github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-08-29 19:23:16 +00:00
Code Issues Projects Releases Wiki Activity

feat(cli): adding -u to the usage text

Browse Source 
Signed-off-by: Kris Nova <kris@nivenly.com>
This commit is contained in:
Kris Nova 2020-05-06 13:51:46 -07:00 committed by poiana
parent 1af1226566
commit bc8f9a5692
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
userspace/falco/falco.cpp
View File

@ -158,6 +158,8 @@ static void usage()
" This causes every single line emitted by falco to be flushed,\n" " This causes every single line emitted by falco to be flushed,\n"
" which generates higher CPU usage but is useful when piping those outputs\n" " which generates higher CPU usage but is useful when piping those outputs\n"
" into another process or into a script.\n" " into another process or into a script.\n"
" -u Flip the inspector code to parse from userspace. This can be used in conjunction with\n"
" the ptrace(2) based capture source pdig.\n"
" -V, --validate <rules_file> Read the contents of the specified rules(s) file and exit.\n" " -V, --validate <rules_file> Read the contents of the specified rules(s) file and exit.\n"
" Can be specified multiple times to validate multiple files.\n" " Can be specified multiple times to validate multiple files.\n"
" -v Verbose output.\n" " -v Verbose output.\n"
@ -1100,6 +1102,13 @@ int falco_init(int argc, char **argv)
{ {
if(udig) if(udig)
{ {
// open_udig() is the underlying method used in the capture
// code to parse userspace events from the kernel.
//
// In the case of falco we use ptrace(2) for one
// of these userspace implementations. Regardless
// of the implementation, the underlying method
// remains the same.
inspector->open_udig(); inspector->open_udig();
} }
else else