From 4d3fc354fa75724b87d20e8ecbda8e6d1750abcd Mon Sep 17 00:00:00 2001
From: Federico Di Pierro <nierro92@gmail.com>
Date: Mon, 24 Jan 2022 15:55:43 +0100
Subject: [PATCH] update(userspace/engine): updated no evt.type specified lua
 warning string.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
---
 userspace/engine/lua/rule_loader.lua | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/userspace/engine/lua/rule_loader.lua b/userspace/engine/lua/rule_loader.lua
index 2fa25e9a..041fe8f1 100644
--- a/userspace/engine/lua/rule_loader.lua
+++ b/userspace/engine/lua/rule_loader.lua
@@ -1059,11 +1059,9 @@ function load_rules(rules_content,
 
 	 else
 	    num_evttypes = falco_rules.add_filter(rules_mgr, lua_parser, v['rule'], v['source'], v['tags'])
-	    if num_evttypes == 0 or num_evttypes > 100 then
+	    if v['source'] == "syscall" and (num_evttypes == 0 or num_evttypes > 100) then
 	       if warn_evttypes == true then
-		  msg = "Rule "..v['rule']..": warning (no-evttype):\n"
-		  msg = msg.."         did not contain any evt.type restriction, meaning it will run for all event types.\n"
-		  msg = msg.."         This has a significant performance penalty. Consider adding an evt.type restriction if possible.\n"
+		  msg = "Rule "..v['rule']..": warning (no-evttype):\n".."         matches too many evt.type values.\n".."         This has a significant performance penalty.\n"
 		  warnings[#warnings + 1] = msg
 	       end
 	    end