OpenVAS Change Request #29: OpenVAS: Improve debug and error output

Status: Voted +4. In progress.

Purpose

Improve error reporting across all subsystems from the current output redirection of printf statement

References

Related Mail threads:

• Initial Patch mail thread
• Second Patch mail thread

While using the latest patch, you may want to modify a library to call glib logging functions. A sample is included in the first patch (nasl_grammar and nasl_socket)

Rationale

Currently, output to .dump files is through printf statements that openvasd redirects to files. The printf statements neither have a timestamp nor an indicator of the source. Implementing C Macros may not work as expected.

Effects

Allow for a systemwide at runtime toggling of debug/error messages and possibly user defined formatting of error strings

Design and Implementation

The design goals should be to reuse the existing glib message output and debug functions to accomplish this by using g_log for all logging within OpenVAS.

• Definition of various G_LOG_DOMAINs within the source files to identify library/subsystem/operation message sources. e.g. log_domain_ssl,
• Use of predefined log domains such as
• log_domain_otp - protocol dump
• log_domain_ssl - SSL debug messages
• log_domain_scripts - Dependency failures, Script errors
• log_domain_libnasl - Libnasl messages that can't be categorized by the above
• log_domain_libopenvas - Libopenvas messages that can't be categorized by the above
• log_domain_openvasd - openvasd messages that can't be categorized by the above
• We also have to add "if (!g_thread_supported ()) g_thread_init (NULL);" openvasd's main() to make logging thread safe. This means that we have to add gthread include and cflags to the autoconf scripts
• Use of g_log_set_handler () in openvasd's main() to dynamically route messages to different logfiles depending on the domain and log_level (severity) giving flexibility surpassing apache's access and error logfiles
• Using glib's IO Channels to handle log output to files
• Definition of a prepend string in a config file much like PHP's html error prepend string based on the following proposal:
• %P: PID
• %{format}t: strftime format string (resolution is down to the second level)
• Use of __LINE__ and __FILE__ in debug messages - Left to the devloper's discretion
• If we have time and manpower, use assert statements to catch bugs we wouldn't know about - Have a look at glib-Warnings-and-Assertions.html in glib's documentation

To make the logging process versatile, openvasd logging configuration should be stored in a configuration file. We can reuse glib's keyfiles for this.
List of configuration options

• log domain
• log prepend string
• log file
• log level threshold

A sample configuration file

	#libnasl >critical messages are logged to stderr
	[libnasl]
	prepend=%p
	file=-
	level=critical

	#openvasd >warning messages have a pid prepended and
	#logged to openvasd.log
	[openvasd]
	prepend=%p
	file=/var/log/openvasd.log
	level=warnings

	#All >defaultlevel messages  that do not match the above
	#have the pid prepended and are logged to openvas.log
	[*]
	prepend=%p
	file=/var/log/openvas.log

History

• 2009-07-27 Matthew Mundell <matthew.mundell@intevation.de>:
  Remove quotes from sample. Flush trailing whitespace.
• 2009-07-16 Matthew Mundell <matthew.mundell@intevation.de>:
  Update status.
• 2009-05-14 Laban Mwangi <lmwangi@penguinlabs.co.ke>:
  Adding predefined log_domains.
• 2009-04-28 Laban Mwangi <lmwangi@penguinlabs.co.ke>:
  Adding a configuration example.
• 2009-04-25 Laban Mwangi <lmwangi@penguinlabs.co.ke>:
  Adding details based on testing.
• 2009-04-14 Laban Mwangi <lmwangi@penguinlabs.co.ke>:
  Integrating with glib logging.
• 2009-04-08 Laban Mwangi <lmwangi@penguinlabs.co.ke>:
  Initial text.