TSG-21542 修改Tunnel扫描时，调用maat_scan_not_logic接口时机。日志接口变更

2024-07-02 10:16:29 +08:00
parent 0b47f4c561
commit 3cf8389e04
14 changed files with 446 additions and 222 deletions
--- a/ci/travis.sh
+++ b/ci/travis.sh
@@ -33,7 +33,7 @@ env | sort
 : "${COMPILER_IS_GNUCXX:=OFF}"
 # Install dependency from YUM
-yum install -y libcjson-devel libmaatframe-devel libfieldstat4-devel libMESA_handle_logger-devel libMESA_prof_load-devel sapp-devel 
+yum install -y libcjson-devel libmaatframe-devel libfieldstat4-devel libMESA_prof_load-devel sapp-devel 
 mkdir build || true
 cd build
--- a/common/CMakeLists.txt
+++ b/common/CMakeLists.txt
@@ -1,4 +1,4 @@
-add_library(common src/verify_policy_logging.cpp src/verify_policy_utils.cpp)
+add_library(common src/verify_policy_utils.cpp src/log.c)
 target_include_directories(common PUBLIC ${CMAKE_CURRENT_LIST_DIR}/include)
-target_link_libraries(common PUBLIC MESA_handle_logger libevent-static)
+target_link_libraries(common PUBLIC libevent-static)
--- a/common/include/log.h
+++ b/common/include/log.h
@@ -0,0 +1,45 @@
 /**
 * Copyright (c) 2020 rxi
 *
 * This library is free software; you can redistribute it and/or modify it
 * under the terms of the MIT license. See `log.c` for details.
 */
 #ifndef LOG_H
 #define LOG_H
 #ifdef __cplusplus
 extern "C"
 {
 #endif
 #include <stdio.h>
 #include <stdarg.h>
 #include <stdbool.h>
 #include <time.h>
 #define LOG_VERSION "0.1.0"
 struct log_handle;
 enum { LOG_TRACE, LOG_DEBUG, LOG_INFO, LOG_WARN, LOG_ERROR, LOG_FATAL};
 #define log_debug(handle, module, fmt, ...)    log_print(handle, LOG_DEBUG, module, fmt, ##__VA_ARGS__)
 #define log_trace(handle, module, fmt, ...)    log_print(handle, LOG_TRACE, module,  fmt, ##__VA_ARGS__)
 #define log_info(handle, module, fmt, ...)	    log_print(handle, LOG_INFO, module, fmt, ##__VA_ARGS__)
 #define log_warn(handle, module, fmt, ...)		log_print(handle, LOG_WARN, module, fmt, ##__VA_ARGS__)
 #define log_error(handle, module, fmt, ...)	log_print(handle, LOG_ERROR, module, fmt, ##__VA_ARGS__)
 #define log_fatal(handle, module, fmt, ...)	log_print(handle, LOG_FATAL, module, fmt, ##__VA_ARGS__)
 void log_print(struct log_handle *, int level, const char *module, const char *fmt, ...);
 void log_options_set_enable(struct log_handle *, int enable);
 void log_options_set_level(struct log_handle *, int level);
 struct log_handle * log_handle_create(const char *file_path, int level);
 void log_handle_destroy(struct log_handle *);
 #ifdef __cplusplus
 }
 #endif
 #endif
--- a/common/include/verify_policy.h
+++ b/common/include/verify_policy.h
@@ -9,6 +9,7 @@
 #define _VERIFY_POLICY_H
 #include <event2/event.h>
 #include <log.h>
 #include "verify_policy_utils.h"
 struct breakpad_instance;
@@ -116,7 +117,7 @@ struct verify_policy_thread
 struct verify_policy
 {
 	char name[VERIFY_SYMBOL_MAX];
-	void * logger;
+    struct log_handle *logger;
 	unsigned int log_level;
 	unsigned int nr_work_threads;
 	unsigned int listen_port;
--- a/common/include/verify_policy_logging.h
+++ b/common/include/verify_policy_logging.h
@@ -1,49 +0,0 @@
 /*************************************************************************
 	> File Name: logging.h
 	> Author:
 	> Mail:
 	> Created Time: 2018年06月18日 星期一 22时45分58秒
 ************************************************************************/
 #ifndef _LOGGING_H
 #define _LOGGING_H
 #define MODULE_NAME "verify_policy"
 #define RLOG_LV_DEBUG       10
 #define RLOG_LV_INFO        20
 #define RLOG_LV_FATAL       30
 typedef struct RTLogInit2Data_ {
    int debug_switch;
 	int run_log_level;
 	char run_log_path[256];
 	void *run_log_handle;
 } RTLogInit2Data;
 extern RTLogInit2Data logging_sc_lid;
 /* The maximum length of the log message */
 #define RT_LOG_MAX_LOG_MSG_LEN 4096
 #define mesa_log(x, y, ...)         do {                                       \
                                  char _sc_log_msg[RT_LOG_MAX_LOG_MSG_LEN] = ""; \
                                  char *_sc_log_temp = _sc_log_msg;      \
                                  if ( !x )                       \
                                  { } else {                             \
                                      snprintf(_sc_log_temp,             \
                                               (RT_LOG_MAX_LOG_MSG_LEN - \
                                                (_sc_log_temp - _sc_log_msg)), \
                                               __VA_ARGS__);             \
                                      MESA_handle_runtime_log(logging_sc_lid.run_log_handle, y, __FUNCTION__, _sc_log_msg); \
                                  }                                      \
                              } while(0)
 #define mesa_runtime_log(level, ...)   mesa_log(logging_sc_lid.debug_switch, level, __VA_ARGS__)
 extern void * verify_syslog_init(const char *config);
 #endif
--- a/common/include/verify_policy_utils.h
+++ b/common/include/verify_policy_utils.h
@@ -51,7 +51,9 @@
 char* rt_strdup(const char* s);
 #define	MODULE_VERIFY_POLICY "verify-policy.init"
 #define CHECK_OR_EXIT(condition, fmt, ...)                                                                          \
-do { if(!(condition)) { mesa_runtime_log(RLOG_LV_FATAL, fmt, ##__VA_ARGS__); exit(EXIT_FAILURE);   }  } while(0) \
+do { if(!(condition)) { log_fatal(g_verify_proxy->logger, MODULE_VERIFY_POLICY, fmt, ##__VA_ARGS__); exit(EXIT_FAILURE);   }  } while(0) \
 #endif
--- a/common/src/log.c
+++ b/common/src/log.c
@@ -0,0 +1,281 @@
 /*
 * Copyright (c) 2020 rxi
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to
 * deal in the Software without restriction, including without limitation the
 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
 * sell copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in
 * all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
 * IN THE SOFTWARE.
