search

jasonish / evebox

Web Based Event Viewer (GUI) for Suricata EVE Events in Elastic Search
https://evebox.org/
MIT License
423 stars 67 forks source link

When starting evebox, I get a stream of [DEBUG] entries...is this normal? #214

Closed domiflichi closed 2 years ago

domiflichi commented 2 years ago

Super noobie here. When I run evebox as shown in the docs: evebox server -v -D . --datastore sqlite --input /var/log/suricata/eve.json I get a stream of [DEBUG] entries. Despite this, evebox seems to be working - I can pull up the Inbox web interface. Here's an example of what comes up on the screen:

2022-08-02 13:41:10  INFO evebox::version: This is EveBox version 0.15.0 (rev: deca6c6); x86_64-unknown-linux-musl
2022-08-02 13:41:10 DEBUG evebox::server::main: Certificate checks disabled: false
2022-08-02 13:41:10 DEBUG evebox::sqlite: Result of setting database to WAL mode: Ok("wal")
2022-08-02 13:41:10 DEBUG evebox::sqlite: Result of setting database to WAL mode: Ok("wal")
2022-08-02 13:41:10  INFO refinery_core::traits: current version: 3    
2022-08-02 13:41:10  INFO refinery_core::traits::sync: no migrations to apply    
2022-08-02 13:41:10 DEBUG evebox::sqlite: set journal mode to WAL
2022-08-02 13:41:10  INFO evebox::sqlite: Result of setting database to WAL mode: Err(QueryReturnedNoRows)
2022-08-02 13:41:10 DEBUG evebox::sqlite: Result of setting database to WAL mode: Ok("wal")
2022-08-02 13:41:10 DEBUG evebox::sqlite: Result of setting database to WAL mode: Ok("wal")
2022-08-02 13:41:10  INFO evebox::server::main: Configuration database filename: "./config.sqlite"
2022-08-02 13:41:10 DEBUG evebox::sqlite: Result of setting database to WAL mode: Ok("wal")
2022-08-02 13:41:10  INFO refinery_core::traits: current version: 1    
2022-08-02 13:41:10  INFO refinery_core::traits::sync: no migrations to apply    
2022-08-02 13:41:10 DEBUG evebox::server::main: Checking "/home/jamie/b264daf6271f51125d20d5a7715e8947.bookmark" for writability
2022-08-02 13:41:10  INFO evebox::server::main: Using bookmark filename Some("/home/jamie/b264daf6271f51125d20d5a7715e8947.bookmark") for input "/var/log/suricata/eve.json"
2022-08-02 13:41:10  INFO evebox::server::main: Starting reader for /var/log/suricata/eve.json
2022-08-02 13:41:10  INFO evebox::server::main: Starting server on 10.10.10.27:5636, tls=false
2022-08-02 13:41:10  INFO evebox::eve::processor: Valid bookmark found, jumping to record: 480080
2022-08-02 13:41:11 DEBUG evebox::sqlite::importer: Commiting 12 events
2022-08-02 13:41:12 DEBUG evebox::sqlite::importer: Commiting 1 events
2022-08-02 13:41:13 DEBUG evebox::sqlite::importer: Commiting 2 events
2022-08-02 13:41:14 DEBUG evebox::sqlite::importer: Commiting 2 events
2022-08-02 13:41:15 DEBUG evebox::sqlite::importer: Commiting 1 events
2022-08-02 13:41:17 DEBUG evebox::sqlite::importer: Commiting 1 events
2022-08-02 13:41:18 DEBUG evebox::sqlite::importer: Commiting 1 events
2022-08-02 13:41:19 DEBUG evebox::sqlite::importer: Commiting 2 events

And it continues to mostly give me the DEBUG lines that talk about 'Committing X events'.

Is this normal behavior? The whole 'DEBUG' thing makes me nervous like something is broken.

jasonish commented 2 years ago

This is normal. -v enables debug logging, without it you'll only see info and error.

domiflichi commented 2 years ago

OK. Thank you so much @jasonish !