mirror of
https://github.com/falcosecurity/falco.git
synced 2025-10-21 19:44:57 +00:00
897df28036
- In the regression tests, make the config file configurable in the multiplex file via 'conf_file'. - A new multiplex file item 'outputs' containing a list of <filename>: <regex> tuples. For each item, the test reads the file and matches each line against the regex. A match must be found for the test to pass. - Add 2 new tests that test file output and program output. They write to files below /tmp/falco_outputs/ and the contents are checked to ensure that alerts are written.
28 lines
628 B
YAML
28 lines
628 B
YAML
# File containing Falco rules, loaded at startup.
|
|
rules_file: /etc/falco_rules.yaml
|
|
|
|
# Whether to output events in json or text
|
|
json_output: false
|
|
|
|
# Send information logs to stderr and/or syslog Note these are *not* security
|
|
# notification logs! These are just Falco lifecycle (and possibly error) logs.
|
|
log_stderr: false
|
|
log_syslog: false
|
|
|
|
# Where security notifications should go.
|
|
# Multiple outputs can be enabled.
|
|
|
|
syslog_output:
|
|
enabled: false
|
|
|
|
file_output:
|
|
enabled: false
|
|
filename: ./output.txt
|
|
|
|
stdout_output:
|
|
enabled: true
|
|
|
|
program_output:
|
|
enabled: true
|
|
program: cat > /tmp/falco_outputs/program_output.txt
|