secynic · secynic · Oct 13, 2016 · Oct 13, 2016 · Oct 13, 2016
diff --git a/CHANGES.rst b/CHANGES.rst
@@ -6,6 +6,8 @@ Changelog
 
 - Added syslog-ng support (#2)
 - Added sudo arg to utils.popen_wrapper() - code consolidation
+- Adding loglevel argument to scripts and service.SystemService (#5). Defaults
+  to info. Travis defaults to debug.
 - Fixed bytes to str decoding issue on Python 3
 - Fixed splitlines list[bytes] decode on Python 3
 - Logging output tweaks

diff --git a/nfsinkhole/scripts/nfsinkhole-service.py b/nfsinkhole/scripts/nfsinkhole-service.py
@@ -32,15 +32,6 @@
 from nfsinkhole.iptables import IPTablesSinkhole
 from nfsinkhole.utils import (ANSI, popen_wrapper, get_interface_addr)
 
-# TODO: add --log_level arg, currently set to debug
-LOG_FORMAT = ('[%(asctime)s.%(msecs)03d] [%(levelname)s] '
-              '[%(filename)s:%(lineno)s] [%(funcName)s()] %(message)s')
-logging.basicConfig(filename='/tmp/nfsinkhole-service.log', format=LOG_FORMAT,
-                    level=logging.DEBUG, datefmt='%Y-%m-%dT%H:%M:%S')
-logging.Formatter.converter = time.gmtime
-log = logging.getLogger(__name__)
-log.debug('nfsinkhole-service.py called')
-
 # Setup the arg parser.
 parser = argparse.ArgumentParser(
     description='nfsinkhole service script',
@@ -123,6 +114,16 @@
     help='Exclude a comma separated string of source IPs/CIDRs from logging.'
 )
 
+parser.add_argument(
+    '--loglevel',
+    type=str,
+    default='info',
+    choices=['debug', 'info', 'warning', 'error', 'critical'],
+    help='Logging level for nfsinkhole events. This does not affect sinkhole '
+         'traffic logs, only service/library event logs. Must be one of debug,'
+         ' info, warning, error, critical.'
+)
+
 # Input (required)
 group = parser.add_argument_group('Input (Required)')
 
@@ -141,6 +142,16 @@
 # Get the args
 script_args = parser.parse_args()
 
+# Logging
+LOG_FORMAT = ('[%(asctime)s.%(msecs)03d] [%(levelname)s] '
+              '[%(filename)s:%(lineno)s] [%(funcName)s()] %(message)s')
+logging.basicConfig(filename='/tmp/nfsinkhole-service.log', format=LOG_FORMAT,
+                    level=getattr(logging, script_args.loglevel.upper()),
+                    datefmt='%Y-%m-%dT%H:%M:%S')
+logging.Formatter.converter = time.gmtime
+log = logging.getLogger(__name__)
+log.info('nfsinkhole-service.py called')
+
 # Get the network interface info
 interface = script_args.interface
 interface_addr = get_interface_addr(interface)

diff --git a/nfsinkhole/scripts/nfsinkhole-setup.py b/nfsinkhole/scripts/nfsinkhole-setup.py
@@ -36,14 +36,6 @@
 from nfsinkhole.syslog_ng import SyslogNG
 from nfsinkhole.utils import (ANSI, popen_wrapper, set_system_timezone)
 
-# TODO: add --log_level arg, currently set to debug
-LOG_FORMAT = ('[%(asctime)s.%(msecs)03d] [%(levelname)s] '
-              '[%(filename)s:%(lineno)s] [%(funcName)s()] %(message)s')
-logging.basicConfig(filename='nfsinkhole-setup.log', format=LOG_FORMAT,
-                    level=logging.DEBUG, datefmt='%Y-%m-%dT%H:%M:%S')
-logging.Formatter.converter = time.gmtime
-log = logging.getLogger(__name__)
-log.debug('nfsinkhole-setup.py called')
 uid = os.geteuid()  # Unix req; autodoc_mock_imports for Sphinx cross platform
 
 scripts_dir = os.path.dirname(os.path.realpath(__file__))
@@ -152,6 +144,16 @@
          )
 )
 
+parser.add_argument(
+    '--loglevel',
+    type=str,
+    default='info',
+    choices=['debug', 'info', 'warning', 'error', 'critical'],
+    help='Logging level for nfsinkhole events. This does not affect sinkhole '
+         'traffic logs, only service/library event logs. Must be one of debug,'
+         ' info, warning, error, critical.'
+)
+
 # Input (required)
 group = parser.add_argument_group('Input (Required)')
 
@@ -170,6 +172,16 @@
 # Get the args
 script_args = parser.parse_args()
 
