mirror of
https://github.com/falcosecurity/falco.git
synced 2026-03-18 18:58:41 +00:00
d5dbe59d85
Add a new output type "program" that writes a formatted event to a configurable program, using io.popen(). Each notification results in one invocation of the program.
29 lines
632 B
YAML
29 lines
632 B
YAML
# File containing Falco rules, loaded at startup.
|
|
rules_file: /etc/falco_rules.yaml
|
|
|
|
# Whether to output events in json or text
|
|
json_output: false
|
|
|
|
# Send information logs to stderr and/or syslog Note these are *not* security
|
|
# notification logs! These are just Falco lifecycle (and possibly error) logs.
|
|
log_stderr: true
|
|
log_syslog: true
|
|
|
|
|
|
# Where security notifications should go.
|
|
# Multiple outputs can be enabled.
|
|
|
|
syslog_output:
|
|
enabled: true
|
|
|
|
file_output:
|
|
enabled: false
|
|
filename: ./events.txt
|
|
|
|
stdout_output:
|
|
enabled: true
|
|
|
|
program_output:
|
|
enabled: false
|
|
program: mail -s "Falco Notification" someone@example.com
|