github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-07-17 16:21:31 +00:00
Code Issues Projects Releases Wiki Activity

new(userspace/falco): falco output handler to send events via grpc

Browse Source 
Co-authored-by: Lorenzo Fontana <lo@linux.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
This commit is contained in:
Leonardo Di Donato 2019-09-06 14:08:19 +00:00 committed by Leo Di Donato
parent 7a99336b3b
commit 43cd429967
2 changed files with 41 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
userspace/falco/falco_outputs.cpp
View File

@ -24,12 +24,14 @@ limitations under the License.
#include "formats.h" #include "formats.h"
#include "logger.h" #include "logger.h"
#include "falco_output_queue.h"
using namespace std; using namespace std;
const static struct luaL_reg ll_falco_outputs [] = const static struct luaL_reg ll_falco_outputs [] =
{ {
{"handle_http", &falco_outputs::handle_http}, {"handle_http", &falco_outputs::handle_http},
{"handle_grpc", &falco_outputs::handle_grpc},
{NULL,NULL} {NULL,NULL}
}; };
@ -206,7 +208,7 @@ void falco_outputs::handle_msg(uint64_t now,
bool first = true; bool first = true;
sinsp_utils::ts_to_string(now, &timestr, false, true); sinsp_utils::ts_to_string(now, &timestr, false, true);
full_msg = timestr + ": " + falco_common::priority_names[LOG_CRIT] + " " + msg + "("; full_msg = timestr + ": " + falco_common::priority_names[LOG_CRIT] + " " + msg + " (";
for(auto &pair : output_fields) for(auto &pair : output_fields)
{ {
if(first) if(first)
@ -298,3 +300,38 @@ int falco_outputs::handle_http(lua_State *ls)
} }
return 1; return 1;
} }
int falco_outputs::handle_grpc(lua_State *ls)
{
// fixme > check parameters later
// if(!lua_isstring(ls, -1) ||
// !lua_isstring(ls, -2))
// {
// lua_pushstring(ls, "Invalid arguments passed to handle_grpc()");
// lua_error(ls);
// }
enum source source;
if(!source_Parse((char *)lua_tostring(ls, 3), &source))
{
lua_pushstring(ls, "Unknown source passed to to handle_grpc()");
lua_error(ls);
}
enum priority priority;
if(!priority_Parse((char *)lua_tostring(ls, 4), &priority))
{
lua_pushstring(ls, "Unknown priority passed to to handle_grpc()");
lua_error(ls);
}
falco_output_response grpc_res = falco_output_response();
grpc_res.set_rule((char *)lua_tostring(ls, 2));
grpc_res.set_source(source);
grpc_res.set_priority(priority);
grpc_res.set_output((char *)lua_tostring(ls, 6));
falco_output_queue::get().queue().push(grpc_res);
return 1;
}

5
userspace/falco/falco_outputs.h
View File

@ -46,8 +46,8 @@ public:
falco_outputs(falco_engine *engine); falco_outputs(falco_engine *engine);
virtual ~falco_outputs(); virtual ~falco_outputs();
// The way to refer to an output (file, syslog, stdout, // The way to refer to an output (file, syslog, stdout, etc.)
// etc). An output has a name and set of options. // An output has a name and set of options.
struct output_config struct output_config
{ {
std::string name; std::string name;
@ -78,6 +78,7 @@ public:
void reopen_outputs(); void reopen_outputs();
static int handle_http(lua_State *ls); static int handle_http(lua_State *ls);
static int handle_grpc(lua_State *ls);
private: private: