gravitational · rosstimothy · Dec 17, 2024 · Dec 16, 2024
diff --git a/lib/bpf/bpf.go b/lib/bpf/bpf.go
@@ -123,15 +123,15 @@ func New(config *servicecfg.BPFConfig) (bpf BPF, err error) {
 		return nil, trace.Wrap(err)
 	}
 
+	closeContext, closeFunc := context.WithCancel(context.Background())
+
 	// If BPF-based auditing is not enabled, don't configure anything return
 	// right away.
 	if !config.Enabled {
-		log.Debugf("Enhanced session recording is not enabled, skipping.")
+		logger.DebugContext(closeContext, "Enhanced session recording is not enabled, skipping")
 		return &NOP{}, nil
 	}
 
-	closeContext, closeFunc := context.WithCancel(context.Background())
-
 	s := &Service{
 		BPFConfig:    config,
 		watch:        NewSessionWatch(),
@@ -150,7 +150,7 @@ func New(config *servicecfg.BPFConfig) (bpf BPF, err error) {
 	defer func() {
 		if err != nil {
 			if err := s.cgroup.Close(true); err != nil {
-				log.WithError(err).Warn("Failed to close cgroup")
+				logger.WarnContext(closeContext, "Failed to close cgroup", "error", err)
 			}
 		}
 	}()
@@ -163,7 +163,7 @@ func New(config *servicecfg.BPFConfig) (bpf BPF, err error) {
 	}
 
 	start := time.Now()
-	log.Debugf("Starting enhanced session recording.")
+	logger.DebugContext(closeContext, "Starting enhanced session recording")
 
 	// Compile and start BPF programs if they are enabled (buffer size given).
 	s.exec, err = startExec(*config.CommandBufferSize)
@@ -181,10 +181,13 @@ func New(config *servicecfg.BPFConfig) (bpf BPF, err error) {
 		return nil, trace.Wrap(err)
 	}
 
-	log.Debugf("Started enhanced session recording with buffer sizes (command=%v, "+
-		"disk=%v, network=%v) and cgroup mount path: %v. Took %v.",
-		*s.CommandBufferSize, *s.DiskBufferSize, *s.NetworkBufferSize,
-		s.CgroupPath, time.Since(start))
+	logger.DebugContext(closeContext, "Started enhanced session recording",
+		"command_buffer_size", *s.CommandBufferSize,
+		"disk_buffer_size", *s.DiskBufferSize,
+		"network_buffer_size", *s.NetworkBufferSize,
+		"cgroup_mount_path", s.CgroupPath,
+		"elapsed", time.Since(start),
+	)
 
 	go s.processNetworkEvents()
 
@@ -213,7 +216,7 @@ func (s *Service) Close(restarting bool) error {
 	// we're restarting.
 	skipCgroupUnmount := restarting
 	if err := s.cgroup.Close(skipCgroupUnmount); err != nil {
-		log.WithError(err).Warn("Failed to close cgroup")
+		logger.WarnContext(s.closeContext, "Failed to close cgroup", "error", err)
 	}
 
 	// Signal to the processAccessEvents pulling events off the perf buffer to shutdown.
@@ -247,7 +250,7 @@ func (s *Service) OpenSession(ctx *SessionContext) (uint64, error) {
 			// Clean up all already opened modules.
 			for _, closer := range initializedModClosures {
 				if closeErr := closer.endSession(cgroupID); closeErr != nil {
-					log.Debugf("failed to close session: %v", closeErr)
+					logger.DebugContext(s.closeContext, "failed to close session", "error", closeErr)
 				}
 			}
 			return 0, trace.Wrap(err)
@@ -343,7 +346,7 @@ func (s *Service) emitCommandEvent(eventBytes []byte) {
 	var event rawExecEvent
 	err := unmarshalEvent(eventBytes, &event)
 	if err != nil {
-		log.Debugf("Failed to read binary data: %v.", err)
+		logger.DebugContext(s.closeContext, "Failed to read binary data", "error", err)
 		return
 	}
 
@@ -369,7 +372,7 @@ func (s *Service) emitCommandEvent(eventBytes []byte) {
 			return make([]string, 0), nil
 		})
 		if err != nil {
-			log.WithError(err).Warn("Unable to retrieve args from FnCahe - this is a bug!")
+			logger.WarnContext(s.closeContext, "Unable to retrieve args from FnCahe - this is a bug!", "error", err)
 			args = []string{}
 		}
 
