diff --git a/README.md b/README.md
index a8fa62b0..de389426 100644
--- a/README.md
+++ b/README.md
@@ -177,7 +177,7 @@ Falco can then be run with:
 
 ```
 docker pull sysdig/falco
-docker run -i -t --name falco --privileged -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro sysdig/falco falco
+docker run -i -t --name falco --privileged -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro sysdig/falco
 ```
 
 ##### Container install (CoreOS)
@@ -206,7 +206,7 @@ Falco is intended to be run as a service. But for experimentation and designing/
 
 #### Running Falco in a container
 
-`docker run -i -t --name falco --privileged -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro sysdig/falco falco`
+`docker run -i -t --name falco --privileged -v /var/run/docker.sock:/host/var/run/docker.sock -v /dev:/host/dev -v /proc:/host/proc:ro -v /boot:/host/boot:ro -v /lib/modules:/host/lib/modules:ro -v /usr:/host/usr:ro sysdig/falco`
 
 #### Running Falco manually
 
diff --git a/docker/dev/Dockerfile b/docker/dev/Dockerfile
index 6d8395aa..16d1fc9e 100644
--- a/docker/dev/Dockerfile
+++ b/docker/dev/Dockerfile
@@ -46,4 +46,4 @@ COPY ./docker-entrypoint.sh /
 
 ENTRYPOINT ["/docker-entrypoint.sh"]
 
-CMD ["bash"]
+CMD ["/usr/bin/falco"]
diff --git a/docker/stable/Dockerfile b/docker/stable/Dockerfile
index 67468838..1620461f 100644
--- a/docker/stable/Dockerfile
+++ b/docker/stable/Dockerfile
@@ -46,4 +46,4 @@ COPY ./docker-entrypoint.sh /
 
 ENTRYPOINT ["/docker-entrypoint.sh"]
 
-CMD ["bash"]
+CMD ["/usr/bin/falco"]
diff --git a/falco.yaml b/falco.yaml
index ae6ba2eb..3962f2c2 100644
--- a/falco.yaml
+++ b/falco.yaml
@@ -6,7 +6,7 @@ json_output: false
 
 # Send information logs to stderr and/or syslog Note these are *not* security
 # notification logs! These are just Falco lifecycle (and possibly error) logs.
-log_stderr: false
+log_stderr: true
 log_syslog: true
 
 
@@ -21,5 +21,5 @@ file_output:
   filename: ./events.txt
 
 stdout_output:
-  enabled: false
+  enabled: true