid %v: %v\n", pid, err) + scope.Error("OpenProcess for pid %v: %v\n", pid, err) return } process_handle = h diff --git a/vql/windows/process/token.go b/vql/windows/process/token.go index 3f252bc3b4..c2d2752d43 100644 --- a/vql/windows/process/token.go +++ b/vql/windows/process/token.go @@ -1,3 +1,4 @@ +//go:build windows && amd64 // +build windows,amd64 package process @@ -28,21 +29,21 @@ func (self TokenFunction) Call( err := vql_subsystem.CheckAccess(scope, acls.MACHINE_STATE) if err != nil { - scope.Log("token: %s", err) + scope.Error("token: %s", err) return vfilter.Null{} } arg := &TokenArgs{} err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("token: %s", err.Error()) + scope.Error("token: %s", err.Error()) return vfilter.Null{} } handle, err := windows.OpenProcess( syscall.PROCESS_QUERY_INFORMATION, false, uint32(arg.Pid)) if err != nil { - scope.Log("token: %s", err.Error()) + scope.Error("token: %s", err.Error()) return vfilter.Null{} } defer windows.CloseHandle(handle) @@ -52,7 +53,7 @@ func (self TokenFunction) Call( // Find process token via win32 err = windows.OpenProcessToken(handle, syscall.TOKEN_QUERY, &token) if err != nil { - scope.Log("token: %s", err.Error()) + scope.Error("token: %s", err.Error()) return vfilter.Null{} } defer token.Close() @@ -60,7 +61,7 @@ func (self TokenFunction) Call( // Find the token user tokenUser, err := token.GetTokenUser() if err != nil { - scope.Log("token: %s", err.Error()) + scope.Error("token: %s", err.Error()) return vfilter.Null{} } diff --git a/vql/windows/process/vad.go b/vql/windows/process/vad.go index d1d27bcca6..bcf3a65907 100644 --- a/vql/windows/process/vad.go +++ b/vql/windows/process/vad.go @@ -1,3 +1,4 @@ +//go:build windows && amd64 && cgo // +build windows,amd64,cgo package process @@ -48,7 +49,7 @@ func (self ModulesPlugin) Call( err := vql_subsystem.CheckAccess(scope, acls.MACHINE_STATE) if err != nil { - scope.Log("modules: %s", err) + scope.Error("modules: %s", err) return } @@ -59,13 +60,13 @@ func (self ModulesPlugin) Call( err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("modules: %s", err.Error()) + scope.Error("modules: %s", err.Error()) return } modules, err := GetProcessModules(uint32(arg.Pid)) if err != nil { - scope.Log("modules: %s", err.Error()) + scope.Error("modules: %s", err.Error()) return } @@ -108,13 +109,13 @@ func (self VADPlugin) Call( err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("vad: %s", err.Error()) + scope.Error("vad: %s", err.Error()) return } vads, handle, err := GetVads(uint32(arg.Pid)) if err != nil { - scope.Log("vad: %s", err.Error()) + scope.Error("vad: %s", err.Error()) return } defer windows.CloseHandle(handle) diff --git a/vql/windows/process/vad_32.go b/vql/windows/process/vad_32.go index 0926c6cdfb..cc70470e84 100644 --- a/vql/windows/process/vad_32.go +++ b/vql/windows/process/vad_32.go @@ -1,3 +1,4 @@ +//go:build windows && 386 && cgo // +build windows,386,cgo package process @@ -48,7 +49,7 @@ func (self ModulesPlugin) Call( err := vql_subsystem.CheckAccess(scope, acls.MACHINE_STATE) if err != nil { - scope.Log("modules: %s", err) + scope.Error("modules: %s", err) return } @@ -59,13 +60,13 @@ func (self ModulesPlugin) Call( err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("modules: %s", err.Error()) + scope.Error("modules: %s", err.Error()) return } modules, err := GetProcessModules(uint32(arg.Pid)) if err != nil { - scope.Log("modules: %s", err.Error()) + scope.Error("modules: %s", err.Error()) return } @@ -108,13 +109,13 @@ func (self