github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2026-04-11 06:23:50 +00:00
Code Issues Projects Releases Wiki Activity
2,964 Commits 129 Branches 185 Tags
1f2e6d46292bd2e5c433c303ee04bd26673edf21
Commit Graph

806 Commits

Author SHA1 Message Date
Henri DF
fdafc7da77 Remove dead macro-checking code 
The `check_macros` function wasn't doing anything, and checking is done as
part of expansion.
 2016-05-06 03:36:59 +00:00
Henri DF
0ec141385d Remove outputs and macros from grammar 
These will no longer need to be parsed with the move to yaml
 2016-05-06 03:36:59 +00:00
Henri DF
480c964075 Remove traces of in-expr expansion 
In-expr expansion has moved to libsinsp (https://github.com/draios/sysdig/pull/565)
 2016-05-06 03:36:59 +00:00
Henri DF
77a3e3b110 Load statically-linked lyaml lib and lua bindings 2016-05-06 03:36:59 +00:00
Henri DF
1703d048c3 Add libyaml (c lib) and lyaml (lua bindings) to build 2016-05-06 03:36:59 +00:00
Henri DF
a9f9454d26 Remove unneeded include dir 2016-05-06 03:36:59 +00:00
Mark Stemm
ba80367116 Remove remaining digwatch references (really). 
Try harder looking for remaining digwatch references, replacing with
falco.
 2016-05-04 15:44:11 -07:00
Mark Stemm
738f555bae Remove remaining Digwatch references. 
Remove remaining Digwatch references I noticed while getting up to
speed.
 2016-05-02 11:32:33 -07:00
Henri DF
bde9631cd4 More falco->digwatch renaming 2016-05-01 23:13:28 +00:00
Henri DF
5052039ee1 More falco->digwatch renaming 2016-05-01 16:09:49 +00:00
Henri DF
e207bc5f3a Drop high-volume events 2016-04-28 20:58:28 +00:00
Henri DF
abe6220651 Renaming 2016-04-28 03:28:19 +00:00
Henri DF
6d72619968 rename digwatch_syslog -> digwatch_logger 2016-04-22 16:01:00 -07:00
Henri DF
4c64295adc Digwatch logging 
Log digwatch messages to syslog and/or stderr
 2016-04-22 15:56:18 -07:00
Henri DF
5413935f15 Small tweak to usage message 2016-04-22 15:33:43 -07:00
Henri DF
fad88ee4b7 Remove signal handling 
Not currently serving any purpose
 2016-04-22 14:59:58 -07:00
Henri DF
45f8096dd3 Add support for json-formatted output 2016-04-21 16:30:51 -07:00
Henri DF
8ad7679f7f Remove priority_level from yaml file 
It is not currently used for anything, will revert when that time comes.
 2016-04-12 21:49:54 -07:00
Henri DF
6e008a2ff5 Improve error message when rules file not found 2016-04-13 03:43:31 +00:00
Henri DF
a529b11e0d Clean up usage message and choice of flags 2016-04-13 03:43:31 +00:00
Henri DF
86e2e17c33 Change rules file command-line setting 
Now is optional, and uses -u rather than passed as a positional arg.
 2016-04-13 03:43:31 +00:00
Henri DF
ef93844234 Rename digwatch.conf -> digwatch_rules.conf 2016-04-13 03:43:30 +00:00
Henri DF
357276b787 Fix opt def for scap input file 
(was 'R', should be 'r')
 2016-04-12 18:36:24 -07:00
Henri DF
b4bc2d52be rename infile -> scap_filename 2016-04-12 18:34:49 -07:00
Henri DF
d0e489b5c2 Remove unneccessary HAS_FILTERING conditional 2016-04-12 18:29:48 -07:00
Henri DF
89b1a55d9e Add file output 2016-04-13 01:19:27 +00:00
Henri DF
b2698f9d20 Set up outputs listed in configuration object 2016-04-13 01:19:21 +00:00
Henri DF
179e5519ce Small refactoring of output config 
This is a step towards being able to support multiple outputs of
different types (including file outputs which require their own config).
 2016-04-12 23:21:14 +00:00
Henri DF
42de0507fa search for yaml config file 
In order:
1) cmdline opt
2) in-tree path
3) /etc/digwatch.yaml
 2016-04-12 23:14:44 +00:00
Henri DF
73ec593931 Add a configuration::init() that just sets up defaults 
(For when no config file is being used)
 2016-04-12 23:13:18 +00:00
Henri DF
dc099bfb91 Add configuration object and Yaml parser 
These aren't wired up yet.
 2016-04-12 23:13:15 +00:00
Henri DF
af4089dac3 Build and link yaml-cpp lib 2016-04-12 23:13:12 +00:00
Henri DF
b4859015ea Add support for reading .scap files 2016-04-08 16:51:16 -07:00
Henri DF
709568b578 Command-line options simplification 
Remove -N and always turn resolution off. Given the possible performance
impact, there shouldn't even be a way to have it on.
 2016-04-07 15:12:15 -07:00
Henri DF
dcbae750c8 Remove the need for DIGWATCH_LUA_DIR env var 2016-04-06 23:05:41 +00:00
Henri DF
c7d0c7dbd9 Remove unneeded -m <lua_main_filename> param 2016-04-06 23:05:41 +00:00
Henri DF
f7ba825023 Remove dep on nixio by adding simple syslog lua function 2016-04-06 11:44:00 -07:00
Henri DF
77440750e6 Load probe 2016-04-04 18:39:42 -07:00
Henri DF
86e1eeffb2 Statically link in lpeg lua library 2016-04-04 15:07:16 -07:00
Henri DF
39b1f64510 Packaging: Bundle lua files 2016-03-31 21:18:23 -07:00
Henri DF
37d0f7d3e0 Build .deb, .rpm, and .tgz 2016-03-31 18:54:52 -07:00
Henri DF
8ae908fe85 Rework cmake files 
Rather than do include_directory() on the whole sysdig repo, just do it
for driver, libscap, and libsinp.

This is a step on the way to building a digwatch package.
 2016-03-31 18:39:49 -07:00
Henri DF
c9806407e8 Priority level internal handling 
Handle internally as ints, then translate as appropriate in outputs
 2016-03-30 14:38:18 -07:00
Henri DF
d6dee28bbe Output simplification 
The Output is now chosen globally (for all rules), on the command line.
 2016-03-30 14:27:19 -07:00
Henri DF
f44bd06f1d Remove unused/unimplemented options 2016-03-30 13:20:31 -07:00
Henri DF
5f0123317a Remove function outputs from grammar 2016-03-30 13:00:51 -07:00
Henri DF
6158168a97 Grammar support for priorities 2016-03-29 21:35:07 -07:00
Henri DF
38957d3b14 Add timestamp in function outputs 2016-03-29 19:54:15 -07:00
Henri DF
97d7b125ba Implicit time in output formats 
As pointed out by Loris, timestamping output messages should be a
responsibility of the output/collection system.

So as a first step towards this, add timestamps automatically for output
formats, and remove them from rules.
 2016-03-29 19:47:57 -07:00
Henri DF
aea9b0054b Minor error handling improvements 2016-03-29 19:31:34 -07:00