github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-10-22 12:27:10 +00:00
Code Issues Projects Releases Wiki Activity
Files
ea973257088828502c8eeaa4a03a9e7709cdcaae
falco/userspace/engine/lua
History
Mark Stemm 37388c56ff Validate rule outputs when loading rules. 
Validate rule outputs when loading rules by attempting to create a
formatter based on the rule's output field. If there's an error, it will
propagate up through load_rules and cause falco to exit rather than
discover the problem only when trying to format the event and the rule's
output field.

This required moving formats.{cpp,h} into the falco engine directory
from the falco general directory. Note that these functions are loaded
twice in the two lua states used by falco (engine and outputs).

There's also a couple of minor cleanups:

 - falco_formats had a private instance variable that was unused, remove
   it.
 - rename the package for the falco_formats functions to formats instead
   of falco so it's more standalone.
 - don't throw a c++ exception in falco_formats::formatter. Instead
   generate a lua error, which is handled more cleanly.
 - free_formatter doesn't return any values, so set the return value of
   the function to 0.
2016-12-22 12:55:36 -08:00
..
compiler.lua
Improve error messages when loading rules.
2016-12-22 12:55:36 -08:00
parser-smoke.sh
Move falco engine to its own library.
2016-10-24 15:56:45 -07:00
parser.lua
Add license comments to all source code.
2016-10-24 15:56:45 -07:00
README.md
Move falco engine to its own library.
2016-10-24 15:56:45 -07:00
rule_loader.lua
Validate rule outputs when loading rules.
2016-12-22 12:55:36 -08:00

README.md

Installation

The sysdig grammar uses the lpeg parser. For now install it using luarocks: luarocks install lpeg.