beenull/crowdsec
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Make whitelist by expr debug level (#1236)

Browse source 
* fix #616 : simply make it at debug level, so that the user can set his node to debug level if he really wants to see this. Otherwise it can be too spammy
This commit is contained in:
Thibault "bui" Koechlin 2022-02-03 17:04:18 +01:00 committed by GitHub
parent 02765a74fa
commit dd53d19777
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
pkg/parser/node.go
View file

@ -165,7 +165,7 @@ func (n *Node) process(p *types.Event, ctx UnixParserCtx) (bool, error) {
}
for _, v := range n.Whitelist.B_Ips {
if v.Equal(src) {
clog.Debugf("Event from [%s] is whitelisted by Ips !", src)
clog.Debugf("Event from [%s] is whitelisted by IP (%s), reason [%s]", src, v, n.Whitelist.Reason)
isWhitelisted = true
} else {
clog.Tracef("whitelist: %s is not eq [%s]", src, v)
@ -174,7 +174,7 @@ func (n *Node) process(p *types.Event, ctx UnixParserCtx) (bool, error) {
}
for _, v := range n.Whitelist.B_Cidrs {
if v.Contains(src) {
clog.Debugf("Event from [%s] is whitelisted by Cidrs !", src)
clog.Debugf("Event from [%s] is whitelisted by CIDR (%s), reason [%s]", src, v, n.Whitelist.Reason)
isWhitelisted = true
} else {
clog.Tracef("whitelist: %s not in [%s]", src, v)
@ -200,7 +200,7 @@ func (n *Node) process(p *types.Event, ctx UnixParserCtx) (bool, error) {
e.ExprDebugger.Run(clog, out, exprhelpers.GetExprEnv(map[string]interface{}{"evt": p}))
}
if out {
clog.Infof("Event is whitelisted by Expr !")
clog.Debugf("Event is whitelisted by expr, reason [%s]", n.Whitelist.Reason)
p.Whitelisted = true
isWhitelisted = true
}