diff --git a/cmd/cloudflared/access/cmd.go b/cmd/cloudflared/access/cmd.go index f439a958..a206222b 100644 --- a/cmd/cloudflared/access/cmd.go +++ b/cmd/cloudflared/access/cmd.go @@ -40,7 +40,7 @@ Add to your {{.Home}}/.ssh/config: Host {{.Hostname}} {{- if .ShortLivedCerts}} - ProxyCommand bash -c '{{.Cloudflared}} access ssh-gen --hostname %h; ssh -tt %r@cfpipe-{{.Hostname}} >&2 <&1' + ProxyCommand bash -c '{{.Cloudflared}} access ssh-gen --hostname %h; ssh -tt %r@cfpipe-{{.Hostname}} >&2 <&1' Host cfpipe-{{.Hostname}} HostName {{.Hostname}} @@ -77,9 +77,9 @@ func Commands() []*cli.Command { Aliases: []string{"forward"}, Category: "Access", Usage: "access ", - Description: `Cloudflare Access protects internal resources by securing, authenticating and monitoring access - per-user and by application. With Cloudflare Access, only authenticated users with the required permissions are - able to reach sensitive resources. The commands provided here allow you to interact with Access protected + Description: `Cloudflare Access protects internal resources by securing, authenticating and monitoring access + per-user and by application. With Cloudflare Access, only authenticated users with the required permissions are + able to reach sensitive resources. The commands provided here allow you to interact with Access protected applications from the command line.`, Subcommands: []*cli.Command{ { @@ -89,7 +89,7 @@ func Commands() []*cli.Command { Description: `The login subcommand initiates an authentication flow with your identity provider. The subcommand will launch a browser. For headless systems, a url is provided. Once authenticated with your identity provider, the login command will generate a JSON Web Token (JWT) - scoped to your identity, the application you intend to reach, and valid for a session duration set by your + scoped to your identity, the application you intend to reach, and valid for a session duration set by your administrator. cloudflared stores the token in local storage.`, Flags: []cli.Flag{ &cli.StringFlag{ @@ -164,7 +164,7 @@ func Commands() []*cli.Command { &cli.StringFlag{ Name: logger.LogSSHLevelFlag, Aliases: []string{"loglevel"}, //added to match the tunnel side - Usage: "Application logging level {fatal, error, info, debug}. ", + Usage: "Application logging level {debug, info, warn, error, fatal}. ", }, &cli.StringFlag{ Name: sshConnectTo, @@ -296,7 +296,6 @@ func curl(c *cli.Context) error { return run("curl", cmdArgs...) } - // run kicks off a shell task and pipe the results to the respective std pipes func run(cmd string, args ...string) error { c := exec.Command(cmd, args...) diff --git a/cmd/cloudflared/tunnel/cmd.go b/cmd/cloudflared/tunnel/cmd.go index 0b11c4c2..7267a28d 100644 --- a/cmd/cloudflared/tunnel/cmd.go +++ b/cmd/cloudflared/tunnel/cmd.go @@ -75,8 +75,8 @@ const ( // uiFlag is to enable launching cloudflared in interactive UI mode uiFlag = "ui" - debugLevelWarning = "At debug level, request URL, method, protocol, content legnth and header will be logged. " + - "Response status, content length and header will also be logged in debug level." + debugLevelWarning = "At debug level cloudflared will log request URL, method, protocol, content length, as well as, all request and response headers. " + + "This can expose sensitive information in your logs." LogFieldCommand = "command" LogFieldExpandedPath = "expandedPath" @@ -920,7 +920,7 @@ func configureLoggingFlags(shouldHide bool) []cli.Flag { altsrc.NewStringFlag(&cli.StringFlag{ Name: logger.LogLevelFlag, Value: "info", - Usage: "Application logging level {fatal, error, info, debug}. " + debugLevelWarning, + Usage: "Application logging level {debug, info, warn, error, fatal}. " + debugLevelWarning, EnvVars: []string{"TUNNEL_LOGLEVEL"}, Hidden: shouldHide, }), @@ -928,7 +928,7 @@ func configureLoggingFlags(shouldHide bool) []cli.Flag { Name: logger.LogTransportLevelFlag, Aliases: []string{"proto-loglevel"}, // This flag used to be called proto-loglevel Value: "info", - Usage: "Transport logging level(previously called protocol logging level) {fatal, error, info, debug}", + Usage: "Transport logging level(previously called protocol logging level) {debug, info, warn, error, fatal}", EnvVars: []string{"TUNNEL_PROTO_LOGLEVEL", "TUNNEL_TRANSPORT_LOGLEVEL"}, Hidden: shouldHide, }), diff --git a/logger/create.go b/logger/create.go index 4a6112b4..256ff4c7 100644 --- a/logger/create.go +++ b/logger/create.go @@ -64,6 +64,8 @@ func (t resilientMultiWriter) Write(p []byte) (n int, err error) { return len(p), nil } +var levelErrorLogged = false + func newZerolog(loggerConfig *Config) *zerolog.Logger { var writers []io.Writer @@ -91,11 +93,15 @@ func newZerolog(loggerConfig *Config) *zerolog.Logger { multi := resilientMultiWriter{writers} - level, err := zerolog.ParseLevel(loggerConfig.MinLevel) - if err != nil { - return fallbackLogger(err) + level, levelErr := zerolog.ParseLevel(loggerConfig.MinLevel) + if levelErr != nil { + level = zerolog.InfoLevel } log := zerolog.New(multi).With().Timestamp().Logger().Level(level) + if !levelErrorLogged && levelErr != nil { + log.Error().Msgf("Failed to parse log level %q, using %q instead", loggerConfig.MinLevel, level) + levelErrorLogged = true + } return &log } @@ -151,8 +157,8 @@ func Create(loggerConfig *Config) *zerolog.Logger { func createConsoleLogger(config ConsoleConfig) io.Writer { consoleOut := os.Stderr return zerolog.ConsoleWriter{ - Out: colorable.NewColorable(consoleOut), - NoColor: config.noColor || !term.IsTerminal(int(consoleOut.Fd())), + Out: colorable.NewColorable(consoleOut), + NoColor: config.noColor || !term.IsTerminal(int(consoleOut.Fd())), TimeFormat: consoleTimeFormat, } }