Feature: Better Logging Architecture #625
Comments
|
Agreed on most points. @rep already proposed the task aware logging a while ago but we haven't put it to production yet. |
|
Btw, in the case of rolling logs, we do have to make sure that logs are not magically deleted. E.g., I still may want to see the logs of an analysis half a million analyses later ;) |
|
Stumbled back across then when I was checking Issues I was involved in. I ended up coding the third point because an upstart job fails to account for when you want to reprocess and analysis, you're still only left with logging to STDOUT. This solves that. Relevant commits: Feel free to use/improve. |
|
Having forgotten about this issue, some of the suggestions have been implemented by now. |
and others
There are multiple enhancements that could be done to the current logging architecture.
After about 1000 analysis (or 20 with debug information) the cuckoo.log begins to get a bit overwhelming to look at, some error logs do not specify which task failed which can make grepping for logs hard. Especially when concurrent tasks are running. This goes into the next point...
Ensure Task ID's are printed in as many error/warning logs as possible. Several locations in plugins.py could benefit from logging the task ID for processing/signature errors:https://github.com/cuckoobox/cuckoo/blob/master/lib/cuckoo/core/plugins.py#L195
https://github.com/cuckoobox/cuckoo/blob/master/lib/cuckoo/core/plugins.py#L358
https://github.com/cuckoobox/cuckoo/blob/master/lib/cuckoo/core/plugins.py#L560
Another example (and there are others really): https://github.com/cuckoobox/cuckoo/blob/master/modules/processing/behavior.py#L249
Add a log handler to process.py. Currently there is only STDOUT. If you want to reprocess an analysis, there are no retainable logs unless you pipe it to a file and after reprocessing, the logs for that task in cuckoo.log may not be applicable anymore. For people using process.py in auto mode, there is no logging at all unless you force it with something like an upstart job, or redirecting stdout to a file, etc. Would be wonderful to have this be logged to its own file.Task aware logging. All logs specific to a particular task should be monitored in a task-by-task basis so that we can dump them into MongoDB. We could then download/display them in the Admin tab (or similar). This would mostly eliminate the need to log into the server to get logs, and would make Cuckoo be more 'appliance' like.The text was updated successfully, but these errors were encountered: