From 18330d16711bb18a6184dd2c040a4895f5f2a011 Mon Sep 17 00:00:00 2001
From: Jason Dellaluce <jasondellaluce@gmail.com>
Date: Mon, 27 Jun 2022 13:09:14 +0000
Subject: [PATCH 1/3] new(userspace/falco): enable attaching libsinsp logger to
 the falco one

Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
---
 userspace/falco/logger.cpp | 68 ++++++++++++++++++++++++++++++++++++++
 userspace/falco/logger.h   |  2 ++
 2 files changed, 70 insertions(+)

diff --git a/userspace/falco/logger.cpp b/userspace/falco/logger.cpp
index 4cf9571dff3..5e8c0615d36 100644
--- a/userspace/falco/logger.cpp
+++ b/userspace/falco/logger.cpp
@@ -23,6 +23,46 @@ limitations under the License.
 int falco_logger::level = LOG_INFO;
 bool falco_logger::time_format_iso_8601 = false;
 
+static void decode_sinsp_severity(const string& s, sinsp_logger::severity& sev)
+{
+	if(s == "trace")
+	{
+		sev = sinsp_logger::SEV_TRACE;
+	}
+	else if(s == "debug")
+	{
+		sev = sinsp_logger::SEV_DEBUG;
+	}
+	else if(s == "info")
+	{
+		sev = sinsp_logger::SEV_INFO;
+	}
+	else if(s == "notice")
+	{
+		sev = sinsp_logger::SEV_NOTICE;
+	}
+	else if(s == "warning")
+	{
+		sev = sinsp_logger::SEV_WARNING;
+	}
+	else if(s == "error")
+	{
+		sev = sinsp_logger::SEV_ERROR;
+	}
+	else if(s == "critical")
+	{
+		sev = sinsp_logger::SEV_CRITICAL;
+	}
+	else if(s == "fatal")
+	{
+		sev = sinsp_logger::SEV_FATAL;
+	}
+	else
+	{
+		throw falco_exception("Unknown sinsp log severity " + s);
+	}
+}
+
 void falco_logger::set_time_format_iso_8601(bool val)
 {
 	falco_logger::time_format_iso_8601 = val;
@@ -68,6 +108,34 @@ void falco_logger::set_level(string &level)
 	}
 }
 
+static std::string s_sinsp_logger_prefix = "";
+
+void falco_logger::set_sinsp_logging(bool enable, const std::string& severity, const std::string& prefix)
+{
+	if (enable)
+	{
+		sinsp_logger::severity sevcode = sinsp_logger::SEV_DEBUG;
+		decode_sinsp_severity(severity, sevcode);
+
+		s_sinsp_logger_prefix = prefix;
+		g_logger.set_severity(sevcode);
+		g_logger.disable_timestamps();
+		g_logger.add_callback_log(
+			[](std::string&& str, const sinsp_logger::severity sev)
+			{
+				// note: using falco_logger::level ensures that the sinsp
+				// logs are always printed by the Falco logger. These
+				// logs are pre-filtered at the sinsp level depending
+				// on the configured severity
+				falco_logger::log(falco_logger::level, s_sinsp_logger_prefix + str);
+			});
+	}
+	else
+	{
+		g_logger.remove_callback_log();
+	}
+}
+
 
 bool falco_logger::log_stderr = true;
 bool falco_logger::log_syslog = true;
diff --git a/userspace/falco/logger.h b/userspace/falco/logger.h
index c27dfd3b51e..c4870917584 100644
--- a/userspace/falco/logger.h
+++ b/userspace/falco/logger.h
@@ -28,6 +28,8 @@ class falco_logger
 	// Will throw exception if level is unknown.
 	static void set_level(string &level);
 
+	static void set_sinsp_logging(bool enable, const std::string& severity, const std::string& prefix);
+
 	static void log(int priority, const string msg);
 
 	static int level;

From 7c8013589e1746b22ad20cb8545f137a90d11509 Mon Sep 17 00:00:00 2001
From: Jason Dellaluce <jasondellaluce@gmail.com>
Date: Mon, 27 Jun 2022 13:33:03 +0000
Subject: [PATCH 2/3] refactor(userspace/falco): make sinsp logging part of the
 configuration (default to false)

Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
---
 falco.yaml                        | 11 +++++++++++
 userspace/falco/configuration.cpp |  6 ++++++
 2 files changed, 17 insertions(+)

diff --git a/falco.yaml b/falco.yaml
index e7ef2b7596c..82ae4c06b79 100644
--- a/falco.yaml
+++ b/falco.yaml
@@ -98,6 +98,17 @@ log_syslog: true
 # "alert", "critical", "error", "warning", "notice", "info", "debug".
 log_level: info
 
