From c510a635ebfb6b6ec156d37e803c89a70f2fd195 Mon Sep 17 00:00:00 2001
From: Sunil Singh <sunil.singh@suse.com>
Date: Fri, 10 Jan 2025 14:43:04 -0800
Subject: [PATCH] Adding in log level support to troubleshooting page per usage
 document. Tied to NVSHAS-7687.

Signed-off-by: Sunil Singh <sunil.singh@suse.com>
---
 .../01.troubleshooting/01.troubleshooting.md  | 93 ++++++++++++++++++-
 .../01.troubleshooting/01.troubleshooting.md  | 93 ++++++++++++++++++-
 2 files changed, 184 insertions(+), 2 deletions(-)

diff --git a/docs/12.troubleshooting/01.troubleshooting/01.troubleshooting.md b/docs/12.troubleshooting/01.troubleshooting/01.troubleshooting.md
index 86662ed03..668d87520 100644
--- a/docs/12.troubleshooting/01.troubleshooting/01.troubleshooting.md
+++ b/docs/12.troubleshooting/01.troubleshooting/01.troubleshooting.md
@@ -57,7 +57,98 @@ kubectl get events -n neuvector
 
 The support log contains additional information which is useful for NeuVector Support, including system configuration, containers, policies, notifications, and NeuVector container details.
 
-To download the support log, go to Settings -> Configuration and select Collect Log. 
+To download the support log, go to Settings -> Configuration and select Collect Log.
+
+### Set Logging Severity Levels
+
+The enforcer and controller support four log levels that can be set: error, warn, info, debug. The log level can be set via Helm chart or deployment YAML during installation, or they can be set during runtime via the command-line. After the log level is set, only specific logs are displayed in the enforcer or controller log.
+
+#### Setting Options
+
++ To set the log level via Helm chart or deployment YAML during installation time:
+
+  Reuse the variable `CTRL_PATH_DEBUG` for both the enforcer and controller general log to set the log level value(error, warn, info, debug).
+
+  + If the value is "error": The log level is set to "ERRO"; only "ERRO" log is displayed, and "WARN", "INFO", and "DEBU" logs will not be displayed.
+  + If the value is "warn": The log level is set to "WARN"; only "WARN" and "ERRO" logs are displayed, and "INFO", and "DEBU" logs will not be displayed.
+  + If the value is "info": The log level is set to "INFO"; only "INFO", "WARN", and "ERRO" logs are displayed, and "DEBU" log will not be displayed.
+  + If the value is empty (if the command-line only has the option without the value), or if the input is "1", "e", "y", "Y", "t", "T", or if the input is "debug": The log level is set to "DEBU", and "DEBU", "INFO", "WARN", and "ERRO" logs are displayed.
+  + If the value is anything else: The log level is set to "INFO"; only "INFO", "WARN", and "ERRO" logs are displayed, and the "DEBU" log will not be displayed.
++ To set the log level using the command-line during runtime:
+
+    Set the log level for specific enforcer or controller:
+    Command:
+
+    ```shell
+    set {enforcer|controller} {ID_OR_NAME} log_level {error|warn|info|debug}
+    ```
+
+    Example:
+
+    ```shell
+    admin#127.0.0.1> set enforcer 470465277a36 log_level debug
+    admin#127.0.0.1> show enforcer setting 470465277a36
+    +-----------+-------+
+    | Field     | Value |
+    +-----------+-------+
+    | log_level | debug |
+    | debug     | cpath |
+    +-----------+-------+
+    ( default debug level setting will only set the cpath category)
+    ```
+
+    Set the system log level for all enforcers or controllers:
+
+    Command:
+
+    ```shell
+    set system log_level {enforcers|controllers} {error|warn|info|debug}
+    ```
+
+    Example:
+
+    ```shell
+    admin#127.0.0.1> set system log_level enforcers error
+    admin#127.0.0.1> show enforcer setting 470465277a36
+    +-----------+-------+
+    | Field     | Value |
+    +-----------+-------+
+    | log_level | error |
+    | debug     |       |
+    +-----------+-------+
+    (if the log level is "debug", the log display will be dependent on the category)
+    ```
+
+#### Example
+
+Set the `CTRL_PATH_DEBUG` to “debug” in the enforcer YAML and then deploy the enforcer:
+
+```YAML
+containers:
+- env:
+  - name: ENF_MONITOR_TRACE
+    value: "1"
+  - name: CLUSTER_JOIN_ADDR
+    value: neuvector-svc-controller.neuvector
+  - name: CLUSTER_ADVERTISED_ADDR
+    valueFrom:
+      fieldRef:
+        apiVersion: v1
+        fieldPath: status.podIP
+  - name: CTRL_PATH_DEBUG
+    value: "debug"
+```
+
+The below logs can be displayed in the enforcer log with an example command:
+
+```shell
+k logs -f {ENFORCER_ID} -n neuvector | grep "|DEBU|AGT| \ | |INFO|AGT| \ | |WARN|AGT|\|ERRO|AGT|"
+```
+
++ |ERRO|AGT|
++ |WARN|AGT|
++ |INFO|AGT|
++ |DEBU|AGT|
 
