github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-25 12:19:56 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #480 from lorenzo-david/lorenzod-k8s-audit-dev

Browse Source 
Implementing required gen_event virtual methods
This commit is contained in:
lorenzo-david
2019-01-28 15:59:33 -08:00
committed by GitHub
parent 074a906af3 3bd0081753
commit a78212cc62
1 changed files with 13 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
userspace/engine/json_evt.h
View File

@@ -42,6 +42,17 @@ public:
uint64_t get_ts();
inline uint16_t get_source()
{
return ESRC_K8S_AUDIT;
}
inline uint16_t get_type()
{
// All k8s audit events have the single tag "1". - see falco_engine::process_k8s_audit_event
return 1;
}
protected:
nlohmann::json m_jevt;
@@ -275,10 +286,11 @@ public:
std::string tostring(json_event *ev);
std::string tojson(json_event *ev);
void resolve_tokens(json_event *ev, std::list<std::pair<std::string,std::string>> &resolved);
private:
void parse_format();
void resolve_tokens(json_event *ev, std::list<std::pair<std::string,std::string>> &resolved);
// A format token is either a combination of a filtercheck
// name (ka.value) and filtercheck object as key, or an empty