github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-07-12 14:08:27 +00:00
Code Issues Projects Releases Wiki Activity

update(userspace/falco): handle the new rule matching configuration key

Browse Source 
Added a set method for the rule matching strategy on the engine.
This allows to modify the stategy at runtime withotu the need to
rebuild an engine from scratch.

Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>
This commit is contained in:
Lorenzo Susini 2023-08-02 13:18:50 +00:00 committed by poiana
parent c6abf6a133
commit 46e8f2c14b
3 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
userspace/falco/app/actions/init_falco_engine.cpp
View File

@ -120,6 +120,7 @@ falco::app::run_result falco::app::actions::init_falco_engine(falco::app::state&
configure_output_format(s);
s.engine->set_min_priority(s.config->m_min_priority);
s.engine->set_rule_matching(s.config->m_rule_matching);
return run_result::ok();
}

6
userspace/falco/configuration.cpp
View File

@ -244,6 +244,12 @@ void falco_configuration::load_yaml(const std::string& config_name, const yaml_h
m_notifications_rate = config.get_scalar<uint32_t>("outputs.rate", 0);
m_notifications_max_burst = config.get_scalar<uint32_t>("outputs.max_burst", 1000);
std::string rule_matching = config.get_scalar<std::string>("rule_matching", "first");
if (!falco_common::parse_rule_matching(rule_matching, m_rule_matching))
{
throw std::logic_error("Unknown rule matching strategy \"" + rule_matching + "\"--must be one of first, all");
}
std::string priority = config.get_scalar<std::string>("priority", "debug");
if (!falco_common::parse_priority(priority, m_min_priority))
{

2
userspace/falco/configuration.h
View File

@ -58,6 +58,7 @@ public:
std::list<std::string> m_loaded_rules_filenames;
// List of loaded rule folders
std::list<std::string> m_loaded_rules_folders;
bool m_json_output;
bool m_json_include_output_property;
bool m_json_include_tags_property;
@ -67,6 +68,7 @@ public:
uint32_t m_notifications_max_burst;
falco_common::priority_type m_min_priority;
falco_common::rule_matching m_rule_matching;
bool m_watch_config_files;
bool m_buffered_outputs;