search

exein-io / pulsar

A modular and blazing fast runtime security tool for the IoT, powered by eBPF.
https://pulsar.sh
Other
888 stars 51 forks source link

[Bug]: Syslog messages missing beginning characters #280

Closed bcelenza closed 3 months ago

bcelenza commented 4 months ago

Contact Details

bri@celenza.dev

What happened?

Discovered during https://github.com/exein-io/pulsar/pull/277, the syslog logging capability appears to truncate or omit the first several characters of the log line emitted from Pulsar.

Example log line on main:

2024-04-22T09:05:21.948697-07:00 europa 04-22T16:05:21Z THREAT /snap/spotify/75/usr/share/spotify/spotify (5342)] [rules-engine - Create files below /dev] File Created { filename: /dev/shm/.org.chromium.Chromium.VaKDf9 }

Notice in the above example the second timestamp emitted by Pulsar starts 04-22T16:05:21Z, when it should be 2024-04-22T16:05:21Z.

Relevant log output

No response

Code of Conduct

banditopazzo commented 4 months ago

@bcelenza I made some tests and it seems that the issue is present only on some systems and the cause is the absence of the priority flag in the string; some systems have a smarter "syslog" and don't have the issue.

However I have a fix on #284 .

Can you test it on the machine where you got the original issue before we merge?

bcelenza commented 3 months ago

@banditopazzo Looks good to me! Thanks for the fix.