github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2026-04-02 18:12:15 +00:00
Code Issues Projects Releases Wiki Activity
4,563 Commits 127 Branches 184 Tags
576f3164d8007ea4e7ea775b9d5971117ade8bcd
Commit Graph

1515 Commits

Author SHA1 Message Date
Jason Dellaluce
d7cbf9c7c9 refactor(userspace): move falco logger under falco engine 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2024-05-28 15:33:47 +02:00
Federico Di Pierro
a48965a00c chore(userspace,falco.yaml,unit_tests): configs_files -> config_files. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-05-20 16:33:11 +02:00
Melissa Kilby
0668c54485 cleanup(metrics): use sha26_rules (plural form) as naming 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-05-20 10:25:10 +02:00
Melissa Kilby
27bab30017 cleanup(metrics): add original rule name as label 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-05-20 10:25:10 +02:00
Melissa Kilby
c15a309781 clenaup: add sanitize_metric_name helper 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-05-17 14:54:58 +02:00
Melissa Kilby
e9afe24e17 cleanup(metrics): simplify some logic 
Co-authored-by: Samuel Gaist <samuel.gaist@idiap.ch>
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-05-17 14:54:58 +02:00
Melissa Kilby
aa021537d9 cleanup(metrics): improve comments 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-05-17 14:54:58 +02:00
Melissa Kilby
0195dba889 cleanup: add getter functions to stats_manager 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-05-17 14:54:58 +02:00
Melissa Kilby
b7adcd251d new(metrics): add rules_counters_enabled option 
Intended to replace https://github.com/falcosecurity/falco-exporter
when used with Prometheus output

Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-05-17 14:54:58 +02:00
Jason Dellaluce
e211e97e2a fix(userspace/engine): make sure exception fields are not optional in replace mode 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2024-05-17 14:38:57 +02:00
Melissa Kilby
6057c1553e cleanup(engine): print total number of enabled rules 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-05-16 10:29:53 +02:00
Melissa Kilby
77341cbd2e new(engine): add print_enabled_rules_falco_logger when log_level debug 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-05-16 10:29:53 +02:00
Luca Guerra
eb3ee5d2b2 update(falco): add deprecation warning messages 
Signed-off-by: Luca Guerra <luca@guerra.sh>
Co-authored-by: Federico Di Pierro <nierro92@gmail.com>
Co-authored-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-05-15 10:33:50 +02:00
Luca Guerra
f9a56d9c9d update(falco): add deprecation notice for -T, -t and -D 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-05-15 10:33:50 +02:00
Luca Guerra
abf82f6373 update(config): split init_from_content from init_from_file 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-05-14 12:47:46 +02:00
Luca Guerra
35bd348e21 new(falco): implement rule selection configuration in falco.yaml 
Signed-off-by: Luca Guerra <luca@guerra.sh>
 2024-05-14 12:47:46 +02:00
Melissa Kilby
60e6798f9b cleanup(metrics): use map for config and rules filenames sha256 tracking 
Co-authored-by: Federico Di Pierro <nierro92@gmail.com>
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-05-14 10:08:51 +02:00
Melissa Kilby
91b58c43f1 chore: fix non linux build metrics 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-05-14 10:08:51 +02:00
Melissa Kilby
67a5015be7 cleanup(metrics): use filesystem lib to derive file names + build fix 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-05-14 10:08:51 +02:00
Melissa Kilby
34ecd39113 new(metrics): add file sha256sum metrics for loaded config and rules files 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-05-14 10:08:51 +02:00
Melissa Kilby
2b80cf85ac new(utils): add new helper to calculate file sha256sum 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
 2024-05-14 10:08:51 +02:00
Federico Di Pierro
dd9163c6f4 fix(userspace/falco): fix state inizialization. 
This fixes an ugly segfault happening during hot reload.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-05-09 10:43:58 +02:00
Jason Dellaluce
b2e4cddcdf fix(userspace/falco): inizialize options variables 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2024-05-08 20:23:55 +02:00
Jason Dellaluce
f18ea1e8b7 update(userspace/engine): support tranformers in exception fields 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2024-05-08 20:23:55 +02:00
Jason Dellaluce
fa8e780b07 update(userspace/engine): propagate compiler warnings 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2024-05-08 20:23:55 +02:00
Jason Dellaluce
bc078f1f63 update(userspace/engine): support comparins with right-hand fields 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2024-05-08 20:23:55 +02:00
Jason Dellaluce
ed22e94292 refactor(userspace/libsinsp): support new filter ast structure in falco engine 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
 2024-05-08 20:23:55 +02:00
Federico Aponte
62d1c4fc4d refactor: smart pointer usage 
Signed-off-by: Federico Aponte <federico.aponte@sysdig.com>
 2024-05-06 11:10:44 +02:00
Federico Di Pierro
6954a4028e chore(userspace/engine): bump version and checksum. 
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
 2024-05-03 12:12:02 +02:00
Samuel Gaist
cbfe77d1a0 fix(falco_metrics): remove falco_ prefix for version 
The textual content was fixed but not the metrics name.

