Prefix outputs with * within the engine.

Prefix output strings with * so they are always permissive in the engine. In falco outputs, which adds its own prefix, remove any leading * before adding the custom prefix.
2025-06-30 16:42:14 +00:00 · 2016-12-30 15:15:39 -08:00 · 2016-12-30 15:15:39 -08:00 · 362a6b7b9a
commit 362a6b7b9a
parent 77a5429cae
2 changed files with 11 additions and 1 deletions
--- a/userspace/engine/lua/rule_loader.lua
+++ b/userspace/engine/lua/rule_loader.lua
@ -436,7 +436,10 @@ function on_event(evt_, rule_id)
      rule_output_counts.by_name[rule.rule] = rule_output_counts.by_name[rule.rule] + 1
   end

-   return rule.rule, rule.priority, rule.output
+   -- Prefix output with '*' so formatting is permissive
+   output = "*"..rule.output
+
+   return rule.rule, rule.priority, output
 end

 function print_stats()
--- a/userspace/falco/lua/output.lua
+++ b/userspace/falco/lua/output.lua
@ -76,6 +76,13 @@ end

 function output_event(event, rule, priority, format)
   local level = level_of(priority)
+
+   -- If format starts with a *, remove it, as we're adding our own
+   -- prefix here.
+   if format:sub(1,1) == "*" then
+      format = format:sub(2)
+   end
+
   format = "*%evt.time: "..levels[level+1].." "..format
   if formatters[rule] == nil then
      formatter = formats.formatter(format)