github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2026-03-18 18:58:41 +00:00
Code Issues Projects Releases Wiki Activity
5,029 Commits 122 Branches 184 Tags
ekoops-patch-1
Commit Graph

207 Commits

Author SHA1 Message Date
Leonardo Grasso
c830b5a0c2 docs(falco.yaml): enanche consistency and style 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-10-03 15:08:33 +02:00
Leonardo Grasso
63cb5fc1cd docs(falco.yaml): refactor config inline documentation 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-10-03 15:08:33 +02:00
Leonardo Di Giovanna
4d3b685c8b feat: make libs internal auto thread purging intervals configurable 
Make Falco's libs internal auto thread purging interval and timeout
configurable and set their default values to 5 minutes. This helps
controlling the memory impact of process exit events dropping and
events re-ordering.

Signed-off-by: Leonardo Di Giovanna <leonardodigiovanna1@gmail.com>
 2025-09-16 15:42:34 +02:00
Leonardo Grasso
1d3ac2871e docs(falco.yaml): update config index 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-08-12 11:25:43 +02:00
Leonardo Grasso
5ebfa1b05b new: add config options and docs for capture feature 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-08-12 11:25:43 +02:00
Leonardo Grasso
8dee7a075e docs(falco.yaml): avoid out-of-sync config options for container plugin 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-07-24 17:00:41 +02:00
Federico Di Pierro
8d8ba5ba5c new(userspace/falco): add new static_fields config key + update schema. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-06-30 14:25:18 +02:00
Leonardo Grasso
720d3e61f2 chore(falco.yaml): clean up plugins config leftover 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2025-06-13 10:35:16 +02:00
Luca Guerra
ae28be023e cleanup(engine): update docs for rule_files and -r option 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2025-05-12 10:58:22 +02:00
Federico Di Pierro
08a00609a1 new(userspace,unit_tests): port merge-strategy to be a yaml map. 
Merge-strategy for included config files must now be
specified as yaml map of the form:
- path: foo
  strategy: bar

If `strategy` is omitted, or the old `string-only` form is used,
`append` strategy is enforced.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-04-29 16:17:06 +02:00
Federico Di Pierro
630167d9ad new(userspace,unit_tests)!: add a way to specify merge-strategy for config_files. 
By default we now use the `append` merge-strategy:
* existing sequence keys will be appended
* existing scalar keys will be overridden
* non-existing keys will be added

We also have an `override` merge-strategy:
* existing keys will be overridden
* non-existing keys will be added

Finally, there is an `add-only` merge-strategy:
* existing keys will be ignored
* non-existing keys will be added

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-04-29 16:17:06 +02:00
Clément Bénier
186614dff4 fix(userspace/falco): fix outputs_http timeout 
libcurl timeout prevent to send alert through http
keep trying to send the alert

Signed-off-by: Clément Bénier <clement.benier@iot.bzh>
 2025-04-29 11:52:05 +02:00
Luca Guerra
f70b28bfb4 new(falco): add json_include_output_fields_property option 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2025-04-08 16:22:51 +02:00
Federico Di Pierro
258d13a472 fix(build): properly configure a binary_dir falco.yaml. 
It automatically enables container plugin from the binary_dir located one.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-03-25 11:08:22 +01:00
Federico Di Pierro
0cc18d7617 chore(falco.yaml): improve statement clarity 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>