Co-authored-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2024-05-03 11:23:02 +02:00
Samuel Gaist
66d1970952 fix(falco_metrics): make duration_sec and outputs_queue_num_drops monotonic 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2024-05-03 11:23:02 +02:00
Samuel Gaist
82c914c11d fix(falco_metrics): make duration_sec a count and not a timestamp 
The output will thus be a total which is what this metrics is.

Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2024-05-03 11:23:02 +02:00
Samuel Gaist
2ae6103ab6 fix(falco_metrics): remove redundant falco in version metrics 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2024-05-03 11:23:02 +02:00
Samuel Gaist
65331c0f20 feat(falco_metrics): add event sources 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2024-05-03 11:23:02 +02:00
Samuel Gaist
1ba35c911a feat(falco_metrics): add duration_sec 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2024-05-03 11:23:02 +02:00
Samuel Gaist
5ef8f1c311 feat(falco_metrics): add outputs_queue_num_drops 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2024-05-03 11:23:02 +02:00
Samuel Gaist
f90dbf9b77 refactor(metrics): use prometheus_metrics_enabled for configuration 
As agreed upon during review, use this name to get started. If more
backends were to be added, the configuration structure will be updated.

Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2024-05-03 11:23:02 +02:00
Samuel Gaist
5c237a07dc refactor(metrics): make to_text get the application state 
As falco may update its state at any time and thus its inspectors objects,
keeping pointers to them may end up in using dangling values.

Therefore, use the state of the application when requesting metrics.

Optimizations such as caching of mostly static values will be done in
a follow up patch.

Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2024-05-03 11:23:02 +02:00
Samuel Gaist
a0c109fcff refactor(falco_metrics): put content type in documented constant 
This will keep things clearer and also allow for easir update in
the future.

Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2024-05-03 11:23:02 +02:00
Samuel Gaist
9cc44c0eb7 doc(falco_metrics): add basic documentation 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2024-05-03 11:23:02 +02:00
Samuel Gaist
de7a70ea54 fix(metrics): correct hostname metrics name and namespace 
Co-authored-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2024-05-03 11:23:02 +02:00
Samuel Gaist
53722a26bf fix(metrics): correct static metrics 
Things to fix:
- type
- name
- unit

Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2024-05-03 11:23:02 +02:00
Samuel Gaist
59c290dc80 fix(metrics): correct metrics namespace 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2024-05-03 11:23:02 +02:00
Samuel Gaist
daf7efde67 refactor(metrics): move metrics handling to its own class 
This will keep the details out of the webserver itself and make
it easier to manage metrics.

Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2024-05-03 11:23:02 +02:00
Samuel Gaist
e50d647dc9 refactor(configuration): move webserver items in own struct 
This makes things easier to pass around like when starting the
web server.

This has the added benefit of simplifying further extension such as
making the metrics endpoint name configurable without adding yet another
parameter to the start function.

Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2024-05-03 11:23:02 +02:00
Samuel Gaist
968a403cba refactor(webserver): move metrics endpoint activation under webserver 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2024-05-03 11:23:02 +02:00
Samuel Gaist
cd073a033a fix(webserver): use falcosecurity as metric namespace 
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2024-05-03 11:23:02 +02:00
Samuel Gaist
4819877b9f fix(webserver): remove extra line return 
The converter already provides properly formatted text.

Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2024-05-03 11:23:02 +02:00
Samuel Gaist
3a251beea7 fix(webserver): correct enabled check 
It was checking twice for prometheus configuration rather than metrics and then prometheus.

Co-authored-by: Federico Di Pierro <nierro92@gmail.com>
Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2024-05-03 11:23:02 +02:00
Samuel Gaist
8f1b2dc909 feat(webserver): implement metrics endpoint 
This endpoint currently returns only prometheus metrics.

Signed-off-by: Samuel Gaist <samuel.gaist@idiap.ch>
 2024-05-03 11:23:02 +02:00