github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-07-16 15:51:55 +00:00
Code Issues Projects Releases Wiki Activity

cleanup(userspace,config): apply reviewers suggestions

Browse Source 
Co-authored-by: Jason Dellaluce <jasondellaluce@gmail.com>
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
This commit is contained in:
Melissa Kilby 2023-05-30 17:04:41 +00:00 committed by poiana
parent b29f6f4b2f
commit efd0c7421e
4 changed files with 38 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
falco.yaml
View File

@ -77,11 +77,12 @@
# configuration, you can run `falco --help` in your terminal. You can also pass # configuration, you can run `falco --help` in your terminal. You can also pass
# configuration options from this config file as command-line arguments by using # configuration options from this config file as command-line arguments by using
# the `-o` flag followed by the option name and value. In the following example, # the `-o` flag followed by the option name and value. In the following example,
# three config options (`json_output`, `log_level`, and `log_stderr`) are passed as # three config options (`json_output`, `log_level`, and
# command-line arguments with their corresponding values: # `modern_bpf.cpus_for_each_syscall_buffer`) are passed as command-line
# `falco -o "json_output=true" -o "log_level=debug" -o "log_stderr=true"`. Please # arguments with their corresponding values: falco -o "json_output=true"
# note that command-line arguments take precedence over the options specified in # -o "log_level=debug" -o "modern_bpf.cpus_for_each_syscall_buffer=4"
# this config file. # Please note that command-line arguments take precedence over the options
# specified in this config file.
############################### ###############################
@ -596,7 +597,8 @@ syscall_event_drops:
# [Experimental] `metrics` # [Experimental] `metrics`
# #
# Generates "Falco internal: metrics snapshot" rule output when `priority=info` at minimum # Generates "Falco internal: metrics snapshot" rule output when `priority=info`
# at minimum
# #
# periodic metric snapshots (including stats and resource utilization) captured # periodic metric snapshots (including stats and resource utilization) captured
# at regular intervals # at regular intervals
@ -642,15 +644,25 @@ syscall_event_drops:
# https://prometheus.io/docs/prometheus/latest/querying/basics/#time-durations # https://prometheus.io/docs/prometheus/latest/querying/basics/#time-durations
# #
# Time durations are specified as a number, followed immediately by one of the # Time durations are specified as a number, followed immediately by one of the
# following units: ms - milliseconds s - seconds m - minutes h - hours d - days # following units:
# - assuming a day has always 24h w - weeks - assuming a week has always 7d y - # ms - millisecond
# years - assuming a year has always 365d # s - second
# m - minute
# h - hour
# d - day - assuming a day has always 24h
# w - week - assuming a week has always 7d
# y - year - assuming a year has always 365d
# #
# Example of a valid time duration: 1h30m20s10ms # Example of a valid time duration: 1h30m20s10ms
# #
# A minimum interval of 100ms is enforced for metric collection. However, for # A minimum interval of 100ms is enforced for metric collection. However, for
# production environments, we recommend selecting one of the following intervals # production environments, we recommend selecting one of the following intervals
# for optimal monitoring: 15m 30m 1h 4h 6h # for optimal monitoring:
# 15m
# 30m
# 1h
# 4h
# 6h
# #
# `output_rule`: To enable seamless metrics and performance monitoring, we # `output_rule`: To enable seamless metrics and performance monitoring, we
# recommend emitting metrics as the rule "Falco internal: metrics snapshot". # recommend emitting metrics as the rule "Falco internal: metrics snapshot".
@ -688,14 +700,14 @@ syscall_event_drops:
# Additionally, please be aware that the current implementation of `libbpf` does # Additionally, please be aware that the current implementation of `libbpf` does
# not support granularity of statistics at the bpf tail call level. # not support granularity of statistics at the bpf tail call level.
# #
# `send_numeric_zero_values`: When the option is set to true, fields with a numeric # `include_empty_values`: When the option is set to true, fields with an empty
# value of zero will be included in the output. However, this rule does not apply to # numeric value will be included in the output. However, this rule does not
# high-level fields such as `n_evts` or `n_drops`; they will always be included in the # apply to high-level fields such as `n_evts` or `n_drops`; they will always be
# output even if their value is zero. This option can be beneficial for exploring # included in the output even if their value is empty. This option can be
# the data schema and ensuring that fields with zero values are included in the output. # beneficial for exploring the data schema and ensuring that fields with empty
# values are included in the output.
# #
# todo: prometheus export option # todo: prometheus export option todo: syscall_counters_enabled option
# todo: syscall_counters_enabled option
metrics: metrics:
enabled: false enabled: false
interval: 1h interval: 1h
@ -705,7 +717,7 @@ metrics:
kernel_event_counters_enabled: true kernel_event_counters_enabled: true
libbpf_stats_enabled: true libbpf_stats_enabled: true
convert_memory_to_mb: true convert_memory_to_mb: true
send_numeric_zero_values: false include_empty_values: false
####################################### #######################################

