github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-25 20:30:47 +00:00
Code Issues Projects Releases Wiki Activity

new(engine): add print_enabled_rules_falco_logger when log_level debug

Browse Source 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
This commit is contained in:
Melissa Kilby
2024-05-15 20:01:03 +00:00
committed by poiana
parent 0869abc65e
commit 77341cbd2e
2 changed files with 27 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
userspace/engine/evttype_index_ruleset.cpp
View File

@@ -19,6 +19,8 @@ limitations under the License.
#include "falco_utils.h" #include "falco_utils.h"
#include "../falco/logger.h"
#include <algorithm> #include <algorithm>
evttype_index_ruleset::evttype_index_ruleset( evttype_index_ruleset::evttype_index_ruleset(
@@ -225,7 +227,22 @@ void evttype_index_ruleset::add(
void evttype_index_ruleset::on_loading_complete() void evttype_index_ruleset::on_loading_complete()
{ {
// nothing to do for now print_enabled_rules_falco_logger();
}
void evttype_index_ruleset::print_enabled_rules_falco_logger()
{
falco_logger::log(falco_logger::level::DEBUG, "Enabled rules:\n");
for (const auto& ruleset_ptr : m_rulesets)
{
if (ruleset_ptr)
{
for (const auto& wrap : ruleset_ptr->get_filters())
{
falco_logger::log(falco_logger::level::DEBUG, std::string(" ") + wrap->rule.name + "\n");
}
}
}
} }
void evttype_index_ruleset::clear() void evttype_index_ruleset::clear()

9
userspace/engine/evttype_index_ruleset.h
View File

@@ -52,6 +52,10 @@ public:
void on_loading_complete() override; void on_loading_complete() override;
// Print each enabled rule when running Falco with falco logger
// log_level=debug; invoked within on_loading_complete()
void print_enabled_rules_falco_logger();
void enable( void enable(
const std::string &pattern, const std::string &pattern,
match_type match, match_type match,
@@ -118,6 +122,11 @@ private:
uint64_t num_filters(); uint64_t num_filters();
inline const std::set<std::shared_ptr<filter_wrapper>>& get_filters() const
{
return m_filters;
}
// Evaluate an event against the ruleset and return the first rule // Evaluate an event against the ruleset and return the first rule
// that matched. // that matched.
bool run(sinsp_evt *evt, falco_rule& match); bool run(sinsp_evt *evt, falco_rule& match);