add matched rule name in log and debug outputs? #111

nw3000 · 2024-03-24T05:35:31Z

it is hard to find out which specific rule actually trigged in logs when debugging why one stream been blocked or allowed:

2024-03-24T05:19:32Z    INFO    UDP stream action       {"id": 1771768123415990016, "src": "192.168.1.2:36877", "dst": "84.1.1.1:9993", "action": "allow", "noMatch": true}
2024-03-24T05:19:45Z    INFO    TCP stream action       {"id": 1771768812341536768, "src": "192.168.1.2:37245", "dst": "12.1.1.1:443", "action": "block", "noMatch": false}

is that possible you can enriching the log or debug output to add more info? something like

2024-03-24T05:19:32Z    INFO    UDP stream action       {"id": 1771768123415990016, "src": "192.168.1.2:36877", "dst": "84.1.1.1:9993", "action": "allow", "noMatch": true,  "reason": implicit default allow}

2024-03-24T05:19:45Z    INFO    TCP stream action       {"id": 1771768812341536768, "src": "192.168.1.2:37245", "dst": "12.1.1.1:443", "action": "block", "noMatch": false, "reason": - name: block  some site https - rules.yaml line 103 }

thank you.

The text was updated successfully, but these errors were encountered:

tobyxdd · 2024-03-24T17:43:24Z

Good suggestion. For now you can also add log: true to each entry, which essentially does the same thing

haruue added the enhancement New feature or request label Mar 24, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

add matched rule name in log and debug outputs? #111

add matched rule name in log and debug outputs? #111

nw3000 commented Mar 24, 2024

tobyxdd commented Mar 24, 2024

add matched rule name in log and debug outputs? #111

add matched rule name in log and debug outputs? #111

Comments

nw3000 commented Mar 24, 2024

tobyxdd commented Mar 24, 2024