将osqueryi交互式外壳用于osquery时,我遇到了一个问题,即使应该禁用日志记录,也会显示警告。这是错误吗?
Docs解释以下内容:
--logger_min_status
状态日志记录的最低级别。使用以下值:INFO = 0,WARNING = 1,ERROR =2。要禁用所有状态消息,请使用3 +。
--logger_min_sterr
写入stderr的状态日志的最低级别。使用以下值:INFO = 0,WARNING = 1,ERROR =2。要禁用所有状态消息,请使用3+。
# osqueryi --json --logger_min_status=3 --logger_min_stderr=3 'select * from block_devices'
WARNING: Failed to connect to lvmetad. Falling back to device scanning.
[{"block_size":"512","label":"","model":"VBOX HARDDISK","name":"/dev/sda","parent":"","size":"83886080","type":"","uuid":"","vendor":"ATA"},...]
# osqueryi --json --logger_min_status=3 --logger_min_stderr=3 'select * from block_devices'
[{"block_size":"512","label":"","model":"VBOX HARDDISK","name":"/dev/sda","parent":"","size":"83886080","type":"","uuid":"","vendor":"ATA"},...]
答案 0 :(得分:0)
此日志记录似乎来自LVM库,因此osquery可能无法控制。我在LVM2源中找不到确切的日志行。
我相信是populatePVChildren函数会调用执行记录的LVM函数。
您对调试文档的解释似乎正确。