 ### Using the CLI to turn on Debug Mode
 
diff --git a/versioned_docs/version-5.4/12.troubleshooting/01.troubleshooting/01.troubleshooting.md b/versioned_docs/version-5.4/12.troubleshooting/01.troubleshooting/01.troubleshooting.md
index 86662ed03..668d87520 100644
--- a/versioned_docs/version-5.4/12.troubleshooting/01.troubleshooting/01.troubleshooting.md
+++ b/versioned_docs/version-5.4/12.troubleshooting/01.troubleshooting/01.troubleshooting.md
@@ -57,7 +57,98 @@ kubectl get events -n neuvector
 
 The support log contains additional information which is useful for NeuVector Support, including system configuration, containers, policies, notifications, and NeuVector container details.
 
-To download the support log, go to Settings -> Configuration and select Collect Log. 
+To download the support log, go to Settings -> Configuration and select Collect Log.
+
+### Set Logging Severity Levels
+
+The enforcer and controller support four log levels that can be set: error, warn, info, debug. The log level can be set via Helm chart or deployment YAML during installation, or they can be set during runtime via the command-line. After the log level is set, only specific logs are displayed in the enforcer or controller log.
+
+#### Setting Options
+
++ To set the log level via Helm chart or deployment YAML during installation time:
+
+  Reuse the variable `CTRL_PATH_DEBUG` for both the enforcer and controller general log to set the log level value(error, warn, info, debug).
+
+  + If the value is "error": The log level is set to "ERRO"; only "ERRO" log is displayed, and "WARN", "INFO", and "DEBU" logs will not be displayed.
+  + If the value is "warn": The log level is set to "WARN"; only "WARN" and "ERRO" logs are displayed, and "INFO", and "DEBU" logs will not be displayed.
+  + If the value is "info": The log level is set to "INFO"; only "INFO", "WARN", and "ERRO" logs are displayed, and "DEBU" log will not be displayed.
+  + If the value is empty (if the command-line only has the option without the value), or if the input is "1", "e", "y", "Y", "t", "T", or if the input is "debug": The log level is set to "DEBU", and "DEBU", "INFO", "WARN", and "ERRO" logs are displayed.
+  + If the value is anything else: The log level is set to "INFO"; only "INFO", "WARN", and "ERRO" logs are displayed, and the "DEBU" log will not be displayed.
++ To set the log level using the command-line during runtime:
+
+    Set the log level for specific enforcer or controller:
+    Command:
+
+    ```shell
+    set {enforcer|controller} {ID_OR_NAME} log_level {error|warn|info|debug}
+    ```
+
+    Example:
+
+    ```shell
+    admin#127.0.0.1> set enforcer 470465277a36 log_level debug
+    admin#127.0.0.1> show enforcer setting 470465277a36
+    +-----------+-------+
+    | Field     | Value |
+    +-----------+-------+
+    | log_level | debug |
+    | debug     | cpath |
+    +-----------+-------+
+    ( default debug level setting will only set the cpath category)
+    ```
+
+    Set the system log level for all enforcers or controllers:
+
+    Command:
+
+    ```shell
+    set system log_level {enforcers|controllers} {error|warn|info|debug}
+    ```
+
+    Example:
+
+    ```shell
+    admin#127.0.0.1> set system log_level enforcers error
+    admin#127.0.0.1> show enforcer setting 470465277a36
+    +-----------+-------+
+    | Field     | Value |
+    +-----------+-------+
+    | log_level | error |
+    | debug     |       |
+    +-----------+-------+
+    (if the log level is "debug", the log display will be dependent on the category)
+    ```
+
+#### Example
+
+Set the `CTRL_PATH_DEBUG` to “debug” in the enforcer YAML and then deploy the enforcer:
+
+```YAML
+containers:
+- env:
+  - name: ENF_MONITOR_TRACE
+    value: "1"
+  - name: CLUSTER_JOIN_ADDR
+    value: neuvector-svc-controller.neuvector
+  - name: CLUSTER_ADVERTISED_ADDR
+    valueFrom:
+      fieldRef:
+        apiVersion: v1
+        fieldPath: status.podIP
+  - name: CTRL_PATH_DEBUG
+    value: "debug"
+```
+
+The below logs can be displayed in the enforcer log with an example command:
+
+```shell
+k logs -f {ENFORCER_ID} -n neuvector | grep "|DEBU|AGT| \ | |INFO|AGT| \ | |WARN|AGT|\|ERRO|AGT|"
+```
+
++ |ERRO|AGT|
++ |WARN|AGT|
++ |INFO|AGT|
++ |DEBU|AGT|
 
 ### Using the CLI to turn on Debug Mode