github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-01 06:37:22 +00:00
Code Issues Projects Releases Wiki Activity

Add discarded syscalls to README

Browse Source
This commit is contained in:
Henri DF
2016-05-01 09:14:43 -07:00
parent 244ebad1da
commit c702713107
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@@ -43,7 +43,10 @@ where `macro_name` is a string, and `macro_definition` is any valid Falco condit
#### Ignored system calls
For performance reasons, some system calls are currently discarded before Falco processing. The current list is:
`clock_getres,clock_gettime,clock_nanosleep,clock_settime,close,epoll_create,epoll_create1,epoll_ctl,epoll_pwait,epoll_wait,eventfd,fcntl,fcntl64,fstat,fstat64,getitimer,gettimeofday,nanosleep,poll,ppoll,pread64,preadv,pselect6,pwrite64,pwritev,read,readv,recv,recvfrom,recvmmsg,recvmsg,select,send,sendfile,sendfile64,sendmmsg,sendmsg,sendto,setitimer,settimeofday,shutdown,socket,splice,switch,tee,timer_create,timer_delete,timerfd_create,timerfd_gettime,timerfd_settime,timer_getoverrun,timer_gettime,timer_settime,wait4,write,writev,`
@@ -51,6 +54,7 @@ where `macro_name` is a string, and `macro_definition` is any valid Falco condit
### Configuration file
Falco is configured via a yaml file. The sample config `falco.yaml` in this repo has comments describing the various options.
## Running Falco
Falco is intended to be run as a service. But for experimentation and designing/testing rulesets, you will likely want to run it manually from the command-line.