diff --git a/cmd/certspotter/main.go b/cmd/certspotter/main.go index ec3fb51..69d1594 100644 --- a/cmd/certspotter/main.go +++ b/cmd/certspotter/main.go @@ -203,6 +203,7 @@ func main() { ScriptDir: defaultScriptDir(), Email: flags.email, Stdout: flags.stdout, + Quiet: !flags.verbose, } config := &monitor.Config{ LogListSource: flags.logs, diff --git a/man/certspotter.md b/man/certspotter.md index 33fb391..fd2012a 100644 --- a/man/certspotter.md +++ b/man/certspotter.md @@ -173,7 +173,7 @@ to write a file or execute a script), it prints a message to stderr and exits with a non-zero status. When certspotter encounters a problem monitoring a log, it prints a message -to stderr and continues running. It will try monitoring the log again later; +to stderr if `-verbose` is specified and continues running. It will try monitoring the log again later; most log errors are transient. Every 24 hours (unless overridden by `-healthcheck`), certspotter performs the @@ -190,7 +190,7 @@ standard out, as described above. Health check failures should be rare, and you should take them seriously because it means certspotter might not detect all certificates. It might also be an indication -of CT log misbehavior. Consult certspotter's stderr output for details, and if +of CT log misbehavior. Enable the `-verbose` flag and consult stderr for details, and if you need help, file an issue at . # EXIT STATUS diff --git a/monitor/fsstate.go b/monitor/fsstate.go index 277d4d8..42299d1 100644 --- a/monitor/fsstate.go +++ b/monitor/fsstate.go @@ -34,6 +34,7 @@ type FilesystemState struct { ScriptDir string Email []string Stdout bool + Quiet bool } func (s *FilesystemState) logStateDir(logID LogID) string { @@ -248,10 +249,12 @@ func (s *FilesystemState) NotifyHealthCheckFailure(ctx context.Context, ctlog *l } func (s *FilesystemState) NotifyError(ctx context.Context, ctlog *loglist.Log, err error) error { - if ctlog == nil { - log.Print(err) - } else { - log.Print(ctlog.GetMonitoringURL(), ": ", err) + if !s.Quiet { + if ctlog == nil { + log.Print(err) + } else { + log.Print(ctlog.GetMonitoringURL(), ": ", err) + } } return nil } diff --git a/monitor/healthcheck.go b/monitor/healthcheck.go index 74923b0..9b19dfa 100644 --- a/monitor/healthcheck.go +++ b/monitor/healthcheck.go @@ -120,7 +120,7 @@ func (e *StaleSTHInfo) Text() string { text := new(strings.Builder) fmt.Fprintf(text, "certspotter has been unable to contact %s since %s. Consequentially, certspotter may fail to notify you about certificates in this log.\n", e.Log.GetMonitoringURL(), e.LastSuccessString()) fmt.Fprintf(text, "\n") - fmt.Fprintf(text, "For details, see certspotter's stderr output.\n") + fmt.Fprintf(text, "For details, enable -verbose and see certspotter's stderr output.\n") fmt.Fprintf(text, "\n") if e.LatestSTH != nil { fmt.Fprintf(text, "Latest known log size = %d\n", e.LatestSTH.TreeSize) @@ -133,7 +133,7 @@ func (e *BacklogInfo) Text() string { text := new(strings.Builder) fmt.Fprintf(text, "certspotter has been unable to download entries from %s in a timely manner. Consequentially, certspotter may be slow to notify you about certificates in this log.\n", e.Log.GetMonitoringURL()) fmt.Fprintf(text, "\n") - fmt.Fprintf(text, "For more details, see certspotter's stderr output.\n") + fmt.Fprintf(text, "For details, enable -verbose and see certspotter's stderr output.\n") fmt.Fprintf(text, "\n") fmt.Fprintf(text, "Current log size = %d (as of %s)\n", e.LatestSTH.TreeSize, e.LatestSTH.StoredAt) fmt.Fprintf(text, "Current position = %d\n", e.Position)