@@ -387,7 +390,7 @@ func (s *Service) emitCommandEvent(eventBytes []byte) {
 		})
 
 		if err != nil {
-			log.Debugf("Got event with missing args: skipping.")
+			logger.DebugContext(s.closeContext, "Got event with missing args, skipping")
 			lostCommandEvents.Add(float64(1))
 			return
 		}
@@ -422,7 +425,7 @@ func (s *Service) emitCommandEvent(eventBytes []byte) {
 			Argv:       args[1:],
 		}
 		if err := ctx.Emitter.EmitAuditEvent(ctx.Context, sessionCommandEvent); err != nil {
-			log.WithError(err).Warn("Failed to emit command event.")
+			logger.WarnContext(ctx.Context, "Failed to emit command event", "error", err)
 		}
 
 		// Now that the event has been processed, remove from cache.
@@ -436,7 +439,7 @@ func (s *Service) emitDiskEvent(eventBytes []byte) {
 	var event rawOpenEvent
 	err := unmarshalEvent(eventBytes, &event)
 	if err != nil {
-		log.Debugf("Failed to read binary data: %v.", err)
+		logger.DebugContext(s.closeContext, "Failed to read binary data", "error", err)
 		return
 	}
 
@@ -489,7 +492,7 @@ func (s *Service) emit4NetworkEvent(eventBytes []byte) {
 	var event rawConn4Event
 	err := unmarshalEvent(eventBytes, &event)
 	if err != nil {
-		log.Debugf("Failed to read binary data: %v.", err)
+		logger.DebugContext(s.closeContext, "Failed to read binary data", "error", err)
 		return
 	}
 
@@ -536,7 +539,7 @@ func (s *Service) emit4NetworkEvent(eventBytes []byte) {
 		TCPVersion: 4,
 	}
 	if err := ctx.Emitter.EmitAuditEvent(ctx.Context, sessionNetworkEvent); err != nil {
-		log.WithError(err).Warn("Failed to emit network event.")
+		logger.WarnContext(ctx.Context, "Failed to emit network event", "error", err)
 	}
 }
 
@@ -546,7 +549,7 @@ func (s *Service) emit6NetworkEvent(eventBytes []byte) {
 	var event rawConn6Event
 	err := unmarshalEvent(eventBytes, &event)
 	if err != nil {
-		log.Debugf("Failed to read binary data: %v.", err)
+		logger.DebugContext(s.closeContext, "Failed to read binary data", "error", err)
 		return
 	}
 
@@ -593,7 +596,7 @@ func (s *Service) emit6NetworkEvent(eventBytes []byte) {
 		TCPVersion: 6,
 	}
 	if err := ctx.Emitter.EmitAuditEvent(ctx.Context, sessionNetworkEvent); err != nil {
-		log.WithError(err).Warn("Failed to emit network event.")
+		logger.WarnContext(ctx.Context, "Failed to emit network event", "error", err)
 	}
 }
 

diff --git a/lib/bpf/helper.go b/lib/bpf/helper.go
@@ -22,6 +22,7 @@
 package bpf
 
 import (
+	"context"
 	"encoding/binary"
 	"os"
 	"sync"
@@ -30,14 +31,12 @@ import (
 	"github.com/aquasecurity/libbpfgo"
 	"github.com/gravitational/trace"
 	"github.com/prometheus/client_golang/prometheus"
-	"github.com/sirupsen/logrus"
 
 	"github.com/gravitational/teleport"
+	logutils "github.com/gravitational/teleport/lib/utils/log"
 )
 
-var log = logrus.WithFields(logrus.Fields{
-	teleport.ComponentKey: teleport.ComponentBPF,
-})
+var logger = logutils.NewPackageLogger(teleport.ComponentKey, teleport.ComponentBPF)
 
 const (
 	kprobeProgPrefix     = "kprobe__"
@@ -224,7 +223,7 @@ func (c *Counter) loop() {
 		var key int32 = 0
 		cntBytes, err := c.arr.GetValue(unsafe.Pointer(&key))
 		if err != nil {
-			log.Errorf("Error reading array value at index 0")
+			logger.ErrorContext(context.Background(), "Error reading array value at index 0")
 			continue
 		}