 */
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
 #include <unistd.h>
 #include <pthread.h>
 #include <sys/stat.h>
 #include "log.h"
 #define ALLOC(type, number) ((type *)calloc(sizeof(type), number))
 typedef enum {
    LOG_OP_IFACE_CONSOLE,
    LOG_OP_IFACE_FILE,
    RT_LOG_OP_IFACE_MAX,
 }log_op_iface;
 struct log_handle
 {
    int level;
    int enable;
    FILE *fp;
    va_list ap;
 	char defined_log_fn[1024];
    char runtime_log_fn[1024];
    pthread_mutex_t mutex;
    log_op_iface iface;
 };
 static unsigned char weekday_str[7][4] = {"Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"};
 static unsigned char month_str[12][4] = {"Jan", "Feb", "Mar", "Apr","May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"};
 static int log_create_dir(const char *dir_path, int path_len)
 {
    if(dir_path == NULL)
        return -1;
    char *buf = (char *)calloc(path_len+1, 1);
    int ret = -1;
    memcpy(buf, dir_path, path_len);
    if(access(buf, R_OK) != 0)
    {
        if(mkdir(buf, 0755)!= 0)
            ret = -1;
        else
            ret =  0;
    }
    else
        ret =  1;
    free(buf);
    buf = NULL;
    return ret;
 }
 static void log_close_file(struct log_handle *handle)
 {
 	pthread_mutex_lock(&handle->mutex);
 	if(handle->fp != NULL)
 	{
 		fclose(handle->fp);
 		handle->fp = NULL;
 	}
 	pthread_mutex_unlock(&handle->mutex);
 	return;
 }
 int log_open_file(char *file_name, struct log_handle *handle)
 {
 	FILE *fp = NULL;
 	log_close_file(handle);
 	if(NULL == (fp = fopen(file_name, "a")))
 	{
 		return -1;
 	}
    memcpy(handle->runtime_log_fn, file_name, strlen(file_name));
    handle->fp = fp;
 	return 0;
 }
 static int log_create_path(const char *file_path)
 {
    FILE *fp  = NULL;
 	if(file_path == NULL)
 		return 0;
    char *p_path = rindex(file_path, '/');
    if(p_path==0)
    {
        return 0;
    }
    const char *p_cur = file_path;
    int path_len = p_path - file_path;
    int i = 0;
    if(log_create_dir(file_path, path_len) >= 0)
        return 0;
    for(;i<=path_len;i++,p_cur++)
    {
        if(*p_cur == '/')
        {
            if(log_create_dir(file_path, i+1) < 0)
                return -1;
        }
    }
    if(NULL == (fp = fopen(file_path, "w")))
    {
 		return 0;
    }
    fclose(fp);
    return 1;
 }
 int log_create_log_file(struct log_handle *handle)
 {
    time_t t;
    struct tm local_time;
    char tmp_log_file_name[1024+128];
    time(&t);
    if(NULL == (localtime_r(&t, &local_time)))
    {
        return 0;
    }
    snprintf(tmp_log_file_name, sizeof(tmp_log_file_name), "%s.%04d-%02d-%02d", handle->defined_log_fn, local_time.tm_year + 1900, local_time.tm_mon + 1, local_time.tm_mday);
    if(handle->fp == NULL)
    {
 	    if(0 != log_open_file(tmp_log_file_name, handle)) return 0;
    }
    else
    {
 	    if (0 != memcmp(tmp_log_file_name, handle->runtime_log_fn, strlen(tmp_log_file_name)))
 	    {
 		    if(0 != log_open_file(tmp_log_file_name, handle))return 0;
 	    }
    }
    return 1;
 }
 static void log_print_file(struct log_handle *handle, int level, const char *module, va_list ap, const char *fmt)
 {
    char buf[64]={0};
 	time_t t;
    struct tm local_time;
 	const char *level_str_map[]= {"TRACE", "DEBUG", "INFO", "WARN", "ERROR", "FATAL"};
 	time(&t);
    if(NULL == (localtime_r(&t, &local_time))) return;
    snprintf(buf, sizeof(buf), "%s %s %d %02d:%02d:%02d %d", weekday_str[local_time.tm_wday],
             month_str[local_time.tm_mon], local_time.tm_mday, local_time.tm_hour, local_time.tm_min, local_time.tm_sec, local_time.tm_year+1900);
    log_create_log_file(handle);
    fprintf(handle->fp, "%s, %s, %s, ", buf, level_str_map[level], module);
    vfprintf(handle->fp, fmt, ap);
    fprintf(handle->fp, "\n");
    fflush(handle->fp);
 }
 static void log_print_console(struct log_handle *handle, int level, const char *module, va_list ap, const char *fmt)
 {
    char buf[64]={0};
 	time_t t;
    struct tm local_time;
 	const char *level_str_map[]= {"TRACE", "DEBUG", "INFO", "WARN", "ERROR", "FATAL"};
 	time(&t);
    if(NULL == (localtime_r(&t, &local_time))) return;
    snprintf(buf, sizeof(buf), "%s %s %d %02d:%02d:%02d %d", weekday_str[local_time.tm_wday],
             month_str[local_time.tm_mon], local_time.tm_mday, local_time.tm_hour, local_time.tm_min, local_time.tm_sec, local_time.tm_year+1900);
    fprintf(handle->fp, "%s, %s, %s, ", buf, level_str_map[level], module);
    vfprintf(handle->fp, fmt, ap);
    fprintf(handle->fp, "\n");
    fflush(handle->fp);
 }
 void log_options_set_level(struct log_handle * handle, int level)
 {
    if(handle != NULL)
    {
        handle->level = level;
    }
 }
 void log_options_set_enable(struct log_handle * handle, int enable)
 {
    if(handle != NULL)
    {
        handle->enable = enable;
    }
 }
 struct log_handle *log_handle_create(const char *file_path, int level)
 {
    struct log_handle *handle = ALLOC(struct log_handle, 1);
    if(!handle)
    {
        return NULL;
    }
 	handle->enable=1;
    handle->level = level;
    strncpy(handle->defined_log_fn, file_path, 1023);
    pthread_mutex_init(&handle->mutex,NULL);
    if(handle->enable)
    {
        log_create_path(handle->defined_log_fn);
    }
    return handle;
 }
 void log_handle_destroy(struct log_handle * handle)
 {
    if(!handle)
    {
        return;
    }
    if(handle->iface == LOG_OP_IFACE_FILE && handle->fp != NULL)
    {
        fclose(handle->fp);
        handle->fp=NULL;
    }
    pthread_mutex_destroy(&(handle->mutex));
    free(handle);
    handle = NULL;
    return;
 }
 void log_print(struct log_handle *handle, int level, const char *module, const char *fmt, ...)
