github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-10-21 11:29:26 +00:00
Code Issues Projects Releases Wiki Activity
178 Commits 123 Branches 176 Tags
8b5fcf866a69a17d1e93ebd54b86348eaa739a35
Commit Graph

94 Commits

Author SHA1 Message Date
Henri DF
6d72619968 rename digwatch_syslog -> digwatch_logger 2016-04-22 16:01:00 -07:00
Henri DF
4c64295adc Digwatch logging 
Log digwatch messages to syslog and/or stderr
 2016-04-22 15:56:18 -07:00
Henri DF
5413935f15 Small tweak to usage message 2016-04-22 15:33:43 -07:00
Henri DF
fad88ee4b7 Remove signal handling 
Not currently serving any purpose
 2016-04-22 14:59:58 -07:00
Henri DF
45f8096dd3 Add support for json-formatted output 2016-04-21 16:30:51 -07:00
Henri DF
8ad7679f7f Remove priority_level from yaml file 
It is not currently used for anything, will revert when that time comes.
 2016-04-12 21:49:54 -07:00
Henri DF
6e008a2ff5 Improve error message when rules file not found 2016-04-13 03:43:31 +00:00
Henri DF
a529b11e0d Clean up usage message and choice of flags 2016-04-13 03:43:31 +00:00
Henri DF
86e2e17c33 Change rules file command-line setting 
Now is optional, and uses -u rather than passed as a positional arg.
 2016-04-13 03:43:31 +00:00
Henri DF
ef93844234 Rename digwatch.conf -> digwatch_rules.conf 2016-04-13 03:43:30 +00:00
Henri DF
357276b787 Fix opt def for scap input file 
(was 'R', should be 'r')
 2016-04-12 18:36:24 -07:00
Henri DF
b4bc2d52be rename infile -> scap_filename 2016-04-12 18:34:49 -07:00
Henri DF
d0e489b5c2 Remove unneccessary HAS_FILTERING conditional 2016-04-12 18:29:48 -07:00
Henri DF
89b1a55d9e Add file output 2016-04-13 01:19:27 +00:00
Henri DF
b2698f9d20 Set up outputs listed in configuration object 2016-04-13 01:19:21 +00:00
Henri DF
179e5519ce Small refactoring of output config 
This is a step towards being able to support multiple outputs of
different types (including file outputs which require their own config).
 2016-04-12 23:21:14 +00:00
Henri DF
42de0507fa search for yaml config file 
In order:
1) cmdline opt
2) in-tree path
3) /etc/digwatch.yaml
 2016-04-12 23:14:44 +00:00
Henri DF
73ec593931 Add a configuration::init() that just sets up defaults 
(For when no config file is being used)
 2016-04-12 23:13:18 +00:00
Henri DF
dc099bfb91 Add configuration object and Yaml parser 
These aren't wired up yet.
 2016-04-12 23:13:15 +00:00
Henri DF
af4089dac3 Build and link yaml-cpp lib 2016-04-12 23:13:12 +00:00
Henri DF
b4859015ea Add support for reading .scap files 2016-04-08 16:51:16 -07:00
Henri DF
709568b578 Command-line options simplification 
Remove -N and always turn resolution off. Given the possible performance
impact, there shouldn't even be a way to have it on.
 2016-04-07 15:12:15 -07:00
Henri DF
dcbae750c8 Remove the need for DIGWATCH_LUA_DIR env var 2016-04-06 23:05:41 +00:00
Henri DF
c7d0c7dbd9 Remove unneeded -m <lua_main_filename> param 2016-04-06 23:05:41 +00:00
Henri DF
f7ba825023 Remove dep on nixio by adding simple syslog lua function 2016-04-06 11:44:00 -07:00
Henri DF
77440750e6 Load probe 2016-04-04 18:39:42 -07:00
Henri DF
86e1eeffb2 Statically link in lpeg lua library 2016-04-04 15:07:16 -07:00
Henri DF
39b1f64510 Packaging: Bundle lua files 2016-03-31 21:18:23 -07:00
Henri DF
37d0f7d3e0 Build .deb, .rpm, and .tgz 2016-03-31 18:54:52 -07:00
Henri DF
8ae908fe85 Rework cmake files 
Rather than do include_directory() on the whole sysdig repo, just do it
for driver, libscap, and libsinp.

This is a step on the way to building a digwatch package.
 2016-03-31 18:39:49 -07:00
Henri DF
c9806407e8 Priority level internal handling 
Handle internally as ints, then translate as appropriate in outputs
 2016-03-30 14:38:18 -07:00
Henri DF
d6dee28bbe Output simplification 
The Output is now chosen globally (for all rules), on the command line.
 2016-03-30 14:27:19 -07:00
Henri DF
f44bd06f1d Remove unused/unimplemented options 2016-03-30 13:20:31 -07:00
Henri DF
5f0123317a Remove function outputs from grammar 2016-03-30 13:00:51 -07:00
Henri DF
6158168a97 Grammar support for priorities 2016-03-29 21:35:07 -07:00
Henri DF
38957d3b14 Add timestamp in function outputs 2016-03-29 19:54:15 -07:00
Henri DF
97d7b125ba Implicit time in output formats 
As pointed out by Loris, timestamping output messages should be a
responsibility of the output/collection system.

So as a first step towards this, add timestamps automatically for output
formats, and remove them from rules.
 2016-03-29 19:47:57 -07:00
Henri DF
aea9b0054b Minor error handling improvements 2016-03-29 19:31:34 -07:00
Henri DF
faf36cd8d7 Use new sysdig support for fast processing of in-exprs 2016-03-24 14:25:48 -07:00
Henri DF
aa31d0a0fb Optimization: don't nest at every boolean op 2016-03-18 13:10:07 -07:00
Henri DF
9043c89a9b Nice formatting when printing ASTs 2016-03-16 13:00:03 -07:00
Henri DF
7104d52466 minor cmakefile cleanup 2016-03-07 17:27:20 -08:00
Henri DF
8c6bb8a236 Set Lua cpath along with path 2016-03-04 17:54:18 -08:00
Henri DF
331042858f Initial version of outputs.lua 2016-03-03 16:13:08 -08:00
Henri DF
5f681b1bd8 Signal handlers and clean(er) exit 2016-03-04 00:11:09 +00:00
Henri DF
ea158baa8d Fix error string 2016-03-02 22:24:12 +00:00
Henri DF
33ad92e98b Fix typo-bug in lua code 2016-03-01 22:01:45 -08:00
Henri DF
f0da1c724b formats.cpp: print lua error string (like elsewherE) 2016-03-01 22:01:14 -08:00
Henri DF
8343d23c3f remove debugging print from rules_loader.lua 2016-03-01 20:10:34 -08:00
Henri DF
26fcf3415d Add digwatch.fields() to Lua API 2016-03-01 21:54:20 +00:00