Document general configuration

2025-08-22 16:16:11 +00:00 · 2016-05-10 13:27:05 -07:00 · 2016-05-10 13:27:05 -07:00 · 4e525e3114
commit 4e525e3114
parent 1c3ae275d7
2 changed files with 15 additions and 3 deletions
--- a/README.md
+++ b/README.md
@ -97,7 +97,10 @@ For performance reasons, some system calls are currently discarded before Falco


 ## Configuration
-Falco is configured via a yaml file. The sample config `falco.yaml` in this repo has comments describing the various options.
+
+General configuration is done via a separate yaml file. The
+[config file](falco.yaml) in this repo has comments describing the various
+configuration options.


 ## Installation
--- a/falco.yaml
+++ b/falco.yaml
@ -1,9 +1,18 @@
-rules_file: /etc/falco_rules.yaml
+# File containing Falco rules, loaded at startup.
+rules_file: /etc/falco_rules.conf
+
+# Whether to output events in json or text
 json_output: false

+# Send information logs to stderr and/or syslog Note these are *not* security
+# notification logs! These are just Falco lifecycle (and possibly error) logs.
 log_stderr: false
 log_syslog: true

+
+# Where security notifications should go.
+# Multiple outputs can be enabled.
+
 syslog_output:
  enabled: true