diff --git a/userspace/engine/formats.cpp b/userspace/engine/formats.cpp index ae7571e7..9527c990 100644 --- a/userspace/engine/formats.cpp +++ b/userspace/engine/formats.cpp @@ -20,7 +20,6 @@ limitations under the License. #include #include "formats.h" -#include "logger.h" #include "falco_engine.h" @@ -266,31 +265,46 @@ int falco_formats::format_event (lua_State *ls) return 1; } +#include int falco_formats::resolve_tokens(lua_State *ls) { - if (!lua_isuserdata(ls, 1) || - !lua_isstring(ls, 2)) { - lua_pushstring(ls, "Invalid arguments passed to resolve_tokens()"); - lua_error(ls); - } - gen_event* evt = (gen_event*) lua_topointer(ls, 1); - const char *format = (char *) lua_tostring(ls, 2); + // if(!lua_isstring(ls, -1) || + // !lua_isstring(ls, -2) || + // !lua_islightuserdata(ls, -3)) + // { + // lua_pushstring(ls, "Invalid arguments passed to resolve_tokens()"); + // lua_error(ls); + // } + gen_event *evt = (gen_event *)lua_topointer(ls, 1); + string source = luaL_checkstring(ls, 2); + const char *format = (char *)lua_tostring(ls, 3); string sformat = format; - map values; - - s_formatters->resolve_tokens((sinsp_evt *)evt, sformat, values); + map values; + if(source == "syscall") + { + s_formatters->resolve_tokens((sinsp_evt *)evt, sformat, values); + } + // k8s_audit + else + { + json_event_formatter json_formatter(s_engine->json_factory(), sformat); + values = json_formatter.tomap((json_event*) evt); + } lua_newtable(ls); int top = lua_gettop(ls); - for (std::map::iterator it = values.begin(); it != values.end(); ++it) { - const char* key = it->first.c_str(); - const char* value = it->second.c_str(); + for(map::iterator it = values.begin(); it != values.end(); ++it) + { + std::cout << it->first << ":"<< it->second << ", "; + const char *key = it->first.c_str(); + const char *value = it->second.c_str(); lua_pushlstring(ls, key, it->first.size()); lua_pushlstring(ls, value, it->second.size()); lua_settable(ls, top); } + std::cout << std::endl; return 1; } diff --git a/userspace/falco/falco_outputs.cpp b/userspace/falco/falco_outputs.cpp index 610893b3..2728d7b7 100644 --- a/userspace/falco/falco_outputs.cpp +++ b/userspace/falco/falco_outputs.cpp @@ -306,16 +306,16 @@ int falco_outputs::handle_http(lua_State *ls) int falco_outputs::handle_grpc(lua_State *ls) { // check parameters - if(!lua_isuserdata(ls, 1) || - !lua_isstring(ls, 2) || - !lua_isstring(ls, 3) || - !lua_isstring(ls, 4) || - !lua_isstring(ls, 5) || - !lua_istable(ls, 6)) - { - lua_pushstring(ls, "Invalid arguments passed to handle_grpc()"); - lua_error(ls); - } + // if(!lua_isuserdata(ls, 1) || + // !lua_isstring(ls, 2) || + // !lua_isstring(ls, 3) || + // !lua_isstring(ls, 4) || + // !lua_isstring(ls, 5) || + // !lua_istable(ls, 6)) + // { + // lua_pushstring(ls, "Invalid arguments passed to handle_grpc()"); + // lua_error(ls); + // } response grpc_res = response(); diff --git a/userspace/falco/lua/output.lua b/userspace/falco/lua/output.lua index 751eaee3..cfa284c8 100644 --- a/userspace/falco/lua/output.lua +++ b/userspace/falco/lua/output.lua @@ -170,7 +170,7 @@ function mod.http_reopen() end function mod.grpc(event, rule, source, priority, priority_num, msg, format, options) - fields = formats.resolve_tokens(event, format) + fields = formats.resolve_tokens(event, source, format) c_outputs.handle_grpc(event, rule, source, priority, msg, fields, options) end @@ -178,6 +178,7 @@ function mod.grpc_message(priority, priority_num, msg, options) -- todo end + function mod.grpc_cleanup() end @@ -215,6 +216,16 @@ function output_event(event, rule, source, priority, priority_num, format) msg = formats.format_event(event, rule, source, priority, format) + print("---") + print(event) + print(rule) + print(source) + print(priority) + print(priority_num) + print(msg) + print(format) + print("---") + for index, o in ipairs(outputs) do o.output(event, rule, source, priority, priority_num, msg, format, o.options) end