engine: choose better Suricata logging levels for rule test

The current default is to use SC_LOG_LEVEL=warning which can output non-fatal warnings which is generally not what you want when running from cron with "suricata-update -q". Now, if "-q" is provided, run Suricata with SC_LOG_LEVEL=error which is useful for cron to ony be notified of fata errors. Generally end-users are not worried about rule warnings such as: ja3.hash should not be used together with nocase, since the rule is automatically lowercased anyway which makes nocase redundant. This also allows for log level be set with SC_LOG_LEVEL, in which case Suricata-Update will not change the log level. Additionally, make Suricata more verbose if Suricata-Update is run with "-v". Ticket: https://redmine.openinfosecfoundation.org/issues/7494
jasonish · Jan 15, 2025 · 48c3d15 · 48c3d15
1 parent befacae
commit 48c3d15
Showing 1 changed file with 23 additions and 5 deletions.
diff --git a/suricata/update/engine.py b/suricata/update/engine.py
@@ -95,7 +95,8 @@ def is_true(self, key, truthy=[]):
     @classmethod
     def load(cls, config_filename, suricata_path=None):
         env = build_env()
-        env["SC_LOG_LEVEL"] = "Error"
+        if "SC_LOG_LEVEL" not in env:
+            env["SC_LOG_LEVEL"] = "Error"
         if not suricata_path:
             suricata_path = get_path()
         if not suricata_path:
@@ -163,8 +164,29 @@ def get_version(path):
         return parse_version(output)
     return None
 
+
 def test_configuration(suricata_path, suricata_conf=None, rule_filename=None):
     """Test the Suricata configuration with -T."""
+
+    env = build_env()
+
+    # Choose a good Suricata log level, respecting SC_LOG_LEVEL if set.
+    if "SC_LOG_LEVEL" not in env:
+        try:
+            level = logging.getLevelName(logger.getEffectiveLevel())
+            if level == "WARNING":
+                # Suricata-Update was called with "-q", only output
+                # Suricata errors.
+                env["SC_LOG_LEVEL"] = "Error"
+            elif level == "DEBUG":
+                # Suricata-Update was called with "-v", increase
+                # Suricata logging to info.
+                env["SC_LOG_LEVEL"] = "Info"
+        finally:
+            # Default to warning.
+            if "SC_LOG_LEVEL" not in env:
+                env["SC_LOG_LEVEL"] = "Warning"
+
     tempdir = tempfile.mkdtemp()
     test_command = [
         suricata_path,
@@ -176,9 +198,6 @@ def test_configuration(suricata_path, suricata_conf=None, rule_filename=None):
     if rule_filename:
         test_command += ["-S", rule_filename]
 
-    env = build_env()
-    env["SC_LOG_LEVEL"] = "Warning"
-
     logger.debug("Running %s; env=%s", " ".join(test_command), str(env))
     rc = subprocess.Popen(test_command, env=env).wait()
     ret = True if rc == 0 else False
@@ -191,6 +210,5 @@ def test_configuration(suricata_path, suricata_conf=None, rule_filename=None):
 def build_env():
     env = os.environ.copy()
     env["SC_LOG_FORMAT"] = "%t - <%d> -- "
-    env["SC_LOG_LEVEL"] = "Error"
     env["ASAN_OPTIONS"] = "detect_leaks=0"
     return env