 {
    va_list ap;
    if(handle->enable != 1 && level >= handle->level)
    {
        handle->fp = stdout;
        handle->iface = LOG_OP_IFACE_CONSOLE;
        va_start(handle->ap, fmt);
        log_print_console(handle, level, module, ap, fmt);
        va_end(handle->ap);
    }
    if (handle->enable == 1 && level >= handle->level)
    {
        handle->iface = LOG_OP_IFACE_FILE;
        va_start(ap, fmt);
        log_print_file(handle, level, module, ap, fmt);
        va_end(ap);
    }
 }
--- a/common/src/verify_policy_logging.cpp
+++ b/common/src/verify_policy_logging.cpp
@@ -1,54 +0,0 @@
 /*************************************************************************
 	> File Name: logging.c
 	> Author:
 	> Mail:
 	> Created Time: 2018年06月18日 星期一 22时45分43秒
 ************************************************************************/
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <stdint.h>
 #include <sys/types.h>
 #include <unistd.h>
 #include <pwd.h>
 #include <dirent.h>
 #include <ctype.h>
 #include "verify_policy_logging.h"
 #include <MESA/MESA_prof_load.h>
 #include <MESA/MESA_handle_logger.h>
 RTLogInit2Data logging_sc_lid;
 void * verify_syslog_init(const char *config)
 {
 	MESA_load_profile_int_def(config, (const char *)"SYSTEM",(const char *)"DEBUG_SWITCH",
 							&logging_sc_lid.debug_switch, 1);
 	MESA_load_profile_string_def(config, (const char *)"SYSTEM",(const char *)"RUN_LOG_PATH",
 	 							logging_sc_lid.run_log_path, 128, "conf/zlog.conf");
 	if (0 != MESA_handle_runtime_log_creation(logging_sc_lid.run_log_path))
 	{
 		fprintf(stderr, "Create log runtime_log_handle error, init failed\n");
 		goto finish;
 	}
    logging_sc_lid.run_log_handle = MESA_create_runtime_log_handle("verify_policy", RLOG_LV_DEBUG);
    if(logging_sc_lid.run_log_handle == NULL){
        mesa_runtime_log(RLOG_LV_FATAL, "Create log runtime_log_handle error, init failed!");
        goto finish;
    }else{
        mesa_runtime_log(RLOG_LV_INFO, "Log module initialization");
    }
 	mesa_runtime_log(RLOG_LV_INFO, "%s:%d", "Log level", logging_sc_lid.run_log_level);
 	mesa_runtime_log(RLOG_LV_INFO, "%s:%s", "Log Directory", logging_sc_lid.run_log_path);
 	return logging_sc_lid.run_log_handle;
 finish:
 	return NULL;
 }
--- a/conf/verify_policy.conf
+++ b/conf/verify_policy.conf
@@ -1,9 +1,7 @@
 [SYSTEM]
-#1:print on screen, 0:don't
+# kill -s SIGHUP "pid" to reload the configuration
-DEBUG_SWITCH = 1
+#0:LOG_TRACE 1:LOG_DEBUG 2:LOG_INFO 3:LOG_WARN 4:LOG_ERROR 5:LOG_FATAL
-#10:DEBUG, 20:INFO, 30:FATAL
+log_level=5
 RUN_LOG_LEVEL = 10
 RUN_LOG_PATH = "conf/zlog.conf"
 disable_coredump=0
 enable_breakpad=1
--- a/conf/zlog.conf
+++ b/conf/zlog.conf
@@ -1,14 +0,0 @@
 # kill -s SIGHUP "pid"
 [global]
 default format = "%d(%c), %V, %F, %U, %m%n"
 [levels]
 DEBUG=10
 INFO=20
 FATAL=30
 [rules]
 *.fatal                               "./log/error.log.%d(%F)";
 verify_policy.fatal                   "./logs/verify_policy.log.%d(%F)";
 proxy_policy_maat.fatal	              "./logs/proxy_policy_maat.log.%d(%F)";
 security_policy_maat.fatal	      "./logs/security_policy_maat.log.%d(%F)";
--- a/platform/CMakeLists.txt
+++ b/platform/CMakeLists.txt
@@ -9,7 +9,6 @@ add_executable(verify-policy src/verify_policy.cpp src/verify_matcher.cpp)
 target_link_libraries(verify-policy common cjson maatframe)
 target_link_libraries(verify-policy pthread dl
 		libevent-static
 		MESA_handle_logger
 		MESA_prof_load
 		breakpad-client-static
 		cjson
--- a/platform/src/verify_matcher.cpp
+++ b/platform/src/verify_matcher.cpp
@@ -12,7 +12,6 @@
 #include <pthread.h>
 #include <MESA/maat.h>
 #include <MESA/MESA_handle_logger.h>
 #include <MESA/MESA_prof_load.h>
 #include <MESA/stream.h>
@@ -20,11 +19,12 @@
 #include "verify_policy.h"
 #include "verify_policy_utils.h"
 #include "verify_policy_logging.h"
 #define HIT_PATH_SIZE           	4096
 #define	MAX_SCAN_RESULT				16
 #define	MODULE_VERIFY_MATCHER "verify-policy.matcher"
 enum policy_action
 {
 	PG_ACTION_NONE = 0,
@@ -195,7 +195,7 @@ struct policy_scan_ctx
 struct verify_policy_rt
 {
 	struct maat *feather[VSYS_ID_MAX];
-	void * local_logger;
+	struct log_handle *local_logger;
 	int log_level;
 	int thread_num;
 	int load_ip_location;
@@ -341,7 +341,7 @@ void ip_asn_table_new_cb(const char *table_name, int table_id, const char* key,
 	ret=sscanf(table_line, "%d\t%d\t%d\t%s\t%s\t%s\t%s\t%s\t%d", &profile_id, &group_id, &addr_type, addr_format, start_ip, end_ip, asn, organization, &is_valid);
 	if(ret!=9)
 	{
-		mesa_runtime_log(RLOG_LV_FATAL, "Policy table parse ip ASN failed, ret:%d, %s", ret, table_line);
+		log_fatal(g_verify_proxy->logger, MODULE_VERIFY_MATCHER, "Policy table parse ip ASN failed, ret:%d, %s", ret, table_line);
 		return;
 	}
 	verify_unescape(organization);
@@ -355,7 +355,7 @@ void ip_asn_table_new_cb(const char *table_name, int table_id, const char* key,
 	ip_asn->ref_cnt=1;
 	pthread_mutex_init(&(ip_asn->lock), NULL);
-	mesa_runtime_log(RLOG_LV_DEBUG, "Policy table add success %d", profile_id);
+	log_debug(g_verify_proxy->logger, MODULE_VERIFY_MATCHER, "Policy table add success %d", profile_id);
 	*ad = ip_asn;
 }
@@ -379,7 +379,7 @@ void ip_location_table_new_cb(const char *table_name, int table_id, const char*
 	if(ret != 24)
 	{
-		mesa_runtime_log(RLOG_LV_FATAL, "Policy table parse ip location failed, ret:%d, %s", ret, table_line);
+		log_fatal(g_verify_proxy->logger, MODULE_VERIFY_MATCHER, "Policy table parse ip location failed, ret:%d, %s", ret, table_line);
