]> git.ipfire.org Git - thirdparty/suricata-update.git/commitdiff
engine: choose better Suricata logging levels for rule test
authorJason Ish <jason.ish@oisf.net>
Wed, 15 Jan 2025 15:40:22 +0000 (09:40 -0600)
committerJason Ish <jason.ish@oisf.net>
Tue, 8 Apr 2025 22:16:09 +0000 (16:16 -0600)
The current default is to use SC_LOG_LEVEL=warning which can output
non-fatal warnings which is generally not what you want when running
from cron with "suricata-update -q".

Now, if "-q" is provided, run Suricata with SC_LOG_LEVEL=error which
is useful for cron to ony be notified of fata errors. Generally
end-users are not worried about rule warnings such as:

    ja3.hash should not be used together with nocase, since the rule
    is automatically lowercased anyway which makes nocase redundant.

This also allows for log level be set with SC_LOG_LEVEL, in which case
Suricata-Update  will not change the log level.

Additionally, make Suricata more verbose if Suricata-Update is run
with "-v".

Ticket: https://redmine.openinfosecfoundation.org/issues/7494

suricata/update/engine.py

index 22ad9b3ccbf47f39edf77dda8283e37b996cf925..2714a4d61da7f3a9c4a727027493d17a7c350ce3 100644 (file)
@@ -95,7 +95,8 @@ class Configuration:
     @classmethod
     def load(cls, config_filename, suricata_path=None):
         env = build_env()
-        env["SC_LOG_LEVEL"] = "Error"
+        if "SC_LOG_LEVEL" not in env:
+            env["SC_LOG_LEVEL"] = "Error"
         if not suricata_path:
             suricata_path = get_path()
         if not suricata_path:
@@ -163,8 +164,29 @@ def get_version(path):
         return parse_version(output)
     return None
 
+
 def test_configuration(suricata_path, suricata_conf=None, rule_filename=None):
     """Test the Suricata configuration with -T."""
+
+    env = build_env()
+
+    # Choose a good Suricata log level, respecting SC_LOG_LEVEL if set.
+    if "SC_LOG_LEVEL" not in env:
+        try:
+            level = logging.getLevelName(logger.getEffectiveLevel())
+            if level == "WARNING":
+                # Suricata-Update was called with "-q", only output
+                # Suricata errors.
+                env["SC_LOG_LEVEL"] = "Error"
+            elif level == "DEBUG":
+                # Suricata-Update was called with "-v", increase
+                # Suricata logging to info.
+                env["SC_LOG_LEVEL"] = "Info"
+        finally:
+            # Default to warning.
+            if "SC_LOG_LEVEL" not in env:
+                env["SC_LOG_LEVEL"] = "Warning"
+
     tempdir = tempfile.mkdtemp()
     test_command = [
         suricata_path,
@@ -176,9 +198,6 @@ def test_configuration(suricata_path, suricata_conf=None, rule_filename=None):
     if rule_filename:
         test_command += ["-S", rule_filename]
 
-    env = build_env()
-    env["SC_LOG_LEVEL"] = "Warning"
-
     logger.debug("Running %s; env=%s", " ".join(test_command), str(env))
     rc = subprocess.Popen(test_command, env=env).wait()
     ret = True if rc == 0 else False
@@ -191,6 +210,5 @@ def test_configuration(suricata_path, suricata_conf=None, rule_filename=None):
 def build_env():
     env = os.environ.copy()
     env["SC_LOG_FORMAT"] = "%t - <%d> -- "
-    env["SC_LOG_LEVEL"] = "Error"
     env["ASAN_OPTIONS"] = "detect_leaks=0"
     return env