diff --git a/digwatch.yaml b/digwatch.yaml index bfaf2a4a..cab5e194 100644 --- a/digwatch.yaml +++ b/digwatch.yaml @@ -1,4 +1,5 @@ rules_file: /etc/digwatch_rules.conf +json_output: true syslog_output: enabled: false diff --git a/userspace/digwatch/configuration.cpp b/userspace/digwatch/configuration.cpp index 71a74b3e..3fc8a602 100644 --- a/userspace/digwatch/configuration.cpp +++ b/userspace/digwatch/configuration.cpp @@ -19,6 +19,7 @@ void digwatch_configuration::init(string conf_filename) m_config = new yaml_configuration(m_config_file); m_rules_filename = m_config->get_scalar("rules_file", "/etc/digwatch_rules.conf"); + m_json_output = m_config->get_scalar("json_output", false); output_config file_output; file_output.name = "file"; diff --git a/userspace/digwatch/configuration.h b/userspace/digwatch/configuration.h index 11f99e8a..a4bf48f7 100644 --- a/userspace/digwatch/configuration.h +++ b/userspace/digwatch/configuration.h @@ -95,6 +95,7 @@ class digwatch_configuration void init(std::string conf_filename); void init(); std::string m_rules_filename; + bool m_json_output; std::vector m_outputs; private: yaml_configuration* m_config; diff --git a/userspace/digwatch/digwatch.cpp b/userspace/digwatch/digwatch.cpp index 7320f5f9..b2ac05de 100644 --- a/userspace/digwatch/digwatch.cpp +++ b/userspace/digwatch/digwatch.cpp @@ -200,7 +200,7 @@ int digwatch_init(int argc, char **argv) sinsp* inspector = NULL; digwatch_rules* rules = NULL; int op; - sinsp_evt::param_fmt event_buffer_format = sinsp_evt::PF_NORMAL; + sinsp_evt::param_fmt event_buffer_format; int long_index = 0; string lua_main_filename; string output_name = "stdout"; @@ -259,8 +259,6 @@ int digwatch_init(int argc, char **argv) } - inspector->set_buffer_format(event_buffer_format); - ifstream* conf_stream; if (conf_filename.size()) @@ -359,6 +357,16 @@ int digwatch_init(int argc, char **argv) inspector->set_hostname_and_port_resolution_mode(false); + if (config.m_json_output) + { + event_buffer_format = sinsp_evt::PF_JSON; + } + else + { + event_buffer_format = sinsp_evt::PF_NORMAL; + } + inspector->set_buffer_format(event_buffer_format); + for(std::vector::iterator it = config.m_outputs.begin(); it != config.m_outputs.end(); ++it) { add_output(ls, *it);