 		return;
 	}
@@ -402,7 +402,7 @@ void ip_location_table_new_cb(const char *table_name, int table_id, const char*
 	ip_location->subdivision_addr=strdup(subdivision_addr);
 	ip_location->ref_cnt=1;
 	pthread_mutex_init(&(ip_location->lock), NULL);
-	mesa_runtime_log(RLOG_LV_DEBUG, "Policy table add success %d", profile_id);
+	log_debug(g_verify_proxy->logger, MODULE_VERIFY_MATCHER, "Policy table add success %d", profile_id);
 	*ad = ip_location;
 }
@@ -458,7 +458,7 @@ void tunnel_catalog_table_new_cb(const char *table_name, int table_id, const cha
 	ret=sscanf(table_line, "%d\t%s\t%s\t%s\t%d\t%d", &tunnel_id, tunnel_name, tunnel_type, composition, &group_id, &is_valid);
 	if(ret!=6)
 	{
-		mesa_runtime_log(RLOG_LV_FATAL, "Policy catalog table parse tunnel catalog failed, ret:%d, %s", ret, table_line);
+		log_fatal(g_verify_proxy->logger, MODULE_VERIFY_MATCHER, "Policy catalog table parse tunnel catalog failed, ret:%d, %s", ret, table_line);
 		return;
 	}
@@ -472,7 +472,7 @@ void tunnel_catalog_table_new_cb(const char *table_name, int table_id, const cha
 	tunnel->ref_cnt=1;
 	pthread_mutex_init(&(tunnel->lock), NULL);
-	mesa_runtime_log(RLOG_LV_DEBUG, "Policy table add success %d", tunnel_id);
+	log_debug(g_verify_proxy->logger, MODULE_VERIFY_MATCHER, "Policy table add success %d", tunnel_id);
 	*ad = tunnel;
 }
@@ -486,7 +486,7 @@ void tunnel_endpoint_table_new_cb(const char *table_name, int table_id, const ch
 	ret=sscanf(table_line, "%d\t%d\t%s\t%s\t%s\t%d", &endpoint_id, &addr_type, start_ip, end_ip, description, &is_valid);
 	if(ret!=6)
 	{
-		mesa_runtime_log(RLOG_LV_FATAL, "Policy table parse tunnel end point failed, ret:%d, %s", ret, table_line);
+		log_fatal(g_verify_proxy->logger, MODULE_VERIFY_MATCHER, "Policy table parse tunnel end point failed, ret:%d, %s", ret, table_line);
 		return;
 	}
@@ -497,7 +497,7 @@ void tunnel_endpoint_table_new_cb(const char *table_name, int table_id, const ch
 	tunnel->ref_cnt=1;
 	pthread_mutex_init(&(tunnel->lock), NULL);
-	mesa_runtime_log(RLOG_LV_DEBUG, "Policy endpoint table add success %d", endpoint_id);
+	log_debug(g_verify_proxy->logger, MODULE_VERIFY_MATCHER, "Policy endpoint table add success %d", endpoint_id);
 	*ad = tunnel;
 }
@@ -509,7 +509,7 @@ void tunnel_label_table_new_cb(const char *table_name, int table_id, const char*
 	ret=sscanf(table_line, "%d\t%d", &label_id, &is_valid);
 	if(ret!=2)
 	{
-		mesa_runtime_log(RLOG_LV_FATAL, "Policy table tunnel label failed, ret:%d, %s", ret, table_line);
+		log_fatal(g_verify_proxy->logger, MODULE_VERIFY_MATCHER, "Policy table tunnel label failed, ret:%d, %s", ret, table_line);
 		return;
 	}
@@ -519,7 +519,7 @@ void tunnel_label_table_new_cb(const char *table_name, int table_id, const char*
 	tunnel->ref_cnt=1;
 	pthread_mutex_init(&(tunnel->lock), NULL);
-	mesa_runtime_log(RLOG_LV_DEBUG, "Policy label table add success %d", label_id);
+	log_debug(g_verify_proxy->logger, MODULE_VERIFY_MATCHER, "Policy label table add success %d", label_id);
 	*ad = tunnel;
 }
@@ -560,7 +560,7 @@ int maat_tunnel_table_init(int profile_idx,int vsys_id,
 		table_id=maat_plugin_table_ex_schema_register(g_policy_rt->feather[vsys_id], table_name, new_func[profile_idx], free_func, dup_func, 0, NULL);
 		return table_id;
 	}
-	mesa_runtime_log(RLOG_LV_FATAL, "Register table %s failed.", table_name);
+	log_fatal(g_verify_proxy->logger, MODULE_VERIFY_MATCHER, "Register table %s failed.", table_name);
 	return -1;
 }
@@ -626,7 +626,7 @@ int maat_plugin_table_ex_init(int profile_idx, int vsys_id,
 		ret=maat_plugin_table_ex_schema_register(g_policy_rt->feather[vsys_id], table_name, new_func, free_func, dup_func, 0, NULL);
 		return ret;
 	}
-	mesa_runtime_log(RLOG_LV_FATAL, "Register maat plugin table %s failed.", table_name);
+	log_fatal(g_verify_proxy->logger, MODULE_VERIFY_MATCHER, "Register maat plugin table %s failed.", table_name);
 	return -1;
 }
@@ -721,7 +721,7 @@ int maat_ip_table_init(int profile_idx,int vsys_id,
 									  				  0, NULL);
 		return 0;
 	}
-	mesa_runtime_log(RLOG_LV_FATAL, "Register table %s failed.", table_name);
+	log_fatal(g_verify_proxy->logger, MODULE_VERIFY_MATCHER, "Register table %s failed.", table_name);
 	return -1;
 }
@@ -746,7 +746,7 @@ void fqdn_cat_new_data(const char *table_name, int table_id, const char* key, co
 	if(ret!=6)
 	{
 		FREE(&fqdn_cat);
-		mesa_runtime_log(RLOG_LV_FATAL, "Parse fqdn category failed, ret: %d table_id: %d table_line: %s", ret, table_id, table_line);
+		log_fatal(g_verify_proxy->logger, MODULE_VERIFY_MATCHER, "Parse fqdn category failed, ret: %d table_id: %d table_line: %s", ret, table_id, table_line);
 		return;
 	}
 	fqdn_cat->ref_cnt=1;
@@ -795,7 +795,7 @@ void compile_table_new_cb(const char *table_name, int table_id, const char* key,
 	ret=sscanf(table_line, "%d\t%d\t%d\t%d\t%d\t%s\t%s\t%d\t%d", &config_id, &service_id, &action, &do_blacklist, &do_log,effective_range,srv_def_large,&group_num,&is_valid);
 	if(ret!=9)
 	{
-		mesa_runtime_log(RLOG_LV_FATAL, "Security compile table parse failed, ret:%d, %s", ret, table_line);
+		log_fatal(g_verify_proxy->logger, MODULE_VERIFY_MATCHER, "Security compile table parse failed, ret:%d, %s", ret, table_line);
 		return;
 	}
 	do_log=do_log;
@@ -1411,21 +1411,22 @@ static int group_scan(struct policy_scan_ctx *ctx, int vsys_id, int hit_cnt, str
 	return hit_cnt_group;
 }
