From 0092e77053d559c31b2741aa8d1bac9ed0aab459 Mon Sep 17 00:00:00 2001 From: Aleksandr Maus Date: Wed, 8 Sep 2021 07:44:41 -0400 Subject: [PATCH] Osquerybeat: Fix osquery logger plugin severy levels mapping (#27789) (cherry picked from commit c6b31a439205eb6ab7c8f8d740cf4dcdd154df5d) --- x-pack/osquerybeat/beater/logger_plugin.go | 26 ++++++++++++---------- 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/x-pack/osquerybeat/beater/logger_plugin.go b/x-pack/osquerybeat/beater/logger_plugin.go index bbf327eef443..deefbc6d9b06 100644 --- a/x-pack/osquerybeat/beater/logger_plugin.go +++ b/x-pack/osquerybeat/beater/logger_plugin.go @@ -35,15 +35,19 @@ const osqueryLogMessageFieldsCount = 6 type osqLogSeverity int +// The severity levels are taken from osquery source +// https://github.com/osquery/osquery/blob/master/osquery/core/plugins/logger.h#L39 +// enum StatusLogSeverity { +// O_INFO = 0, +// O_WARNING = 1, +// O_ERROR = 2, +// O_FATAL = 3, +// }; const ( - severityEmerg osqLogSeverity = iota - severityAlert - severityCrit - severityErr - severityWarn - severityNotice - severityInfo - severityDebug + severityInfo osqLogSeverity = iota + severityWarning + severityError + severityFatal ) func (m *osqueryLogMessage) Log(typ logger.LogType, log *logp.Logger) { @@ -65,14 +69,12 @@ func (m *osqueryLogMessage) Log(typ logger.LogType, log *logp.Logger) { args = append(args, m.UnixTime) switch osqLogSeverity(m.Severity) { - case severityEmerg, severityAlert, severityCrit: + case severityError, severityFatal: log.Errorw(m.Message, args...) - case severityWarn, severityNotice: + case severityWarning: log.Warnw(m.Message, args...) case severityInfo: log.Infow(m.Message, args...) - case severityDebug: - log.Debugw(m.Message, args...) default: log.Debugw(m.Message, args...) }