From 29cc8ee571fe200ce5c46bcbbd530a4c88e76c2c Mon Sep 17 00:00:00 2001
From: Mark Stemm <mark.stemm@sysdig.com>
Date: Wed, 12 Oct 2016 17:08:28 -0700
Subject: [PATCH] Add notes on how to post to slack webhooks.

Add comments for program_output that show how to post to a slack webhook
and an alernate logging method--came up in one of the github issues.
---
 falco.yaml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/falco.yaml b/falco.yaml
index fae68e0b..d9a0d9d7 100644
--- a/falco.yaml
+++ b/falco.yaml
@@ -23,6 +23,12 @@ file_output:
 stdout_output:
   enabled: true
 
+# Possible additional things you might want to do with program output:
+#   - send to a slack webhook:
+#         program: "jq '{text: .output}' | curl -d @- -X POST https://hooks.slack.com/services/XXX"
+#   - logging (alternate method than syslog):
+#         program: logger -t falco-test
+
 program_output:
   enabled: false
   program: mail -s "Falco Notification" someone@example.com