new(userspace/falco): falco output handler to send events via grpc

Co-authored-by: Lorenzo Fontana <lo@linux.com> Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
2025-07-15 23:36:19 +00:00 · 2019-09-06 14:08:19 +00:00 · 2019-09-06 14:08:19 +00:00 · 43cd429967
commit 43cd429967
parent 7a99336b3b
2 changed files with 41 additions and 3 deletions
--- a/userspace/falco/falco_outputs.cpp
+++ b/userspace/falco/falco_outputs.cpp
@ -24,12 +24,14 @@ limitations under the License.

 #include "formats.h"
 #include "logger.h"
+#include "falco_output_queue.h"

 using namespace std;

 const static struct luaL_reg ll_falco_outputs [] =
 {
 	{"handle_http", &falco_outputs::handle_http},
+	{"handle_grpc", &falco_outputs::handle_grpc},
 	{NULL,NULL}
 };

@ -206,7 +208,7 @@ void falco_outputs::handle_msg(uint64_t now,
 		bool first = true;

 		sinsp_utils::ts_to_string(now, &timestr, false, true);
-		full_msg = timestr + ": " + falco_common::priority_names[LOG_CRIT] + " " + msg + "(";
+		full_msg = timestr + ": " + falco_common::priority_names[LOG_CRIT] + " " + msg + " (";
 		for(auto &pair : output_fields)
 		{
 			if(first)
@ -298,3 +300,38 @@ int falco_outputs::handle_http(lua_State *ls)
 	}
 	return 1;
 }
+
+int falco_outputs::handle_grpc(lua_State *ls)
+{
+	// fixme > check parameters later
+	// if(!lua_isstring(ls, -1) ||
+	//    !lua_isstring(ls, -2))
+	// {
+	// 	lua_pushstring(ls, "Invalid arguments passed to handle_grpc()");
+	// 	lua_error(ls);
+	// }
+
+	enum source source;
+	if(!source_Parse((char *)lua_tostring(ls, 3), &source))
+	{
+		lua_pushstring(ls, "Unknown source passed to to handle_grpc()");
+		lua_error(ls);
+	}
+
+	enum priority priority;
+	if(!priority_Parse((char *)lua_tostring(ls, 4), &priority))
+	{
+		lua_pushstring(ls, "Unknown priority passed to to handle_grpc()");
+		lua_error(ls);
+	}
+
+	falco_output_response grpc_res = falco_output_response();
+	grpc_res.set_rule((char *)lua_tostring(ls, 2));
+	grpc_res.set_source(source);
+	grpc_res.set_priority(priority);
+	grpc_res.set_output((char *)lua_tostring(ls, 6));
+
+	falco_output_queue::get().queue().push(grpc_res);
+
+	return 1;
+}
--- a/userspace/falco/falco_outputs.h
+++ b/userspace/falco/falco_outputs.h
@ -46,8 +46,8 @@ public:
 	falco_outputs(falco_engine *engine);
 	virtual ~falco_outputs();

-	// The way to refer to an output (file, syslog, stdout,
-	// etc). An output has a name and set of options.
+	// The way to refer to an output (file, syslog, stdout, etc.)
+	// An output has a name and set of options.
 	struct output_config
 	{
 		std::string name;
@ -78,6 +78,7 @@ public:
 	void reopen_outputs();

 	static int handle_http(lua_State *ls);
+	static int handle_grpc(lua_State *ls);

 private: