Loglevel parameter isn't working as designed

[jdidierpichatext]

BUG REPORT INFORMATION

Prerequisites

The opened issue, must be code related. GitHub is not meant for support. Feel free to check the CONTRIBUTING section for more details.

Get your module version

For example, it is possible to get graph monitoring widget's version using following commands

-- For the RPM based systems --

# rpm -qa |grep -i splunk
centreon-stream-connector-splunk-20240828-1.el9.noarch

Description

LogLevel isn't working as designed

Describe the encountered issue
logLevel parameters should log NOTICE events

Sun Oct 13 04:00:40 2024: INFO: **[EventQueue:send_data]**: Going to send the following json {"source":"","event":{"output":"CRITICAL: Cannot connect: OpenClient message: LAYER = (0) ORIGIN = (0) SEVERITY = (78) NUMBER = (41)","event_type":"service","state":2,"service_description":"DB-MSSQL-connection-time","hostname":"server\\DEV","state_type":1},"time":1728669921,"host":"Central","sourcetype":"_json","index":"alrt"}
Sun Oct 13 04:00:40 2024: INFO: [EventQueue:send_data]: Splunk address is: http://abc:8088/services/collector/event
Sun Oct 13 04:00:40 2024: INFO: [EventQueue:send_data]: HTTP POST request successful: return code is 200

Steps to Reproduce

Please describe precisely the steps to reproduce the encountered issue.

1. When I use the parameters loglevel 2; the EventQueue:sed_data message is well saw on the logfile but generated 19GB /days logs.
2. When we use loglevel 1 it's not saw

Describe the received result

Mon Nov  4 09:38:43 2024: INFO: [sc_params:param_override]: overriding parameter: max_buffer_size with value: 10
Mon Nov  4 09:52:21 2024: INFO: [sc_params:param_override]: overriding parameter: accepted_hostgroups with value: ******
Mon Nov  4 09:52:21 2024: INFO: [sc_params:param_override]: overriding parameter: log_level with value: 1
Mon Nov  4 09:52:21 2024: INFO: [sc_params:param_override]: overriding parameter: max_all_queues_age with value: 15
Mon Nov  4 09:52:21 2024: INFO: [sc_params:param_override]: overriding parameter: rejected_servicegroups with value: ***
Mon Nov  4 09:52:21 2024: INFO: [sc_params:param_override]: overriding parameter: service_status with value: 1,2
Mon Nov  4 09:52:21 2024: INFO: [sc_params:param_override]: overriding parameter: splunk_token with value: *****
Mon Nov  4 09:52:21 2024: INFO: [sc_params:param_override]: overriding parameter: http_server_url with value: http://abc:8088/services/collector/event
Mon Nov  4 09:52:21 2024: INFO: [sc_params:param_override]: overriding parameter: max_buffer_size with value: 10
Mon Nov  4 09:52:21 2024: INFO: [sc_params:param_override]: overriding parameter: log_curl_commands with value: 1
Mon Nov  4 09:52:21 2024: INFO: [sc_params:param_override]: overriding parameter: splunk_index with value: alrt
Mon Nov  4 09:52:21 2024: INFO: [sc_params:param_override]: overriding parameter: logfile with value: /var/log/centreon-broker/splunk-events.log

Describe the expected result

Sun Oct 13 04:00:40 2024: INFO: [EventQueue:send_data]: Going to send the following json {"source":"","event":{"output":"CRITICAL: Cannot connect: OpenClient message: LAYER = (0) ORIGIN = (0) SEVERITY = (78) NUMBER = (41)","event_type":"service","state":2,"service_description":"DB-MSSQL-connection-time","hostname":"server\\DEV","state_type":1},"time":1728669921,"host":"Central","sourcetype":"_json","index":"alrt"}
Sun Oct 13 04:00:40 2024: INFO: [EventQueue:send_data]: Splunk address is: http://abc:8088/services/collector/event
Sun Oct 13 04:00:40 2024: INFO: [EventQueue:send_data]: HTTP POST request successful: return code is 200

[tanguyvda]

Hello @jdidierpichatext

I hope you're doing fine!

normally it is working as expected.

and below is what we are expecting:

log level	error	notice	warning	info	debug
1	yes	yes	no	no	no
2	yes	yes	yes	yes	no
3	yes	yes	yes	yes	yes

there is one little misleading thing regarding those logs. The name that is displayed in the log file is not very precise.
NOTICE, INFO and DEBUG messages will always be printed as "INFO".

this is because the way log messages are printed is not handled by said stream connectors. Stream connectors ask our centreon broker to print those messages and this broker mecanism doesn't know notice and debug labels.

in order to help people with logging we have four parameters

• logfile
• log_level
• send_data_test (type number) that will log every data that should be sent to the external tool and the stream connector will not send the data when this option is enabled
• log_curl_commands (type number) that will log the curl command that is executed by the stream connector (helpful to test things manually). Enabling this option will not prevent the stream connector from sending data to the external tool as opposed to the send_data_test option

[jdidierpichatext]

thank you @tanguyvda it's now clear.
Is it possible/plan to switch info level such as send_data in log level 1 (from 2) ?

Sun Oct 13 04:00:40 2024: INFO: [EventQueue:send_data]: Going to send the following json {"source":"","event":{"output":"CRITICAL: Cannot connect: OpenClient message: LAYER = (0) ORIGIN = (0) SEVERITY = (78) NUMBER = (41)","event_type":"service","state":2,"service_description":"DB-MSSQL-connection-time","hostname":"server\\DEV","state_type":1},"time":1728669921,"host":"Central","sourcetype":"_json","index":"alrt"}
Sun Oct 13 04:00:40 2024: INFO: [EventQueue:send_data]: Splunk address is: http://abc:8088/services/collector/event
Sun Oct 13 04:00:40 2024: INFO: [EventQueue:send_data]: HTTP POST request successful: return code is 200

In our context, we monitoring the HTTP 200 curl request to confirm that have sent the event to our managed service provider