From 9186aec49f6b796398a037b0107f9ea9b0eddf7d Mon Sep 17 00:00:00 2001
From: Aleksandr Maus <aleksandr.maus@elastic.co>
Date: Tue, 7 Sep 2021 22:08:03 -0400
Subject: [PATCH] Osquerybeat: Fix osquery logger plugin severy levels mapping

---
 x-pack/osquerybeat/beater/logger_plugin.go | 26 ++++++++++++----------
 1 file changed, 14 insertions(+), 12 deletions(-)

diff --git a/x-pack/osquerybeat/beater/logger_plugin.go b/x-pack/osquerybeat/beater/logger_plugin.go
index bbf327eef44..deefbc6d9b0 100644
--- a/x-pack/osquerybeat/beater/logger_plugin.go
+++ b/x-pack/osquerybeat/beater/logger_plugin.go
@@ -35,15 +35,19 @@ const osqueryLogMessageFieldsCount = 6
 
 type osqLogSeverity int
 
+// The severity levels are taken from osquery source
+// https://github.com/osquery/osquery/blob/master/osquery/core/plugins/logger.h#L39
+//  enum StatusLogSeverity {
+// 	  O_INFO = 0,
+// 	  O_WARNING = 1,
+// 	  O_ERROR = 2,
+// 	  O_FATAL = 3,
+//  };
 const (
-	severityEmerg osqLogSeverity = iota
-	severityAlert
-	severityCrit
-	severityErr
-	severityWarn
-	severityNotice
-	severityInfo
-	severityDebug
+	severityInfo osqLogSeverity = iota
+	severityWarning
+	severityError
+	severityFatal
 )
 
 func (m *osqueryLogMessage) Log(typ logger.LogType, log *logp.Logger) {
@@ -65,14 +69,12 @@ func (m *osqueryLogMessage) Log(typ logger.LogType, log *logp.Logger) {
 	args = append(args, m.UnixTime)
 
 	switch osqLogSeverity(m.Severity) {
-	case severityEmerg, severityAlert, severityCrit:
+	case severityError, severityFatal:
 		log.Errorw(m.Message, args...)
-	case severityWarn, severityNotice:
+	case severityWarning:
 		log.Warnw(m.Message, args...)
 	case severityInfo:
 		log.Infow(m.Message, args...)
-	case severityDebug:
-		log.Debugw(m.Message, args...)
 	default:
 		log.Debugw(m.Message, args...)
 	}