-static int get_group_id_by_location(struct ip_data_table* ip_location, int level)
+
 static int get_group_id_by_location(const struct ip_data_table* ip_location, size_t level)
 {
-	switch(level)
+    const int* group_ids[] = {
 		&ip_location->country_region_group_id,
        &ip_location->province_group_id,
        &ip_location->city_group_id,
        &ip_location->subdivision_group_id
    };
    if (level >= 0 && level < sizeof(group_ids) / sizeof(group_ids[0]))
    {
-		case 0:
+        return *group_ids[level];
 			return ip_location->country_region_group_id;
 		case 1:
 			return ip_location->province_group_id;
 		case 2:
 			return ip_location->city_group_id;
 		case 3:
 			return ip_location->subdivision_group_id;
 		default:
 			return 0;
    }
    return 0;
 }
 int ip_location_scan(struct policy_scan_ctx *ctx, int vsys_id, struct ip_addr *sip, struct ip_addr *dip, int hit_cnt)
@@ -1804,6 +1805,8 @@ int tunnel_scan(struct request_query_obj *request, struct policy_scan_ctx *ctx,
 	size_t n_hit_result=0;
 	long long result[MAX_SCAN_RESULT]={0};
 	int hit_cnt_group=0;
 	if(ctx->tunnel_scan_mid == NULL)
 	{
 		ctx->tunnel_scan_mid = maat_state_new(g_policy_rt->feather[vsys_id], ctx->thread_id);
@@ -1853,10 +1856,11 @@ int tunnel_scan(struct request_query_obj *request, struct policy_scan_ctx *ctx,
 			{
 				logic=0;
 			}
-			scan_ret = group_scan(ctx, vsys_id, hit_cnt, hit_group, TSG_OBJ_TUNNEL, logic);
+			scan_ret = maat_scan_group(g_policy_rt->feather[vsys_id], g_policy_rt->scan_table_id[TSG_OBJ_TUNNEL], &hit_group, 1,
-			if(scan_ret > 0)
+							   		  ctx->result+hit_cnt+hit_cnt_group, MAX_SCAN_RESULT-hit_cnt-hit_cnt_group, &n_hit_result, ctx->scan_mid);
 			if(scan_ret == MAAT_SCAN_HIT)
 			{
-				hit_cnt_tunnel+=scan_ret; 
+				hit_cnt_tunnel+=n_hit_result;
 			}
 			if(scan_ret >= MAAT_SCAN_OK)
 			{
@@ -1868,6 +1872,16 @@ int tunnel_scan(struct request_query_obj *request, struct policy_scan_ctx *ctx,
 			}
 		}
 	}
 	if(logic)
 	{
 		scan_ret = maat_scan_not_logic(g_policy_rt->feather[vsys_id], g_policy_rt->scan_table_id[TSG_OBJ_TUNNEL], ctx->result+hit_cnt+hit_cnt_group,
 								   MAX_SCAN_RESULT-hit_cnt-hit_cnt_group, &n_hit_result, ctx->scan_mid);
 		if (scan_ret == MAAT_SCAN_HIT)
 		{
 			hit_cnt_tunnel+=n_hit_result;
 		}
 	}
 	ctx->tunnel_scan++;
 	request->merge_nth_scan_num = hit_path_cnt;
 finish:
@@ -2324,7 +2338,7 @@ static struct maat *create_maat_feather(const char * instance_name, const char *
 	}
 	else
 	{
-		mesa_runtime_log(RLOG_LV_FATAL, "Invalid redis port range %s, MAAT init failed.", redis_port_range);
+		log_fatal(g_verify_proxy->logger, MODULE_VERIFY_MATCHER, "Invalid redis port range %s, MAAT init failed.", redis_port_range);
 	}
 	MESA_load_profile_string_def(profile, section, "inc_cfg_dir", inc_cfg_dir, sizeof(inc_cfg_dir), "");
 	MESA_load_profile_string_def(profile, section, "full_cfg_dir", ful_cfg_dir, sizeof(ful_cfg_dir), "");
@@ -2347,7 +2361,7 @@ static struct maat *create_maat_feather(const char * instance_name, const char *
 		case MAAT_INPUT_FILE:
 			maat_options_set_iris(opts, ful_cfg_dir, inc_cfg_dir);
 			break;
-		default: mesa_runtime_log(RLOG_LV_FATAL, "Invalid MAAT Input Mode: %d.", input_mode);
+		default: log_fatal(g_verify_proxy->logger, MODULE_VERIFY_MATCHER, "Invalid MAAT Input Mode: %d.", input_mode);
 			goto error_out;
 			break;
 	}
@@ -2371,13 +2385,13 @@ static struct maat *create_maat_feather(const char * instance_name, const char *
 	target = maat_new(opts, table_info);
 	if (!target)
 	{
-		mesa_runtime_log(RLOG_LV_FATAL, "%s MAAT init failed.", __FUNCTION__);
+		log_fatal(g_verify_proxy->logger, MODULE_VERIFY_MATCHER, "%s MAAT init failed.", __FUNCTION__);
 		goto error_out;
 	}
-	mesa_runtime_log(RLOG_LV_INFO, "%s:%s", "Maat Redis Ip", redis_ip);
+	log_info(g_verify_proxy->logger, MODULE_VERIFY_MATCHER, "%s:%s", "Maat Redis Ip", redis_ip);
-	mesa_runtime_log(RLOG_LV_INFO, "%s:%s", "Maat Redis Port", redis_port_range);
+	log_info(g_verify_proxy->logger, MODULE_VERIFY_MATCHER, "%s:%s", "Maat Redis Port", redis_port_range);
-	mesa_runtime_log(RLOG_LV_INFO, "%s:%d", "Maat Redis_db_index", db_index);
+	log_info(g_verify_proxy->logger, MODULE_VERIFY_MATCHER, "%s:%d", "Maat Redis_db_index", db_index);
    maat_options_free(opts);
 	return target;
@@ -2499,6 +2513,9 @@ void verify_reload_loglevel()
 	int load_vsys_num=0, log_level=0;
 	const char * profile_path = "./conf/verify_policy.conf";
 	MESA_load_profile_int_def(profile_path, "SYSTEM", "log_level", &log_level, LOG_FATAL);
 	log_options_set_level(g_verify_proxy->logger, log_level);
 	MESA_load_profile_int_def(profile_path, "MAAT", "load_vsys_num", &(load_vsys_num), 255);
 	MESA_load_profile_int_def(profile_path, "MAAT", "log_level", &(log_level), LOG_LEVEL_FATAL);
@@ -2551,10 +2568,10 @@ int maat_table_init(struct verify_policy * verify, const char* profile_path)
 			g_policy_rt->scan_table_id[i] = maat_get_table_id(g_policy_rt->feather[vsys_id], table_name[i]);
 			if (g_policy_rt->scan_table_id[i] < 0)
 			{
-				mesa_runtime_log(RLOG_LV_FATAL, "Maat table %s register failed.", table_name[i]);
+				log_fatal(g_policy_rt->local_logger, MODULE_VERIFY_MATCHER, "Maat table %s register failed.", table_name[i]);
 				goto error_out;
 			}
-			mesa_runtime_log(RLOG_LV_DEBUG, "Register maat %p, table name %s, table id %d", g_policy_rt->feather[vsys_id], table_name[i], g_policy_rt->scan_table_id[i]);