+# Logging
+LOG_FORMAT = ('[%(asctime)s.%(msecs)03d] [%(levelname)s] '
+              '[%(filename)s:%(lineno)s] [%(funcName)s()] %(message)s')
+logging.basicConfig(filename='nfsinkhole-setup.log', format=LOG_FORMAT,
+                    level=getattr(logging, script_args.loglevel.upper()),
+                    datefmt='%Y-%m-%dT%H:%M:%S')
+logging.Formatter.converter = time.gmtime
+log = logging.getLogger(__name__)
+log.info('nfsinkhole-setup.py called')
+
 # Check if systemd or legacy
 system_service = SystemService(
     interface=script_args.interface,
@@ -181,7 +193,8 @@
     hashlimitburst=script_args.hashlimitburst,
     hashlimitexpire=script_args.hashlimitexpire,
     srcexclude=script_args.srcexclude,
-    pcap=script_args.pcap
+    pcap=script_args.pcap,
+    loglevel=script_args.loglevel
 )
 is_systemd, svc_path = system_service.check_systemd()
 

diff --git a/nfsinkhole/service.py b/nfsinkhole/service.py
@@ -108,15 +108,18 @@ class SystemService:
             table.
         srcexclude: Exclude a comma separated string of source IPs/CIDRs from
             logging.
-        pcap: Enable packet capture text or raw depending on tcpdump version.'
+        pcap: Enable packet capture text or raw depending on tcpdump version.
+        loglevel: Logging level for nfsinkhole events. This does not affect
+            sinkhole traffic logs, only service/library event logs. Must be
+            one of debug, info, warning, error, critical.
     """
 
     def __init__(self, interface=None, interface_addr=None,
                  log_prefix='"[nfsinkhole] "',
                  protocol='all', dport='0:65535',
                  hashlimit='1/h', hashlimitmode='srcip,dstip,dstport',
                  hashlimitburst='1', hashlimitexpire='3600000',
-                 srcexclude='127.0.0.1', pcap=True
+                 srcexclude='127.0.0.1', pcap=True, loglevel='info'
                  ):
 
         self.exists = os.path.exists('/etc/systemd')
@@ -133,6 +136,7 @@ def __init__(self, interface=None, interface_addr=None,
         self.hashlimitburst = hashlimitburst
         self.hashlimitexpire = hashlimitexpire
         self.srcexclude = srcexclude
+        self.loglevel = loglevel
 
         # Check if packet printing is supported
         tcp_dump = TCPDump()
@@ -178,6 +182,7 @@ def create_service(self):
                 '--hashlimitburst {hashlimitburst} '
                 '--hashlimitexpire {hashlimitexpire} '
                 '--srcexclude {srcexclude} '
+                '--loglevel {loglevel} '
                 ''.format(
                     pyfp=sys.executable,
                     fp=os.path.dirname(sys.executable),
@@ -189,17 +194,19 @@ def create_service(self):
                     hashlimitmode=self.hashlimitmode,
                     hashlimitburst=self.hashlimitburst,
                     hashlimitexpire=self.hashlimitexpire,
-                    srcexclude=self.srcexclude
+                    srcexclude=self.srcexclude,
+                    loglevel=self.loglevel
                 )
             )
 
             # Run after main process stops
             execstop = (
                 '-{pyfp} {fp}/nfsinkhole-service.py '
-                '--delete --interface {interface}'.format(
+                '--delete --interface {interface} --loglevel {loglevel}'.format(
                     pyfp=sys.executable,
                     fp=os.path.dirname(sys.executable),
-                    interface=self.interface
+                    interface=self.interface,
+                    loglevel=self.loglevel
                 )
             )
 

diff --git a/nfsinkhole/tests/travis_tests.sh b/nfsinkhole/tests/travis_tests.sh
@@ -19,7 +19,7 @@ if [ "${TRAVIS_PYTHON_VERSION}" = "2.7" ]; then
     sudo docker exec nfsinkholevm /bin/sh -c "ifconfig"
     sudo docker exec nfsinkholevm /bin/sh -c "ls -al /root/nfsinkhole"
     sudo docker exec nfsinkholevm /bin/sh -c "cd /root/nfsinkhole/ && python setup.py install"
-    sudo docker exec --privileged nfsinkholevm /bin/sh -c "python /usr/bin/nfsinkhole-setup.py --interface eth1 --install --pcap"
+    sudo docker exec --privileged nfsinkholevm /bin/sh -c "python /usr/bin/nfsinkhole-setup.py --interface eth1 --install --pcap --loglevel debug"
     sudo docker exec nfsinkholevm /bin/sh -c "cat /var/log/nfsinkhole-setup.log && rm /var/log/nfsinkhole-setup.log"
     sudo docker exec --privileged nfsinkholevm /bin/sh -c "systemctl start nfsinkhole.service"
     sudo docker exec --privileged nfsinkholevm /bin/sh -c "systemctl status nfsinkhole.service"
@@ -29,6 +29,6 @@ if [ "${TRAVIS_PYTHON_VERSION}" = "2.7" ]; then
     sudo docker exec --privileged nfsinkholevm /bin/sh -c "systemctl status nfsinkhole.service || true"
     sudo docker exec nfsinkholevm /bin/sh -c "cat /var/log/nfsinkhole-service.log && rm /var/log/nfsinkhole-service.log"
     sudo docker exec nfsinkholevm /bin/sh -c "ps aux | grep /usr/sbin/tcpdump"
-    sudo docker exec --privileged nfsinkholevm /bin/sh -c "python /usr/bin/nfsinkhole-setup.py --interface eth1 --uninstall"
+    sudo docker exec --privileged nfsinkholevm /bin/sh -c "python /usr/bin/nfsinkhole-setup.py --interface eth1 --uninstall --loglevel debug"
     sudo docker exec nfsinkholevm /bin/sh -c "cat /var/log/nfsinkhole-setup.log && rm /var/log/nfsinkhole-setup.log"
 fi