github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-07-06 19:29:09 +00:00
Code Issues Projects Releases Wiki Activity

update(userspace/falco): new defaults for -p presets

Browse Source 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
This commit is contained in:
Leonardo Grasso 2023-08-22 18:13:20 +02:00 committed by poiana
parent f10d0499d2
commit 8fbf49bbba
1 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
userspace/falco/app/actions/init_falco_engine.cpp
View File

@ -22,27 +22,32 @@ using namespace falco::app::actions;
void configure_output_format(falco::app::state& s) void configure_output_format(falco::app::state& s)
{ {
// See https://falco.org/docs/rules/style-guide/
const std::string container_info = "container_id=%container.id container_image=%container.image.repository container_image_tag=%container.image.tag container_name=%container.name";
const std::string k8s_info = "k8s_ns=%k8s.ns.name k8s_pod_name=%k8s.pod.name";
const std::string gvisor_info = "vpid=%proc.vpid vtid=%thread.vtid";
std::string output_format; std::string output_format;
bool replace_container_info = false; bool replace_container_info = false;
if(s.options.print_additional == "c" || s.options.print_additional == "container") if(s.options.print_additional == "c" || s.options.print_additional == "container")
{ {
output_format = "container=%container.name (id=%container.id)"; output_format = container_info;
replace_container_info = true; replace_container_info = true;
} }
else if(s.options.print_additional == "cg" || s.options.print_additional == "container-gvisor") else if(s.options.print_additional == "cg" || s.options.print_additional == "container-gvisor")
{ {
output_format = "container=%container.name (id=%container.id) vpid=%proc.vpid vtid=%thread.vtid"; output_format = gvisor_info + " " + container_info;
replace_container_info = true; replace_container_info = true;
} }
else if(s.options.print_additional == "k" || s.options.print_additional == "kubernetes") else if(s.options.print_additional == "k" || s.options.print_additional == "kubernetes")
{ {
output_format = "k8s.ns=%k8s.ns.name k8s.pod=%k8s.pod.name container=%container.id"; output_format = container_info + " " + k8s_info;
replace_container_info = true; replace_container_info = true;
} }
else if(s.options.print_additional == "kg" || s.options.print_additional == "kubernetes-gvisor") else if(s.options.print_additional == "kg" || s.options.print_additional == "kubernetes-gvisor")
{ {
output_format = "k8s.ns=%k8s.ns.name k8s.pod=%k8s.pod.name container=%container.id vpid=%proc.vpid vtid=%thread.vtid"; output_format = gvisor_info + " " + container_info + " " + k8s_info;
replace_container_info = true; replace_container_info = true;
} }
else if(!s.options.print_additional.empty()) else if(!s.options.print_additional.empty())