+			log_debug(g_policy_rt->local_logger, MODULE_VERIFY_MATCHER, "Register maat %p, table name %s, table id %d", g_policy_rt->feather[vsys_id], table_name[i], g_policy_rt->scan_table_id[i]);
 		}
 		for(int i = 0; i < PXY_TABLE_DEFENCE; i++)
--- a/platform/src/verify_policy.cpp
+++ b/platform/src/verify_policy.cpp
@@ -30,9 +30,7 @@
 #include "verify_policy.h"
 #include <MESA/MESA_prof_load.h>
 #include <MESA/MESA_handle_logger.h>
 #include "verify_policy_utils.h"
 #include "verify_policy_logging.h"
 struct verify_policy * g_verify_proxy = NULL;
@@ -54,15 +52,17 @@ static int load_system_conf(struct verify_policy * verify, const char *profile)
    int xret = -1;
    xret = MESA_load_profile_uint_nodef(profile, "CONFIG", "thread-nu", &(verify->nr_work_threads));
-    if (xret < 0){
+    if (xret < 0)
-        mesa_runtime_log(RLOG_LV_FATAL, "Reading the number of running threads failed");
+	{
        log_fatal(verify->logger, MODULE_VERIFY_POLICY, "Reading the number of running threads failed");
    }
 	xret = MESA_load_profile_short_nodef(profile, "LISTEN", "port", (short *)&(verify->listen_port));
-	if (xret < 0){
+	if (xret < 0)
-		mesa_runtime_log(RLOG_LV_FATAL, "Listen Port invalid");
+	{
 		log_fatal(verify->logger, MODULE_VERIFY_POLICY, "Reading the listening port failed");
 	}
-	mesa_runtime_log(RLOG_LV_INFO, "%s:%d", "The Threads", verify->nr_work_threads);
+	log_info(verify->logger, MODULE_VERIFY_POLICY, "%s:%d", "The Threads", verify->nr_work_threads);
-	mesa_runtime_log(RLOG_LV_INFO, "%s:%d", "Libevent Port", verify->listen_port);
+	log_info(verify->logger, MODULE_VERIFY_POLICY, "%s:%d", "Libevent Port", verify->listen_port);
    return xret;
 }
@@ -86,7 +86,7 @@ int tsg_policy_type_str2idx(const char *action_str)
 		if (0 == strcasecmp(action_str, policy_name[i]))
 			break;
 	}
-	mesa_runtime_log(RLOG_LV_INFO, "[I]   policyType= %s", action_str);
+	log_info(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "[I]   policyType= %s", action_str);
 	return i;
 }
@@ -204,7 +204,7 @@ struct ipaddr *ip_to_stream_addr(const char *clientIp1, unsigned int clientPort1
 		v6_addr->dest=serverPort1;
 		ip_addr->v6=v6_addr;
 	}
-	mesa_runtime_log(RLOG_LV_INFO, " [I]   %s, clientIp1=%s, clientPort1=%d, serverIp=%s, serverPort=%d, addr_type=%d, protocol=%d", buff,
+	log_info(g_verify_proxy->logger, MODULE_VERIFY_POLICY, " [I]   %s, clientIp1=%s, clientPort1=%d, serverIp=%s, serverPort=%d, addr_type=%d, protocol=%d", buff,
 					clientIp1, clientPort1, serverIp1, serverPort1, addr_type, *protocol);
 	return ip_addr;
@@ -227,7 +227,7 @@ struct ipaddr *tunnel_to_stream_addr(const char *Ip, int addr_type)
 		inet_pton(AF_INET6,Ip,&(v6_addr->saddr));
 		ip_addr->v6=v6_addr;
 	}
-	mesa_runtime_log(RLOG_LV_DEBUG, "[I]    attributeName = ip, clientIp1=%s, addr_type = %d", Ip, addr_type);
+	log_debug(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "[I]    attributeName = ip, clientIp1=%s, addr_type = %d", Ip, addr_type);
 	return ip_addr;
 }
@@ -259,7 +259,7 @@ static struct ipaddr * get_ip_from_json(cJSON *attributeValue, const char *attri
 	if(attributeName==NULL)
 	{
-		mesa_runtime_log(RLOG_LV_FATAL, "The attributeType is of type iP, but the attributeName is empty, resulting in IP type parsing failure.");
+		log_fatal(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "The attributeType is of type iP, but the attributeName is empty, resulting in IP type parsing failure.");
 		return NULL;
 	}
@@ -274,7 +274,7 @@ static struct ipaddr * get_ip_from_json(cJSON *attributeValue, const char *attri
 	if(strcasecmp(attributeName, "ip_protocol") == 0)
 	{
-		mesa_runtime_log(RLOG_LV_INFO, "  [I]   %s, protocol=%d", buff, *protocol);
+		log_info(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "  [I]   %s, protocol=%d", buff, *protocol);
 		return NULL;
 	}
@@ -307,7 +307,7 @@ static char* get_port_from_json(cJSON *attributeValue, int *protocol, char *buff
 	{
 		*protocol = item->valueint;
 	}
-	mesa_runtime_log(RLOG_LV_INFO, "[I]   %s, port=%s, protocol=%d", buff, string, *protocol);
+	log_info(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "[I]   %s, port=%s, protocol=%d", buff, string, *protocol);
 	return string;
 }
@@ -354,7 +354,7 @@ static int get_attribute_from_json(int curr_id, cJSON* subchild, struct verify_p
 		policy_query->request_object[curr_id].table_id = protoco_field_type_str2idx(item->valuestring, buff, &p);
 		if(policy_query->request_object[curr_id].table_id == __TSG_OBJ_MAX)
 		{
-			mesa_runtime_log(RLOG_LV_FATAL, "Get table id failed form table name:%s", item->valuestring);
+			log_fatal(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "Get table id failed form table name:%s", item->valuestring);
 			return xret;
 		}
 	}
@@ -408,7 +408,7 @@ static int get_attribute_from_json(int curr_id, cJSON* subchild, struct verify_p
 			p += snprintf(p, sizeof(buff) - (p - buff), ", content = %s",policy_query->request_object[curr_id].string);
 		}
 	}
-	mesa_runtime_log(RLOG_LV_INFO, "[I]    %s", buff);
+	log_info(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "[I]    %s", buff);
 	memset(buff, 0, VERIFY_STRING_MAX*2);
 end:
 	xret = 1;
@@ -433,7 +433,7 @@ enum verify_type get_verify_type(cJSON* data_json)
 		{
 			q_type = VERIFY_TYPE_REGEX;
 		}
-		mesa_runtime_log(RLOG_LV_INFO, " [I]   verifyType= %s", item->valuestring);
+		log_info(g_verify_proxy->logger, MODULE_VERIFY_POLICY, " [I]   verifyType= %s", item->valuestring);
 	}
 	return q_type;
 }
