github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-06 17:20:49 +00:00
Code Issues Projects Releases Wiki Activity

falco_formats only formats events now, no lua bindings

Browse Source 
Modify falco_formats to only be responsible for resolving a rule's
output string or coming up with a map of field name->field values from
a given output string.

It relies on the changes in
https://github.com/falcosecurity/libs/pull/77 to use generic
formatters for a given source.

Remove lua bindings to create a formatter/free a formatter. Those were
unused as of the changes in
https://github.com/falcosecurity/falco/pull/1451, so finally remove
them now.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
This commit is contained in:
Mark Stemm
2021-08-25 16:27:05 -07:00
committed by poiana
parent 1c60dab87e
commit 3202921355
4 changed files with 75 additions and 207 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
userspace/engine/formats.h
View File

@@ -16,7 +16,7 @@ limitations under the License.
#pragma once
#include "sinsp.h"
#include <string>
extern "C"
{
@@ -25,37 +25,26 @@ extern "C"
#include "lauxlib.h"
}
#include "json_evt.h"
#include "falco_engine.h"
#include <gen_filter.h>
class sinsp_evt_formatter;
#include "falco_engine.h"
class falco_formats
{
public:
static void init(sinsp *inspector,
falco_engine *engine,
lua_State *ls,
bool json_output,
bool json_include_output_property,
bool json_include_tags_property);
falco_formats(falco_engine *engine,
bool json_include_output_property,
bool json_include_tags_property);
virtual ~falco_formats();
// formatter = falco.formatter(format_string)
static int lua_formatter(lua_State *ls);
std::string format_event(gen_event *evt, const std::string &rule, const std::string &source,
const std::string &level, const std::string &format, std::set<std::string> &tags);
// falco.free_formatter(formatter)
static int lua_free_formatter(lua_State *ls);
map<string, string> get_field_values(gen_event *evt, const std::string &source,
const std::string &format);
static string format_event(const gen_event *evt, const std::string &rule, const std::string &source,
const std::string &level, const std::string &format, std::set<std::string> &tags);
static map<string, string> resolve_tokens(const gen_event *evt, const std::string &source,
const std::string &format);
static sinsp *s_inspector;
static falco_engine *s_engine;
static std::unique_ptr<sinsp_evt_formatter_cache> s_formatters;
static bool s_json_output;
static bool s_json_include_output_property;
static bool s_json_include_tags_property;
protected:
falco_engine *m_falco_engine;
bool m_json_include_output_property;
bool m_json_include_tags_property;
};