github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-07-19 00:57:48 +00:00
Code Issues Projects Releases Wiki Activity

update(config): soft deprecation of old stats

Browse Source 
add CHANGE NOTICE wrt syscall_event_drops

Co-authored-by: Leonardo Grasso <me@leonardograsso.com>
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
This commit is contained in:
Melissa Kilby 2024-01-24 16:19:26 +00:00 committed by poiana
parent 3675587aad
commit bb4a643385
2 changed files with 2 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
falco.yaml
View File

@ -61,7 +61,7 @@
# Falco logging / alerting / metrics related to software functioning (advanced)
# output_timeout
# syscall_event_timeouts
# syscall_event_drops [DEPRECATED] -> Use `metrics` instead, `syscall_event_drops` will be removed in Falco 0.38!
# syscall_event_drops -> [CHANGE NOTICE] Automatic notifications will be simplified in Falco 0.38! If you depend on the detailed drop counters payload, use 'metrics.output_rule' along with 'metrics.kernel_event_counters_enabled' instead
# metrics
# Falco performance tuning (advanced)
# syscall_buf_size_preset [DEPRECATED] -> Replaced by `engine.<driver>.buf_size_preset` starting Falco 0.38!
@ -793,7 +793,7 @@ output_timeout: 2000
syscall_event_timeouts:
max_consecutives: 1000
# [Stable] `syscall_event_drops` -> Use `metrics` instead, `syscall_event_drops` will be removed in Falco 0.38!
# [Stable] `syscall_event_drops` -> [CHANGE NOTICE] Automatic notifications will be simplified in Falco 0.38! If you depend on the detailed drop counters payload, use 'metrics.output_rule' along with 'metrics.kernel_event_counters_enabled' instead
#
# Generates "Falco internal: syscall event drop" rule output when `priority=debug` at minimum
#

6
userspace/falco/app/actions/load_config.cpp
View File

@ -41,12 +41,6 @@ static falco::app::run_result apply_deprecated_options(falco::app::state& s)
return run_result::fatal("You can not specify more than one of -e, -g (--gvisor-config), --modern-bpf, --nodriver, and the FALCO_BPF_PROBE env var");
}
if(s.config->m_min_priority == falco_common::PRIORITY_DEBUG)
{
falco_logger::log(falco_logger::level::WARNING,
"DEPRECATION NOTICE: 'syscall_event_drops' config is deprecated and will be removed in Falco 0.38! If you rely on this config, use 'metrics.output_rule' along with 'metrics.kernel_event_counters_enabled' to monitor the number of drops. Note that the 'syscall_event_drops' config is enabled by default when the 'priority' is set to 'debug'. You can turn it off by setting the 'priority' to any higher level\n");
}
// Please note: is not possible to mix command line options and configs to obtain a configuration
// we need to use only one method. For example, is not possible to set the gvisor-config through
// the command line and the gvisor-root through the config file. For this reason, if we detect