@@ -508,7 +508,7 @@ int get_query_result_policy(cJSON *subitem, cJSON *data_obj, int thread_id)
 		verify_policy->compile_table_id = tsg_policy_type_str2idx(item->valuestring);
 		if (verify_policy->compile_table_id >= __SCAN_POLICY_MAX)
 		{
-			mesa_runtime_log(RLOG_LV_FATAL, "policy type error, policy id = %d", verify_policy->compile_table_id);
+			log_fatal(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "policy type error, policy id = %d", verify_policy->compile_table_id);
 			goto free;
 		}
 	}
@@ -518,7 +518,7 @@ int get_query_result_policy(cJSON *subitem, cJSON *data_obj, int thread_id)
 	{
 		verify_policy->vsys_id = item->valueint;
 	}
-	mesa_runtime_log(RLOG_LV_INFO, "[I]   vsysId= %d", verify_policy->vsys_id);
+	log_info(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "[I]   vsysId= %d", verify_policy->vsys_id);
 	item = cJSON_GetObjectItem(subitem,"verifySession");
 	if(item == NULL || item->type!=cJSON_Object)
@@ -581,7 +581,7 @@ cJSON *get_query_from_request(const char *data, ssize_t data_len, int thread_id)
 	cJSON* data_json = cJSON_Parse(data);
 	if(data_json == NULL)
 	{
-		mesa_runtime_log(RLOG_LV_FATAL, "invalid policy parameter");
+		log_fatal(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "Failed to parse the request data.");
 		return NULL;
 	}
 	cJSON  *policy_obj=NULL, *data_obj=NULL;
@@ -603,7 +603,7 @@ cJSON *get_query_from_request(const char *data, ssize_t data_len, int thread_id)
 		{
 			if(verify_type == VERIFY_TYPE_REGEX)
 			{
-				mesa_runtime_log(RLOG_LV_INFO, " [I]   data= %.*s", (int)data_len, data);
+				log_info(g_verify_proxy->logger, MODULE_VERIFY_POLICY, " [I]   data= %.*s", (int)data_len, data);
 				hit_cnt = get_query_result_regex(subitem, data_obj);
 			}
@@ -659,13 +659,13 @@ void evhttp_request_cb(struct evhttp_request *evh_req, void *arg)
 	if (evhttp_request_get_command(evh_req) != EVHTTP_REQ_POST)
 	{
-		mesa_runtime_log(RLOG_LV_FATAL, "FAILED (post type)");
+		log_fatal(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "FAILED (post type)");
 		goto error;
 	}
 	evbuf_body = evhttp_request_get_input_buffer(evh_req);
 	if (!evbuf_body || 0==(inputlen = evbuffer_get_length(evbuf_body)) ||!(input = (char *)evbuffer_pullup(evbuf_body,inputlen)))
 	{
-		mesa_runtime_log(RLOG_LV_FATAL, "Failed to get post data information.");
+		log_fatal(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "Failed to get post data information.");
 		goto error;
 	}
@@ -676,7 +676,7 @@ void evhttp_request_cb(struct evhttp_request *evh_req, void *arg)
 	}
 	policy_payload = cJSON_PrintUnformatted(policy_obj);
-	mesa_runtime_log(RLOG_LV_INFO, "[O]   %s", policy_payload);
+	log_info(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "[O]   %s", policy_payload);
 	evhttp_socket_send(evh_req, policy_payload);
 	cJSON_Delete(policy_obj);
@@ -698,13 +698,13 @@ void * verify_policy_thread_func(void * arg)
    thread_ctx->base = event_base_new();
 	if (! thread_ctx->base)
 	{
-        mesa_runtime_log(RLOG_LV_FATAL, "Can'thread_ctx allocate event base");
+        log_fatal(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "Can'thread_ctx allocate event base");
        goto finish;
    }
    thread_ctx->http = evhttp_new(thread_ctx->base);
 	if (!thread_ctx->http)
 	{
-        mesa_runtime_log(RLOG_LV_FATAL, "couldn'thread_ctx create evhttp. Exiting.");
+        log_fatal(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "couldn'thread_ctx create evhttp. Exiting.");
 		goto error;
 	}
@@ -713,10 +713,10 @@ void * verify_policy_thread_func(void * arg)
 	bound = evhttp_accept_socket_with_handle(thread_ctx->http, thread_ctx->accept_fd);
 	if (bound != NULL)
 	{
-		mesa_runtime_log(RLOG_LV_INFO, "Bound(%p) to port %d - Awaiting connections ... ", bound,
+		log_info(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "Bound(%p) to port %d - Awaiting connections ... ", bound,
 						g_verify_proxy->listen_port);
 	}
-	mesa_runtime_log(RLOG_LV_FATAL, "Work thread %u is run...", thread_ctx->id);
+	log_fatal(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "Work thread %u is run...", thread_ctx->id);
 	event_base_dispatch(thread_ctx->base);
 error:
@@ -832,7 +832,7 @@ int verify_policy_work_thread_run(struct verify_policy * verify)
    evutil_socket_t accept_fd = evhttp_listen_socket_byuser((struct sockaddr*)&sin, sizeof(struct sockaddr_in),LEV_OPT_REUSEABLE_PORT|LEV_OPT_CLOSE_ON_FREE, -1);
    if (accept_fd < 0)
 	{
-        mesa_runtime_log(RLOG_LV_FATAL, "Could not create a listen!");
+        log_fatal(verify->logger, MODULE_VERIFY_POLICY, "Could not create a listen!");
        goto finish;
    }
@@ -846,12 +846,12 @@ int verify_policy_work_thread_run(struct verify_policy * verify)
 		if (pthread_create(&thread_ctx->pid, thread_ctx->attr, thread_ctx->routine, thread_ctx))
 		{
-            mesa_runtime_log(RLOG_LV_FATAL, "%s", strerror(errno));
+            log_fatal(verify->logger, MODULE_VERIFY_POLICY, "%s", strerror(errno));
 			goto finish;
 		}
 		if (pthread_detach(thread_ctx->pid))
 		{
-            mesa_runtime_log(RLOG_LV_FATAL, "%s", strerror(errno));
+            log_fatal(verify->logger, MODULE_VERIFY_POLICY, "%s", strerror(errno));
 			goto finish;
 		}
 	}
@@ -910,14 +910,14 @@ int breakpad_init_minidump_upload(struct breakpad_instance * instance, const cha
 	if (unlikely(ret < 0))
 	{
-		mesa_runtime_log(RLOG_LV_FATAL, "breakpad_upload_url is necessary, failed. ");
+		log_fatal(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "breakpad_upload_url is necessary, failed. ");
 		goto errout;
 	}
 	ret = readlink("/proc/self/exe", execpath, sizeof(execpath));
 	if(unlikely(ret < 0))
 	{
-		mesa_runtime_log(RLOG_LV_FATAL, "Failed at readlink /proc/self/exec: %s", strerror(errno));
+		log_fatal(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "Failed at readlink /proc/self/exec: %s", strerror(errno));
 		/* after log, reset errno */
 		errno = 0;
 		goto errout;
@@ -1018,7 +1018,7 @@ struct breakpad_instance * breakpad_init(const char * profile)
 		ret = setrlimit(RLIMIT_CORE, &__rlimit_vars);
 		if (ret < 0)
 		{
-			mesa_runtime_log(RLOG_LV_FATAL, "setrlimit(RLIMIT_CORE, 0) failed: %s", strerror(errno));
+			log_fatal(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "setrlimit(RLIMIT_CORE, 0) failed: %s", strerror(errno));
 			/* after log, reset errno */
 			errno = 0;
 		}
@@ -1027,7 +1027,7 @@ struct breakpad_instance * breakpad_init(const char * profile)
 	MESA_load_profile_uint_def(profile, "system", "enable_breakpad", &instance->en_breakpad, 1);
 	if (instance->en_breakpad <= 0)
 	{
-		mesa_runtime_log(RLOG_LV_FATAL, "Breakpad Crash Reporting System is disabled. ");
+		log_fatal(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "Breakpad Crash Reporting System is disabled. ");
 		return instance;
 	}
@@ -1046,7 +1046,7 @@ struct breakpad_instance * breakpad_init(const char * profile)
 		ret = breakpad_init_minidump_upload(instance, profile);
 		if (ret < 0)
 		{
-			mesa_runtime_log(RLOG_LV_FATAL, "Breakpad upload init failed, using local breakpad dumpfile");
+			log_fatal(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "Breakpad upload init failed, using local breakpad dumpfile");
 			instance->en_breakpad_upload = 0;
 		}
@@ -1055,7 +1055,7 @@ struct breakpad_instance * breakpad_init(const char * profile)
 		ret = setrlimit(RLIMIT_CORE, &__rlimit_vars);
 		if (ret < 0)
 		{
-			mesa_runtime_log(RLOG_LV_FATAL, "setrlimit(RLIMIT_CORE, 0) failed: %s", strerror(errno));
+			log_fatal(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "setrlimit(RLIMIT_CORE, 0) failed: %s", strerror(errno));
 			/* after log, reset errno */
 			errno = 0;
 		}
@@ -1073,8 +1073,8 @@ struct breakpad_instance * breakpad_init(const char * profile)
 			google_breakpad::MinidumpDescriptor(instance->minidump_dir_prefix), NULL,
 			tfe_breakpad_dump_to_file, NULL, true, -1);
 	}
-	mesa_runtime_log(RLOG_LV_INFO, "Breakpad Crash Report is enable. ");
+	log_info(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "Breakpad Crash Report is enable. ");
-	mesa_runtime_log(RLOG_LV_INFO, "Minidump Dir: %s", instance->minidump_dir_prefix);
+	log_info(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "Minidump Dir: %s", instance->minidump_dir_prefix);
 	return instance;
 }
@@ -1083,8 +1083,7 @@ void __signal_handler_cb(int sig)
 	switch (sig)
 	{
 		case SIGHUP:
-			mesa_runtime_log(RLOG_LV_INFO, "Reload log config");
+			log_info(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "Reload log config");
            MESA_handle_runtime_log_reconstruction(NULL);
 			verify_reload_loglevel();
            break;
 		case SIGPIPE:
@@ -1102,7 +1101,7 @@ int main(int argc, char * argv[])
 	const char * main_profile = "./conf/verify_policy.conf";
 	struct timespec start_time, end_time;
-	int ret = 0, opt = 0;
+	int ret = 0, opt = 0, log_level=0;
 	while ((opt = getopt(argc, argv, "v")) != -1)
 	{
 		switch (opt)
@@ -1118,7 +1117,9 @@ int main(int argc, char * argv[])
 	assert(g_verify_proxy);
 	strcpy(g_verify_proxy->name, "verify_policy");
-	g_verify_proxy->logger = verify_syslog_init(main_profile);
+	const char *log_path="./logs/verify_policy.log";
 	MESA_load_profile_int_def(main_profile, "SYSTEM", "log_level", &log_level, LOG_FATAL);
 	g_verify_proxy->logger = log_handle_create(log_path, log_level);
 	CHECK_OR_EXIT(g_verify_proxy->logger != NULL, "Failed at init log module. Exit.");
 	ret = load_system_conf(g_verify_proxy, main_profile);
@@ -1128,7 +1129,8 @@ int main(int argc, char * argv[])
 	ret = maat_table_init(g_verify_proxy, main_profile);
 	CHECK_OR_EXIT(ret == 0, "Failed at init maat module, Exit.");
 	clock_gettime(CLOCK_REALTIME, &(end_time));
-	mesa_runtime_log(RLOG_LV_FATAL, "Read table_info.conf, take time %lu(s)", end_time.tv_sec - start_time.tv_sec);
+
 	log_fatal(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "Read table_info.conf, take time %lu(s)", end_time.tv_sec - start_time.tv_sec);
 	printf("Read table_info.conf, take time %lu(s)\n", end_time.tv_sec - start_time.tv_sec);
 	g_verify_proxy->breakpad = breakpad_init(main_profile);
--- a/vendor/CMakeLists.txt
+++ b/vendor/CMakeLists.txt
@@ -103,10 +103,6 @@ set_property(TARGET gperftools-static PROPERTY INTERFACE_INCLUDE_DIRECTORIES ${I
 set(MESA_FRAMEWORK_LIB_DIR /opt/MESA/lib)
 set(MESA_FRAMEWORK_INCLUDE_DIR /opt/MESA/include)
 add_library(MESA_handle_logger SHARED IMPORTED GLOBAL)
 set_property(TARGET MESA_handle_logger PROPERTY IMPORTED_LOCATION ${MESA_FRAMEWORK_LIB_DIR}/libMESA_handle_logger.so)
 set_property(TARGET MESA_handle_logger PROPERTY INTERFACE_INCLUDE_DIRECTORIES ${MESA_FRAMEWORK_INCLUDE_DIR})
 add_library(MESA_prof_load SHARED IMPORTED GLOBAL)
 set_property(TARGET MESA_prof_load PROPERTY IMPORTED_LOCATION ${MESA_FRAMEWORK_LIB_DIR}/libMESA_prof_load.so)
 set_property(TARGET MESA_prof_load PROPERTY INTERFACE_INCLUDE_DIRECTORIES ${MESA_FRAMEWORK_INCLUDE_DIR})