4
userspace/falco/configuration.cpp
View File

@ -69,7 +69,7 @@ falco_configuration::falco_configuration():
m_metrics_kernel_event_counters_enabled(true), m_metrics_kernel_event_counters_enabled(true),
m_metrics_libbpf_stats_enabled(true), m_metrics_libbpf_stats_enabled(true),
m_metrics_convert_memory_to_mb(true), m_metrics_convert_memory_to_mb(true),
m_metrics_send_numeric_zero_values(false) m_metrics_include_empty_values(false)
{ {
init({}); init({});
} }
@ -357,7 +357,7 @@ void falco_configuration::load_yaml(const std::string& config_name, const yaml_h
m_metrics_kernel_event_counters_enabled = config.get_scalar<bool>("metrics.kernel_event_counters_enabled", true); m_metrics_kernel_event_counters_enabled = config.get_scalar<bool>("metrics.kernel_event_counters_enabled", true);
m_metrics_libbpf_stats_enabled = config.get_scalar<bool>("metrics.libbpf_stats_enabled", true); m_metrics_libbpf_stats_enabled = config.get_scalar<bool>("metrics.libbpf_stats_enabled", true);
m_metrics_convert_memory_to_mb = config.get_scalar<bool>("metrics.convert_memory_to_mb", true); m_metrics_convert_memory_to_mb = config.get_scalar<bool>("metrics.convert_memory_to_mb", true);
m_metrics_send_numeric_zero_values = config.get_scalar<bool>("metrics.send_numeric_zero_values", false); m_metrics_include_empty_values = config.get_scalar<bool>("metrics.include_empty_values", false);
std::vector<std::string> load_plugins; std::vector<std::string> load_plugins;

2
userspace/falco/configuration.h
View File

@ -122,7 +122,7 @@ public:
bool m_metrics_kernel_event_counters_enabled; bool m_metrics_kernel_event_counters_enabled;
bool m_metrics_libbpf_stats_enabled; bool m_metrics_libbpf_stats_enabled;
bool m_metrics_convert_memory_to_mb; bool m_metrics_convert_memory_to_mb;
bool m_metrics_send_numeric_zero_values; bool m_metrics_include_empty_values;
std::vector<plugin_config> m_plugins; std::vector<plugin_config> m_plugins;

10
userspace/falco/stats_writer.cpp
View File

@ -254,7 +254,7 @@ void stats_writer::collector::get_metrics_output_fields_additional(
switch(utilization[stat].type) switch(utilization[stat].type)
{ {
case STATS_VALUE_TYPE_U64: case STATS_VALUE_TYPE_U64:
if (utilization[stat].value.u64 == 0 && !m_writer->m_config->m_metrics_send_numeric_zero_values) if (utilization[stat].value.u64 == 0 && !m_writer->m_config->m_metrics_include_empty_values)
{ {
break; break;
} }
@ -268,7 +268,7 @@ void stats_writer::collector::get_metrics_output_fields_additional(
} }
break; break;
case STATS_VALUE_TYPE_U32: case STATS_VALUE_TYPE_U32:
if (utilization[stat].value.u32 == 0 && !m_writer->m_config->m_metrics_send_numeric_zero_values) if (utilization[stat].value.u32 == 0 && !m_writer->m_config->m_metrics_include_empty_values)
{ {
break; break;
} }
@ -282,7 +282,7 @@ void stats_writer::collector::get_metrics_output_fields_additional(
} }
break; break;
case STATS_VALUE_TYPE_D: case STATS_VALUE_TYPE_D:
if (utilization[stat].value.d == 0 && !m_writer->m_config->m_metrics_send_numeric_zero_values) if (utilization[stat].value.d == 0 && !m_writer->m_config->m_metrics_include_empty_values)
{ {
break; break;
} }
@ -316,7 +316,7 @@ void stats_writer::collector::get_metrics_output_fields_additional(
const scap_stats_v2* stats_v2 = inspector->get_capture_stats_v2(flags, &nstats, &rc); const scap_stats_v2* stats_v2 = inspector->get_capture_stats_v2(flags, &nstats, &rc);
if (stats_v2 && nstats > 0 && rc == 0) if (stats_v2 && nstats > 0 && rc == 0)
{ {
/* Cache n_evts and n_drops to derice n_drops_perc. */ /* Cache n_evts and n_drops to derive n_drops_perc. */
uint64_t n_evts = 0; uint64_t n_evts = 0;
uint64_t n_drops = 0; uint64_t n_drops = 0;
for(uint32_t stat = 0; stat < nstats; stat++) for(uint32_t stat = 0; stat < nstats; stat++)
@ -370,7 +370,7 @@ void stats_writer::collector::get_metrics_output_fields_additional(
} }
m_last_n_drops = n_drops; m_last_n_drops = n_drops;
} }
if (stats_v2[stat].value.u64 == 0 && !m_writer->m_config->m_metrics_send_numeric_zero_values) if (stats_v2[stat].value.u64 == 0 && !m_writer->m_config->m_metrics_include_empty_values)
{ {
break; break;
} }