search

gocsaf / csaf

Tools to download or provide CSAF (Common Security Advisory Framework) documents.
https://csaf.io
40 stars 23 forks source link

verbose should correspond to a loglevel and those be made more consistent #457

Closed bernhardreiter closed 1 year ago

bernhardreiter commented 1 year ago

It is unclear what --verbose does, now that we have loglevels.

In the following example first without -v then with -v it is seen that INFO entries are added:

./bin-linux-amd64/csaf_downloader --logfile=""  www.bsi.bund.de
{"time":"2023-09-13T16:17:40+02:00","level":"INFO","msg":"Download statistics","succeeded":0,"total_failed":0,"filename_failed":0,"download_failed":0,"schema_failed":0,"remote_failed":0,"sha256_failed":0,"sha512_failed":0,"signature_failed":0}
{"time":"2023-09-13T16:17:40+02:00","level":"INFO","msg":"error: no valid provider-metadata.json found for 'www.bsi.bund.de'"}
./bin-linux-amd64/csaf_downloader --logfile="" -v  www.bsi.bund.de
{"time":"2023-09-13T16:18:48+02:00","level":"INFO","msg":"[GET]: https://www.bsi.bund.de/.well-known/csaf/provider-metadata.json"}
{"time":"2023-09-13T16:18:48+02:00","level":"INFO","msg":"[GET]: https://www.bsi.bund.de/.well-known/security.txt"}
{"time":"2023-09-13T16:18:48+02:00","level":"INFO","msg":"[GET]: https://cert-bund.de/.well-known/csaf/provider-metadata.json"}
{"time":"2023-09-13T16:18:48+02:00","level":"INFO","msg":"[GET]: https://csaf.data.security.www.bsi.bund.de"}
{"time":"2023-09-13T16:18:48+02:00","level":"INFO","msg":"Loading provider-metadata.json","domain":"www.bsi.bund.de","message":"fetching \"https://csaf.data.security.www.bsi.bund.de\" failed: Get \"https://csaf.data.security.www.bsi.bund.de\": dial tcp: lookup csaf.data.security.www.bsi.bund.de on 127.0.0.53:53: no such host"}
{"time":"2023-09-13T16:18:48+02:00","level":"INFO","msg":"Download statistics","succeeded":0,"total_failed":0,"filename_failed":0,"download_failed":0,"schema_failed":0,"remote_failed":0,"sha256_failed":0,"sha512_failed":0,"signature_failed":0}
{"time":"2023-09-13T16:18:48+02:00","level":"INFO","msg":"error: no valid provider-metadata.json found for 'www.bsi.bund.de'"}

And the last one should not be INFO, but error.

One idea would be to make --verbose be the same as --logleve=debug and then turn all the verbose messages into debug messages.

cintek commented 1 year ago

By default the verbosity of the slog logger is set to INFO and it's possible to change it.

bernhardreiter commented 1 year ago

By default the verbosity of the slog logger is set to INFO and it's possible to change it.

Yes, but this is not the point. To explain, in current main:

s-l-teichmann commented 1 year ago

I think it would be a valid way to remove the verbose flag entirely and only use the log level to enable the logging of the http requests and other things the verbose flag is doing. verbose should be equivalent to log level debug.