github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-08-22 16:16:11 +00:00
Code Issues Projects Releases Wiki Activity

Updated Falco Configuration (markdown)

Mark Stemm 2017-03-20 13:27:21 -07:00
parent 9d0cedb900
commit 447f939f01
1 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
Falco-Configuration.md

@ -7,15 +7,15 @@ Any configuration option can be overridden on the command line via the `-o/--opt
The current configuration keys are:
####`rules_file: <path>`
#### `rules_file: <path>`
the location of the rules file. This can also be overridden on the command line via `-r`.
####`json_output: [true|false]`
#### `json_output: [true|false]`
whether to use JSON output for alert messages.
####`log_stderr: [true|false]`
#### `log_stderr: [true|false]`
if true, log messages describing falco's activity will be logged to stderr. Note these are *not* alert messages--these are log messages for falco itself.
@ -23,11 +23,11 @@ if true, log messages describing falco's activity will be logged to stderr. Note
if true, log messages describing falco's activity will be logged to syslog.
####`log_level: [emergency|alert|critical|error|warning|notice|info|debug]`
#### `log_level: [emergency|alert|critical|error|warning|notice|info|debug]`
Minimum log level to include in logs. Note: these levels are separate from the priority field of rules. This refers only to the log level of falco's internal logging.
####`outputs`
#### `outputs`
a list containing these sub-keys:
@ -40,13 +40,13 @@ A throttling mechanism implemented as a token bucket limits the rate of falco no
With these defaults, falco could send up to 1000 notifications after an initial quiet period, and then up to 1 notification per second afterward. It would gain the full burst back after 1000 seconds of no activity.
####`syslog_output`
#### `syslog_output`
a list containing these sub-keys:
* `enabled: [true|false]`: if true, falco alerts will be sent via syslog
####`file_output`
#### `file_output`
a list containing these sub-keys:
@ -54,13 +54,13 @@ a list containing these sub-keys:
* `filename: <path>`: the location of the file to which alerts will be sent
####`stdout_output`
#### `stdout_output`
a list containing these sub-keys:
* `enabled: [true|false]`: if true, falco alerts will be sent to standard output
####`program_output`
#### `program_output`
a list containing these sub-keys: