Skip to content

Commit

Permalink
decrease log level of denied connections
Browse files Browse the repository at this point in the history 
Denied connections were logged with Warning level.
However if you had a rule that denied a particular noisy connection, it
generated too much logs that didn't add value.

In the future it would be nice to log as warning, denied connections
that do not have a rule created by a user.

Discussion: #10 (comment)
  • Loading branch information
@gustavo-iniguez-goya
gustavo-iniguez-goya committed Apr 19, 2020
1 parent bf7449f commit 83ffaaa
Showing 1 changed file with 1 addition and 2 deletions.
3 changes: 1 addition & 2 deletions daemon/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -249,8 +249,7 @@ func acceptOrDeny(packet *netfilter.Packet, con *conman.Connection) *rule.Rule {
packet.SetVerdictAndMark(netfilter.NF_DROP, firewall.DropMark)
}

// FIXME: this log generates too much noise
log.Warning("%s %s -> %s:%d (%s)", log.Bold(log.Red("✘")), log.Bold(con.Process.Path), log.Bold(con.To()), con.DstPort, log.Red(r.Name))
log.Debug("%s %s -> %s:%d (%s)", log.Bold(log.Red("✘")), log.Bold(con.Process.Path), log.Bold(con.To()), con.DstPort, log.Red(r.Name))
}

return r
Expand Down

2 comments on commit 83ffaaa

@Ph0rk0z
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When I set logging to "error or fatal" it will not write at all and just to memory in the UI?

@gustavo-iniguez-goya
Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For now yes, it won't be logged to disk if it's not in debug level.

Please sign in to comment.