Add additional logging in the watcher for windows (#6376)

Co-authored-by: Teddy Reed <teddy@casualhacking.io>
2024-11-06 17:45:22 +00:00 · 2020-05-25 17:33:21 +01:00 · 2020-05-25 17:33:21 +01:00 · a154e45026
commit a154e45026
parent 25e0088e9f
3 changed files with 24 additions and 25 deletions
--- a/osquery/core/init.cpp
+++ b/osquery/core/init.cpp
@ -509,9 +509,9 @@ void Initializer::initActivePlugin(const std::string& type,
  }));

  if (!status.ok()) {
-    LOG(ERROR) << "Cannot activate " << name << " " << type
-               << " plugin: " << status.getMessage();
-    requestShutdown(EXIT_CATASTROPHIC);
+    std::string message = "Cannot activate " + name + " " + type +
+                          " plugin: " + status.getMessage();
+    requestShutdown(EXIT_CATASTROPHIC, message);
  }
 }

@ -535,10 +535,10 @@ void Initializer::start() const {
      }

      if (i == kDatabaseMaxRetryCount) {
-        LOG(ERROR) << RLOG(1629) << binary_
-                   << " initialize failed: Could not initialize database";
+        auto message = std::string(RLOG(1629)) + binary_ +
+                       " initialize failed: Could not initialize database";
        auto retcode = (isWorker()) ? EXIT_CATASTROPHIC : EXIT_FAILURE;
-        requestShutdown(retcode);
+        requestShutdown(retcode, message);
        return;
      }

@ -547,9 +547,8 @@ void Initializer::start() const {

    // Ensure the database results version is up to date before proceeding
    if (!upgradeDatabase()) {
-      LOG(ERROR) << "Failed to upgrade database";
      auto retcode = (isWorker()) ? EXIT_CATASTROPHIC : EXIT_FAILURE;
-      requestShutdown(retcode);
+      requestShutdown(retcode, "Failed to upgrade database");
      return;
    }
  }
@ -711,8 +710,9 @@ void Initializer::requestShutdown(int retcode) {
  });
 }

-void Initializer::requestShutdown(int retcode, const std::string& system_log) {
-  systemLog(system_log);
+void Initializer::requestShutdown(int retcode, const std::string& message) {
+  LOG(ERROR) << message;
+  systemLog(message);
  requestShutdown(retcode);
 }

--- a/osquery/core/watcher.cpp
+++ b/osquery/core/watcher.cpp
@ -215,7 +215,8 @@ void WatcherRunner::start() {

      auto status = watcher.getWorkerStatus();
      if (status == EXIT_CATASTROPHIC) {
-        Initializer::requestShutdown(EXIT_CATASTROPHIC);
+        Initializer::requestShutdown(EXIT_CATASTROPHIC,
+                                     "Worker returned exit status");
        break;
      }

@ -543,8 +544,9 @@ void WatcherRunner::createWorker() {
                            EQUALS,
                            INTEGER(PlatformProcess::getCurrentPid()));
  if (qd.size() != 1 || qd[0].count("path") == 0 || qd[0]["path"].size() == 0) {
-    LOG(ERROR) << "osquery watcher cannot determine process path for worker";
-    Initializer::requestShutdown(EXIT_FAILURE);
+    Initializer::requestShutdown(
+        EXIT_FAILURE,
+        "osquery watcher cannot determine process path for worker");
    return;
  }

@ -564,9 +566,9 @@ void WatcherRunner::createWorker() {
  if (!safePermissions(
          exec_path.parent_path().string(), exec_path.string(), true)) {
    // osqueryd binary has become unsafe.
-    LOG(ERROR) << RLOG(1382)
-               << "osqueryd has unsafe permissions: " << exec_path.string();
-    Initializer::requestShutdown(EXIT_FAILURE);
+    auto message = std::string(RLOG(1382)) +
+                   "osqueryd has unsafe permissions: " + exec_path.string();
+    Initializer::requestShutdown(EXIT_FAILURE, message);
    return;
  }

--- a/osquery/dispatcher/scheduler.cpp
+++ b/osquery/dispatcher/scheduler.cpp
@ -136,12 +136,10 @@ Status launchQuery(const std::string& name, const ScheduledQuery& query) {
    status = dbQuery.addNewResults(
        std::move(sql.rowsTyped()), item.epoch, item.counter, diff_results);
    if (!status.ok()) {
-      std::string line = "Error adding new results to database for query " +
-                         name + ": " + status.what();
-      LOG(ERROR) << line;
-
+      std::string message = "Error adding new results to database for query " +
+                            name + ": " + status.what();
      // If the database is not available then the daemon cannot continue.
-      Initializer::requestShutdown(EXIT_CATASTROPHIC, line);
+      Initializer::requestShutdown(EXIT_CATASTROPHIC, message);
    }
  } else {
    diff_results.added = std::move(sql.rowsTyped());
@ -161,10 +159,9 @@ Status launchQuery(const std::string& name, const ScheduledQuery& query) {
  status = logQueryLogItem(item);
  if (!status.ok()) {
    // If log directory is not available, then the daemon shouldn't continue.
-    std::string error = "Error logging the results of query: " + name + ": " +
-                        status.toString();
-    LOG(ERROR) << error;
-    Initializer::requestShutdown(EXIT_CATASTROPHIC, error);
+    std::string message = "Error logging the results of query: " + name + ": " +
+                          status.toString();
+    Initializer::requestShutdown(EXIT_CATASTROPHIC, message);
  }
  return status;
 }