Prefix outputs with * within the engine.

Prefix output strings with * so they are always permissive in the engine. In falco outputs, which adds its own prefix, remove any leading * before adding the custom prefix.
2025-09-09 18:49:22 +00:00 · 2016-12-30 15:15:39 -08:00
parent 77a5429cae
commit 362a6b7b9a
2 changed files with 11 additions and 1 deletions
--- a/userspace/engine/lua/rule_loader.lua
+++ b/userspace/engine/lua/rule_loader.lua
@@ -436,7 +436,10 @@ function on_event(evt_, rule_id)
      rule_output_counts.by_name[rule.rule] = rule_output_counts.by_name[rule.rule] + 1
   end

-   return rule.rule, rule.priority, rule.output
+   -- Prefix output with '*' so formatting is permissive
+   output = "*"..rule.output
+
+   return rule.rule, rule.priority, output
 end

 function print_stats()