cleanup(app_actions): adjust ignored events

Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>

userspace/falco/app/actions/print_ignored_events.cpp

@@ -16,44 +16,26 @@ limitations under the License.
 
 #include "actions.h"
 #include "helpers.h"
+#include "falco_utils.h"
 
 using namespace falco::app;
 using namespace falco::app::actions;
+using namespace falco::utils;
+
 
-/// TODO: probably in the next future would be more meaningful to print the ignored syscalls rather than
-/// the ignored events, or maybe change the name of the events since right now they are almost the same of
-/// the syscalls.
 falco::app::run_result falco::app::actions::print_ignored_events(falco::app::state& s)
 {
-	/* If the option is true we print the events ignored with Falco `-A`, otherwise
+
-	 * we return immediately.
-	 */
 	if(!s.options.print_ignored_events)
 	{
 		return run_result::ok();
 	}
 
-	/* Search for all the ignored syscalls. */
-	std::unordered_set<uint32_t> all_events;
-	for (uint32_t j = 0; j < PPM_EVENT_MAX; j++)
-	{
-		if (!sinsp::is_old_version_event(j)
-				&& !sinsp::is_unused_event(j)
-				&& !sinsp::is_unknown_event(j))
-		{
-			all_events.insert(j);
-		}
-	}
-
 	std::unique_ptr<sinsp> inspector(new sinsp());
-	auto ignored_event_names = inspector->get_events_names(all_events);
+	std::unordered_set<uint32_t> io_ppm_sc_set = enforce_io_ppm_sc_set();
-	for (const auto &n : inspector->get_events_names(s.ppm_event_info_of_interest))
-	{
-		ignored_event_names.erase(n);
-	}
 
-	std::cout << "Ignored Event(s):" << std::endl;
+	std::cout << "Ignored I/O syscall(s):" << std::endl;
-	for(const auto& it : ignored_event_names)
+	for(const auto& it : inspector->get_syscalls_names(io_ppm_sc_set))
 	{
 		std::cout << "- " << it.c_str() << std::endl;
 	}