new: add config options and docs for capture feature

Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
2025-09-08 01:59:33 +00:00 · 2025-07-18 13:00:55 +02:00
parent bff2f619df
commit 5ebfa1b05b
3 changed files with 161 additions and 70 deletions
--- a/userspace/engine/rule_json_schema.h
+++ b/userspace/engine/rule_json_schema.h
@@ -74,6 +74,12 @@ const char rule_schema_string[] = LONG_STRING_CONST(
                "priority": {
                    "$ref": "#/definitions/Priority"
                },
+                "capture": {
+                    "type": "boolean"
+                },
+                "capture_duration": {
+                    "type": "integer"
+                },
                "source": {
 	                "type": "string"
                },
--- a/userspace/falco/config_json_schema.h
+++ b/userspace/falco/config_json_schema.h
@@ -1,6 +1,6 @@
 // SPDX-License-Identifier: Apache-2.0
 /*
-Copyright (C) 2024 The Falco Authors.
+Copyright (C) 2025 The Falco Authors.

 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
@@ -311,6 +311,29 @@ const char config_schema_string[] = LONG_STRING_CONST(
                }
            }
        },
+        "Capture": {
+            "type": "object",
+            "additionalProperties": false,
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "path_prefix": {
+                    "type": "string"
+                },
+                "mode": {
+                    "type": "string",
+                    "enum": [
+                      "rules",
+                      "all_rules"
+                    ]
+                },
+                "default_duration": {
+                    "type": "integer"
+                }
+            },
+            "title": "Capture"
+        },
        "BaseSyscalls": {
            "type": "object",
            "additionalProperties": false,