Co-authored-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2025-03-17 13:20:09 +01:00
Federico Di Pierro
8843a9ec2b chore(userspace/falco,falco.yaml): enable libs_logger with info severity by default. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-03-17 13:20:09 +01:00
Federico Di Pierro
7db05e5828 cleanup(falco.yaml): drop verbosity from container plugin init config. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-03-17 13:20:09 +01:00
Federico Di Pierro
bb13702f0f chore(userspace/falco): drop container_engines config key. 
Also, default falco.yaml will only host container plugin configuration but won't enable the plugin.
Instead, a configuration override file will be installed only on linux non-musl deployments, enabled the plugin.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-02-26 13:08:26 +01:00
Federico Di Pierro
66cd160f1d new(cmake,userspace): port Falco to use new container plugin. 
It will be shipped by default hence it is present in default config.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-02-26 13:08:26 +01:00
Federico Di Pierro
4c34457fa3 cleanup(userspace/falco): drop deprecated in 0.40.0 CLI flags. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-02-19 14:24:43 +01:00
Aldo Lacuku
43d3e15398 chore(falco.yaml): remove comments about cri cli arguments 
Signed-off-by: Aldo Lacuku <aldo@lacuku.eu>
 2025-01-21 12:14:59 +01:00
Federico Di Pierro
7339363d1a update: update falco.yaml 
Co-authored-by: Leonardo Grasso <me@leonardograsso.com>
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-01-16 10:33:27 +01:00
Federico Di Pierro
5977f708bd chore: update plugins_hostinfo description with a link to the chart template. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-01-16 10:33:27 +01:00
Federico Di Pierro
9f9199bd69 chore(docs): update plugins_hostinfo config file comment. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2025-01-16 10:33:27 +01:00
Leonardo Grasso
a975e4cbc4 docs(falco.yaml): correct buffered_outputs description 
Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
 2024-12-16 09:33:32 +01:00
Federico Di Pierro
72f4715688 chore(ci): drop jemalloc from ASAN builds. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-12-10 15:11:03 +01:00
Federico Di Pierro
1c71777dbd new(cmake,userspace): expose jemalloc stats in stats writer and prometheus metircs. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-12-10 15:11:03 +01:00
Federico Di Pierro
35d8618373 chore(userspace/falco): add new suggested_output option to append_output configuration. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-12-05 15:34:40 +01:00
Federico Di Pierro
114757d215 new(userspace,cmake): honor new plugins exposed suggested output formats. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-12-05 15:34:40 +01:00
Federico Di Pierro
211eea6abb new(userspace/falco): allow entirely disabling plugin hostinfo support. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-12-05 10:15:39 +01:00
Thomas Labarussias
242f25ae25 fix: update the url for the docs about the concurrent queue classes 
Signed-off-by: Thomas Labarussias <issif+github@gadz.org>
 2024-11-26 18:29:48 +01:00
Luca Guerra
4501b64b9d new(falco): add buffer_format_base64 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-10-10 17:37:18 +02:00
Luca Guerra
3b28450171 new(falco): add base_syscalls.all option to falco.yaml 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-10-10 10:26:16 +02:00
Luca Guerra
ef79648037 new(falco): add falco_libs.snaplen option 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-10-07 11:33:03 +02:00
Luca Guerra
7005983409 update(engine): modify append_output format 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-09-13 15:58:36 +02:00
Melissa Kilby
d3c6a7478e update(falco_metrics): change prometheus rules metric naming 
Co-authored-by: Leonardo Grasso <me@leonardograsso.com>
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-09-13 11:25:36 +02:00
Melissa Kilby
9089262569 update(falco_metrics): add kernel_event_counters_per_cpu_enabled config 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-09-12 15:26:33 +02:00
Luca Guerra
bc7394b8c3 new(falco): add json_include_message_property option 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-09-11 17:52:32 +02:00
Luca Guerra
3c95c0512d new(falco): add append_output explanation to falco.yaml 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-09-09 15:31:24 +02:00
Melissa Kilby
898e060544 chore: update desc in falco.yaml 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-08-27 12:13:26 +02:00
Melissa Kilby
e8afcc55cc update(engine): address reviewers comments wrt container_engines config 
Co-authored-by: Federico Di Pierro <nierro92@gmail.com>
Co-authored-by: Leonardo Grasso <me@leonardograsso.com>
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-08-27 12:13:26 +02:00
Melissa Kilby
f6ffa75d74 new(config): add container_engines config to falco.yaml 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-08-27 12:13:26 +02:00
Federico Di Pierro
5c551df116 new(userspace/falco): validate loaded configuration files against config schema. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-08-26 18:06:25 +02:00
Gianmatteo Palmieri
3e91a27538 new(metrics): enable plugins metrics 
Signed-off-by: Gianmatteo Palmieri <mail@gian.im>
Co-authored-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-06-13 16:32:48 +02:00
Federico Di Pierro
0bf7458f3d chore(falco.yaml): rule -> rules. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-05-20 16:33:11 +02:00
Federico Di Pierro
d553662108 cleanup(falco.yaml): removed useless sentence. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-05-20 16:33:11 +02:00
Federico Di Pierro
a48965a00c chore(userspace,falco.yaml,unit_tests): configs_files -> config_files. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-05-20 16:33:11 +02:00
Federico Di Pierro
1b22c4566a chore(falco.yaml): added config maturity to index. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-05-20 16:33:11 +02:00
Federico Di Pierro
c03ce122e7 chore(docs): added falco.yaml section about config keys maturity. 
Also, rename `Experimental` -> `Incubating` and move `prometheus_metrics_enabled` to `Incubating`.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-05-20 16:33:11 +02:00
Melissa Kilby
b7adcd251d new(metrics): add rules_counters_enabled option 
Intended to replace https://github.com/falcosecurity/falco-exporter
when used with Prometheus output

Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-05-17 14:54:58 +02:00