VADPlugin) Call( err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("vad: %s", err.Error()) + scope.Error("vad: %s", err.Error()) return } vads, err := GetVads(uint32(arg.Pid)) if err != nil { - scope.Log("vad: %s", err.Error()) + scope.Error("vad: %s", err.Error()) return } diff --git a/vql/windows/process/winobj.go b/vql/windows/process/winobj.go index 8e2e959f1f..90af1229bc 100644 --- a/vql/windows/process/winobj.go +++ b/vql/windows/process/winobj.go @@ -1,3 +1,4 @@ +//go:build windows && amd64 // +build windows,amd64 // References @@ -43,7 +44,7 @@ func (self WinObjPlugin) Call( err := vql_subsystem.CheckAccess(scope, acls.MACHINE_STATE) if err != nil { - scope.Log("proc_dump: %s", err) + scope.Error("proc_dump: %s", err) return } @@ -58,7 +59,7 @@ func (self WinObjPlugin) Call( arg := &WinObjPluginArgs{} err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("winobj: %s", err.Error()) + scope.Error("winobj: %s", err.Error()) return } diff --git a/vql/windows/processes.go b/vql/windows/processes.go index 87ea91ede2..6cca0e3128 100644 --- a/vql/windows/processes.go +++ b/vql/windows/processes.go @@ -1,3 +1,4 @@ +//go:build windows // +build windows /* @@ -194,7 +195,7 @@ func (self PslistPlugin) Call( err := vql_subsystem.CheckAccess(scope, acls.MACHINE_STATE) if err != nil { - scope.Log("pslist: %s", err) + scope.Error("pslist: %s", err) return } @@ -205,7 +206,7 @@ func (self PslistPlugin) Call( err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("pslist: %s", err.Error()) + scope.Error("pslist: %s", err.Error()) return } @@ -214,7 +215,7 @@ func (self PslistPlugin) Call( handle, err := windows.CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, uint32(arg.Pid)) if err != nil { - scope.Log("CreateToolhelp32Snapshot: %v ", err) + scope.Error("CreateToolhelp32Snapshot: %v ", err) return } defer windows.Close(handle) @@ -224,7 +225,7 @@ func (self PslistPlugin) Call( err = windows.Process32First(handle, &entry) if err != nil { - scope.Log("Process32First: %v ", err) + scope.Error("Process32First: %v ", err) return } @@ -261,7 +262,7 @@ func (self PslistPlugin) Call( if err == syscall.ERROR_NO_MORE_FILES { return } else if err != nil { - scope.Log("Process32Next: %v ", err) + scope.Error("Process32Next: %v ", err) return } } diff --git a/vql/windows/registry/write.go b/vql/windows/registry/write.go index e4dc2ac8af..0980538206 100644 --- a/vql/windows/registry/write.go +++ b/vql/windows/registry/write.go @@ -1,3 +1,4 @@ +//go:build windows // +build windows package registry @@ -31,7 +32,7 @@ func (self *RegSetValueFunction) Call(ctx context.Context, arg := &RegSetValueFunctionArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("reg_set_value: %s", err.Error()) + scope.Error("reg_set_value: %s", err.Error()) return vfilter.Null{} } @@ -66,7 +67,7 @@ func (self *RegSetValueFunction) Call(ctx context.Context, registry.QUERY_VALUE|registry.SET_VALUE) } if err != nil { - scope.Log("reg_set_value: %s", err.Error()) + scope.Error("reg_set_value: %s", err.Error()) return vfilter.Null{} } defer key.Close() @@ -105,7 +106,7 @@ func (self *RegSetValueFunction) Call(ctx context.Context, } if err != nil { - scope.Log("reg_set_value: %v", err) + scope.Error("reg_set_value: %v", err) return vfilter.Null{} } @@ -132,7 +133,7 @@ func (self *RegDeleteValueFunction) Call(ctx context.Context, arg := &RegDeleteValueFunctionArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("reg_rm_value: %s", err.Error()) + scope.Error("reg_rm_value: %s", err.Error()) return vfilter.Null{} } @@ -158,14 +159,14 @@ func (self *RegDeleteValueFunction) Call(ctx