Syslog priority levels shouldn't default to ERR
-
Too much syslog output from pfSense is emitted as priority ERR when it's not. I believe this is due the the presence, in src/etc/inc/util.inc, of log_error(), but no similar functions for more nuanced reporting, such as log_warn, log_notice, log_info, or log_debug. Or just a parameterized generic log_message($priority, $message) function?log_message.txt
As an example, rc.filtersynchonize only emits ERR, even if the message is as benign as "Nothing has been configured to be synched. Skipping...."
Likewise, xmlrpc_client.inc makes five calls to log_error, even though two of these are the "Beginning XMLRPC sync..." and "XMLRPC reload data success ..."
There are just over 1200 calls to log_error in the codebase. How many of these are actually ERR level events?
Couldn't we get more finely grained logging? pfSense is a serious product, but the logging is so noisy as to be nearly useless.
Thanks for reading,
-nic -
Some of that is set that way intentionally because doing so triggers other events. For example: https://redmine.pfsense.org/issues/12464
But, yes, there are probably improvements here. Open a feature request.
Steve
-
@stephenw10
Of course you're correct about LOG_AUTH, except that what I'm suggesting wouldn't affect that. There's a separate log_auth() function for that, which does its own level setting. If there are other instances where log output is leveraged to trigger other actions, that'd be good to know.I will create a feature request (I hadn't thought of looking in Redmine for that!) and maybe even work up a PR for it.
Lastly, for completeness; almost as soon as I uploaded my log_message.txt example,I realized that I had incorrect argument order. As posted it's not so good.
-nic -
@stephenw10 Issue #15734 created.
-nic