+# Falco is capable of managing the logs coming from libs. If enabled,
+# the libs logger send its log records the same outputs supported by
+# Falco (stderr and syslog). Disabled by default.
+libs_logger:
+  enabled: false
+  # Minimum log severity to include in the libs logs. Note: this value is
+  # separate from the log level of the Falco logger and does not affect it.
+  # Can be one of "fatal", "critical", "error", "warning", "notice",
+  # "info", "debug", "trace".
+  severity: debug
+
 # Minimum rule priority level to load and run. All rules having a
 # priority more severe than this level will be loaded/run.  Can be one
 # of "emergency", "alert", "critical", "error", "warning", "notice",
diff --git a/userspace/falco/configuration.cpp b/userspace/falco/configuration.cpp
index f6e53026e64..2ee28af6cdd 100644
--- a/userspace/falco/configuration.cpp
+++ b/userspace/falco/configuration.cpp
@@ -183,6 +183,12 @@ void falco_configuration::init(string conf_filename, const vector<string> &cmdli
 
 	falco_logger::set_level(m_log_level);
 
+
+	falco_logger::set_sinsp_logging(
+		m_config->get_scalar<bool>("libs_logger.enabled", false),
+		m_config->get_scalar<std::string>("libs_logger.severity", "debug"),
+		"[libs]: ");
+
 	m_output_timeout = m_config->get_scalar<uint32_t>("output_timeout", 2000);
 
 	m_notifications_rate = m_config->get_scalar<uint32_t>("outputs.rate", 1);

From 47b70a0cc9e0a6205baf6902135b3a0fa5f1bf57 Mon Sep 17 00:00:00 2001
From: Jason Dellaluce <jasondellaluce@gmail.com>
Date: Fri, 1 Jul 2022 13:41:40 +0000
Subject: [PATCH 3/3] update(userspace/falco): simplify sinsp logger sev
 decoding

Co-authored-by: Luca Guerra <luca@guerra.sh>
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
---
 userspace/falco/logger.cpp | 28 +++++++++++-----------------
 1 file changed, 11 insertions(+), 17 deletions(-)

diff --git a/userspace/falco/logger.cpp b/userspace/falco/logger.cpp
index 5e8c0615d36..cde42fd7c20 100644
--- a/userspace/falco/logger.cpp
+++ b/userspace/falco/logger.cpp
@@ -23,44 +23,41 @@ limitations under the License.
 int falco_logger::level = LOG_INFO;
 bool falco_logger::time_format_iso_8601 = false;
 
-static void decode_sinsp_severity(const string& s, sinsp_logger::severity& sev)
+static sinsp_logger::severity decode_sinsp_severity(const string& s)
 {
 	if(s == "trace")
 	{
-		sev = sinsp_logger::SEV_TRACE;
+		return sinsp_logger::SEV_TRACE;
 	}
 	else if(s == "debug")
 	{
-		sev = sinsp_logger::SEV_DEBUG;
+		return sinsp_logger::SEV_DEBUG;
 	}
 	else if(s == "info")
 	{
-		sev = sinsp_logger::SEV_INFO;
+		return sinsp_logger::SEV_INFO;
 	}
 	else if(s == "notice")
 	{
-		sev = sinsp_logger::SEV_NOTICE;
+		return sinsp_logger::SEV_NOTICE;
 	}
 	else if(s == "warning")
 	{
-		sev = sinsp_logger::SEV_WARNING;
+		return sinsp_logger::SEV_WARNING;
 	}
 	else if(s == "error")
 	{
-		sev = sinsp_logger::SEV_ERROR;
+		return sinsp_logger::SEV_ERROR;
 	}
 	else if(s == "critical")
 	{
-		sev = sinsp_logger::SEV_CRITICAL;
+		return sinsp_logger::SEV_CRITICAL;
 	}
 	else if(s == "fatal")
 	{
-		sev = sinsp_logger::SEV_FATAL;
-	}
-	else
-	{
-		throw falco_exception("Unknown sinsp log severity " + s);
+		return sinsp_logger::SEV_FATAL;
 	}
+	throw falco_exception("Unknown sinsp log severity " + s);
 }
 
 void falco_logger::set_time_format_iso_8601(bool val)
@@ -114,11 +111,8 @@ void falco_logger::set_sinsp_logging(bool enable, const std::string& severity, c
 {
 	if (enable)
 	{
-		sinsp_logger::severity sevcode = sinsp_logger::SEV_DEBUG;
-		decode_sinsp_severity(severity, sevcode);
-
 		s_sinsp_logger_prefix = prefix;
-		g_logger.set_severity(sevcode);
+		g_logger.set_severity(decode_sinsp_severity(severity));
 		g_logger.disable_timestamps();
 		g_logger.add_callback_log(
 			[](std::string&& str, const sinsp_logger::severity sev)