github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-12 13:07:49 +00:00
Code Issues Projects Releases Wiki Activity

update(engine): allow using -p to pass a format to plugin events

Browse Source 
Signed-off-by: Luca Guerra <luca@guerra.sh>
This commit is contained in:
Luca Guerra
2024-06-06 14:49:32 +00:00
committed by poiana
parent 1c31390c56
commit b8e5e2e8dd
2 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
userspace/engine/rule_loader_compiler.cpp
View File

@@ -509,7 +509,12 @@ void rule_loader::compiler::compile_rule_infos(
// build rule output message
rule.output = r.output;
if (r.source == falco_common::syscall_source)
// plugins sources do not have any container info and so we won't apply -pk, -pc, etc.
// on the other hand, when using plugins you might want to append custom output based on the plugin
// TODO: this is not flexible enough (esp. if you mix plugin with syscalls),
// it would be better to add configuration options to control the output.
if (!cfg.replace_output_container_info || r.source == falco_common::syscall_source)
{
apply_output_substitutions(cfg, rule.output);
}