github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-10-15 23:59:45 +00:00
Code Issues Projects Releases Wiki Activity
Files
e922a849a908a820dac3ae5de531f16bbe855a9c
falco/userspace/engine/lua
History
Mark Stemm e922a849a9 Add tests catchall order (#355) 
* Only check whole rule names when matching counts

Tweak the regex so a rule my_great_rule doesn't pick up event counts for
a rule "great_rule: nnn".

* Add ability to skip evttype warnings for rules

A new attribute warn_evttypes, if present, suppresses printing warnings
related to a rule not matching any event type. Useful if you have a rule
where not including an event type is intentional.

* Add test for preserving rule order

Test the fix for https://github.com/draios/falco/issues/354. A rules
file has a event-specific rule first and a catchall rule second. Without
the changes in https://github.com/draios/sysdig/pull/1103, the first
rule does not match the event.
2018-04-19 09:31:20 -07:00
..
compiler.lua
Add tests catchall order (#355)
2018-04-19 09:31:20 -07:00
parser-smoke.sh
Move falco engine to its own library.
2016-10-24 15:56:45 -07:00
parser.lua
Remove trailing newlines from output
2017-08-09 17:53:53 -07:00
README.md
Move falco engine to its own library.
2016-10-24 15:56:45 -07:00
rule_loader.lua
Add tests catchall order (#355)
2018-04-19 09:31:20 -07:00

README.md

Installation

The sysdig grammar uses the lpeg parser. For now install it using luarocks: luarocks install lpeg.