问题
When using the osqueryi interactive shell for osquery I'm running into an issue where a WARNING is displayed even though logging is supposed to be disabled. Is this a bug?
Docs explain the following:
--logger_min_status
The minimum level for status log recording. Use the following values: INFO = 0, WARNING = 1, ERROR = 2. To disable all status messages use 3+.
--logger_min_sterr
The minimum level for status logs written to stderr. Use the following values: INFO = 0, WARNING = 1, ERROR = 2. To disable all status messages use 3+.
What I have: (results truncated for brevity)
# osqueryi --json --logger_min_status=3 --logger_min_stderr=3 'select * from block_devices'
WARNING: Failed to connect to lvmetad. Falling back to device scanning.
[{"block_size":"512","label":"","model":"VBOX HARDDISK","name":"/dev/sda","parent":"","size":"83886080","type":"","uuid":"","vendor":"ATA"},...]
What I expect:
# osqueryi --json --logger_min_status=3 --logger_min_stderr=3 'select * from block_devices'
[{"block_size":"512","label":"","model":"VBOX HARDDISK","name":"/dev/sda","parent":"","size":"83886080","type":"","uuid":"","vendor":"ATA"},...]
回答1:
This logging seems to be coming from the LVM library, so is likely not controllable by osquery. I couldn't find the exact log line in the LVM2 source.
I believe it is the populatePVChildren function that would be calling an LVM function that performs the logging.
Your interpretation of the documentation around debugging looks correct.
来源:https://stackoverflow.com/questions/55188336/osquery-warnings-when-using-osqueryi-and-logging-disabled