diff --git a/lib/bpf/bpf.go b/lib/bpf/bpf.go index 80c31b080524b..42c95bf4b8bcc 100644 --- a/lib/bpf/bpf.go +++ b/lib/bpf/bpf.go @@ -123,15 +123,15 @@ func New(config *servicecfg.BPFConfig) (bpf BPF, err error) { return nil, trace.Wrap(err) } + closeContext, closeFunc := context.WithCancel(context.Background()) + // If BPF-based auditing is not enabled, don't configure anything return // right away. if !config.Enabled { - log.Debugf("Enhanced session recording is not enabled, skipping.") + logger.DebugContext(closeContext, "Enhanced session recording is not enabled, skipping") return &NOP{}, nil } - closeContext, closeFunc := context.WithCancel(context.Background()) - s := &Service{ BPFConfig: config, watch: NewSessionWatch(), @@ -150,7 +150,7 @@ func New(config *servicecfg.BPFConfig) (bpf BPF, err error) { defer func() { if err != nil { if err := s.cgroup.Close(true); err != nil { - log.WithError(err).Warn("Failed to close cgroup") + logger.WarnContext(closeContext, "Failed to close cgroup", "error", err) } } }() @@ -163,7 +163,7 @@ func New(config *servicecfg.BPFConfig) (bpf BPF, err error) { } start := time.Now() - log.Debugf("Starting enhanced session recording.") + logger.DebugContext(closeContext, "Starting enhanced session recording") // Compile and start BPF programs if they are enabled (buffer size given). s.exec, err = startExec(*config.CommandBufferSize) @@ -181,10 +181,13 @@ func New(config *servicecfg.BPFConfig) (bpf BPF, err error) { return nil, trace.Wrap(err) } - log.Debugf("Started enhanced session recording with buffer sizes (command=%v, "+ - "disk=%v, network=%v) and cgroup mount path: %v. Took %v.", - *s.CommandBufferSize, *s.DiskBufferSize, *s.NetworkBufferSize, - s.CgroupPath, time.Since(start)) + logger.DebugContext(closeContext, "Started enhanced session recording", + "command_buffer_size", *s.CommandBufferSize, + "disk_buffer_size", *s.DiskBufferSize, + "network_buffer_size", *s.NetworkBufferSize, + "cgroup_mount_path", s.CgroupPath, + "elapsed", time.Since(start), + ) go s.processNetworkEvents() @@ -213,7 +216,7 @@ func (s *Service) Close(restarting bool) error { // we're restarting. skipCgroupUnmount := restarting if err := s.cgroup.Close(skipCgroupUnmount); err != nil { - log.WithError(err).Warn("Failed to close cgroup") + logger.WarnContext(s.closeContext, "Failed to close cgroup", "error", err) } // Signal to the processAccessEvents pulling events off the perf buffer to shutdown. @@ -247,7 +250,7 @@ func (s *Service) OpenSession(ctx *SessionContext) (uint64, error) { // Clean up all already opened modules. for _, closer := range initializedModClosures { if closeErr := closer.endSession(cgroupID); closeErr != nil { - log.Debugf("failed to close session: %v", closeErr) + logger.DebugContext(s.closeContext, "failed to close session", "error", closeErr) } } return 0, trace.Wrap(err) @@ -343,7 +346,7 @@ func (s *Service) emitCommandEvent(eventBytes []byte) { var event rawExecEvent err := unmarshalEvent(eventBytes, &event) if err != nil { - log.Debugf("Failed to read binary data: %v.", err) + logger.DebugContext(s.closeContext, "Failed to read binary data", "error", err) return } @@ -369,7 +372,7 @@ func (s *Service) emitCommandEvent(eventBytes []byte) { return make([]string, 0), nil }) if err != nil { - log.WithError(err).Warn("Unable to retrieve args from FnCahe - this is a bug!") + logger.WarnContext(s.closeContext, "Unable to retrieve args from FnCahe - this is a bug!", "error", err) args = []string{} } @@ -387,7 +390,7 @@ func (s *Service) emitCommandEvent(eventBytes []byte) { }) if err != nil { - log.Debugf("Got event with missing args: skipping.") + logger.DebugContext(s.closeContext, "Got event with missing args, skipping") lostCommandEvents.Add(float64(1)) return } @@ -422,7 +425,7 @@ func (s *Service) emitCommandEvent(eventBytes []byte) { Argv: args[1:], } if err := ctx.Emitter.EmitAuditEvent(ctx.Context, sessionCommandEvent); err != nil { - log.WithError(err).Warn("Failed to emit command event.") + logger.WarnContext(ctx.Context, "Failed to emit command event", "error", err) } // Now that the event has been processed, remove from cache. @@ -436,7 +439,7 @@ func (s *Service) emitDiskEvent(eventBytes []byte) { var event rawOpenEvent err := unmarshalEvent(eventBytes, &event) if err != nil { - log.Debugf("Failed to read binary data: %v.", err) + logger.DebugContext(s.closeContext, "Failed to read binary data", "error", err) return } @@ -489,7 +492,7 @@ func (s *Service) emit4NetworkEvent(eventBytes []byte) { var event rawConn4Event err := unmarshalEvent(eventBytes, &event) if err != nil { - log.Debugf("Failed to read binary data: %v.", err) + logger.DebugContext(s.closeContext, "Failed to read binary data", "error", err) return } @@ -536,7 +539,7 @@ func (s *Service) emit4NetworkEvent(eventBytes []byte) { TCPVersion: 4, } if err := ctx.Emitter.EmitAuditEvent(ctx.Context, sessionNetworkEvent); err != nil { - log.WithError(err).Warn("Failed to emit network event.") + logger.WarnContext(ctx.Context, "Failed to emit network event", "error", err) } } @@ -546,7 +549,7 @@ func (s *Service) emit6NetworkEvent(eventBytes []byte) { var event rawConn6Event err := unmarshalEvent(eventBytes, &event) if err != nil { - log.Debugf("Failed to read binary data: %v.", err) + logger.DebugContext(s.closeContext, "Failed to read binary data", "error", err) return } @@ -593,7 +596,7 @@ func (s *Service) emit6NetworkEvent(eventBytes []byte) { TCPVersion: 6, } if err := ctx.Emitter.EmitAuditEvent(ctx.Context, sessionNetworkEvent); err != nil { - log.WithError(err).Warn("Failed to emit network event.") + logger.WarnContext(ctx.Context, "Failed to emit network event", "error", err) } } diff --git a/lib/bpf/helper.go b/lib/bpf/helper.go index 7f3a68883ba1b..5ffaee98965c1 100644 --- a/lib/bpf/helper.go +++ b/lib/bpf/helper.go @@ -22,6 +22,7 @@ package bpf import ( + "context" "encoding/binary" "os" "sync" @@ -30,14 +31,12 @@ import ( "github.com/aquasecurity/libbpfgo" "github.com/gravitational/trace" "github.com/prometheus/client_golang/prometheus" - "github.com/sirupsen/logrus" "github.com/gravitational/teleport" + logutils "github.com/gravitational/teleport/lib/utils/log" ) -var log = logrus.WithFields(logrus.Fields{ - teleport.ComponentKey: teleport.ComponentBPF, -}) +var logger = logutils.NewPackageLogger(teleport.ComponentKey, teleport.ComponentBPF) const ( kprobeProgPrefix = "kprobe__" @@ -224,7 +223,7 @@ func (c *Counter) loop() { var key int32 = 0 cntBytes, err := c.arr.GetValue(unsafe.Pointer(&key)) if err != nil { - log.Errorf("Error reading array value at index 0") + logger.ErrorContext(context.Background(), "Error reading array value at index 0") continue }