context.Context, key, err := registry.OpenKey(root_hive, subkey_path, registry.QUERY_VALUE|registry.SET_VALUE) if err != nil { - scope.Log("reg_rm_value: %s", err.Error()) + scope.Error("reg_rm_value: %s", err.Error()) return vfilter.Null{} } defer key.Close() err = key.DeleteValue(value_name) if err != nil { - scope.Log("reg_rm_value: %v", err) + scope.Error("reg_rm_value: %v", err) return vfilter.Null{} } @@ -192,7 +193,7 @@ func (self *RegDeleteKeyFunction) Call(ctx context.Context, arg := &RegDeleteKeyFunctionArgs{} err := arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("reg_rm_key: %s", err.Error()) + scope.Error("reg_rm_key: %s", err.Error()) return vfilter.Null{} } @@ -216,14 +217,14 @@ func (self *RegDeleteKeyFunction) Call(ctx context.Context, key, err := registry.OpenKey(root_hive, "", registry.QUERY_VALUE|registry.SET_VALUE) if err != nil { - scope.Log("reg_rm_key: %s", err.Error()) + scope.Error("reg_rm_key: %s", err.Error()) return vfilter.Null{} } defer key.Close() err = registry.DeleteKey(key, subkey_path) if err != nil { - scope.Log("reg_rm_key: %v", err) + scope.Error("reg_rm_key: %v", err) return vfilter.Null{} } diff --git a/vql/windows/users.go b/vql/windows/users.go index 83a4f4712d..f3ae715300 100644 --- a/vql/windows/users.go +++ b/vql/windows/users.go @@ -1,3 +1,4 @@ +//go:build windows // +build windows /* @@ -154,20 +155,20 @@ func (self *LookupSidFunction) Call(ctx context.Context, err := vql_subsystem.CheckAccess(scope, acls.MACHINE_STATE) if err != nil { - scope.Log("LookupSID: %s", err) + scope.Error("LookupSID: %s", err) return false } arg := &LookupSidFunctionArgs{} err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("LookupSID: %s", err.Error()) + scope.Error("LookupSID: %s", err.Error()) return false } sid, err := syscall.StringToSid(arg.Sid) if err != nil { - scope.Log("LookupSID: %s", err.Error()) + scope.Error("LookupSID: %s", err.Error()) return vfilter.Null{} } @@ -180,7 +181,7 @@ func (self *LookupSidFunction) Call(ctx context.Context, err = syscall.LookupAccountSid(&system_name[0], sid, &name[0], &namelen, &domain[0], &domain_len, &sid_name_use) if err != nil { - scope.Log("LookupSID: %s", err.Error()) + scope.Error("LookupSID: %s", err.Error()) return vfilter.Null{} } diff --git a/vql/windows/wmi/events.go b/vql/windows/wmi/events.go index e17ed82c92..43c8999cf4 100644 --- a/vql/windows/wmi/events.go +++ b/vql/windows/wmi/events.go @@ -1,3 +1,4 @@ +//go:build windows // +build windows /* @@ -121,7 +122,7 @@ func (self WmiEventPlugin) Call( err := vql_subsystem.CheckAccess(scope, acls.MACHINE_STATE) if err != nil { - scope.Log("wmi_events: %s", err) + scope.Error("wmi_events: %s", err) return } @@ -130,7 +131,7 @@ func (self WmiEventPlugin) Call( err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("wmi_events: %s", err.Error()) + scope.Error("wmi_events: %s", err.Error()) return } diff --git a/vql/windows/wmi/wmi.go b/vql/windows/wmi/wmi.go index c6b547ee2a..3c6d4114ae 100644 --- a/vql/windows/wmi/wmi.go +++ b/vql/windows/wmi/wmi.go @@ -206,20 +206,20 @@ func runWMIQuery( err := vql_subsystem.CheckAccess(scope, acls.MACHINE_STATE) if err != nil { - scope.Log("wmi: %v", err) + scope.Error("wmi: %v", err) return result } arg := &WMIQueryArgs{} err = arg_parser.ExtractArgsWithContext(ctx, scope, args, arg) if err != nil { - scope.Log("wmi: %v", err) + scope.Error("wmi: %v", err) return result } query_result, err := Query(arg.Query, arg.Namespace) if err != nil { - scope.Log("wmi: %v", err) + scope.Error("wmi: %v", err) return result } for _, item := range query_result {