github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-08-23 08:28:48 +00:00
Code Issues Projects Releases Wiki Activity

Updated Falco Configuration (markdown)

Mark Stemm 2017-03-20 13:27:21 -07:00
parent 9d0cedb900
commit 447f939f01
1 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
Falco-Configuration.md

@ -7,15 +7,15 @@ Any configuration option can be overridden on the command line via the `-o/--opt
The current configuration keys are: The current configuration keys are:
####`rules_file: <path>` #### `rules_file: <path>`
the location of the rules file. This can also be overridden on the command line via `-r`. the location of the rules file. This can also be overridden on the command line via `-r`.
####`json_output: [true|false]` #### `json_output: [true|false]`
whether to use JSON output for alert messages. whether to use JSON output for alert messages.
####`log_stderr: [true|false]` #### `log_stderr: [true|false]`
if true, log messages describing falco's activity will be logged to stderr. Note these are *not* alert messages--these are log messages for falco itself. if true, log messages describing falco's activity will be logged to stderr. Note these are *not* alert messages--these are log messages for falco itself.
@ -23,11 +23,11 @@ if true, log messages describing falco's activity will be logged to stderr. Note
if true, log messages describing falco's activity will be logged to syslog. if true, log messages describing falco's activity will be logged to syslog.
####`log_level: [emergency|alert|critical|error|warning|notice|info|debug]` #### `log_level: [emergency|alert|critical|error|warning|notice|info|debug]`
Minimum log level to include in logs. Note: these levels are separate from the priority field of rules. This refers only to the log level of falco's internal logging. Minimum log level to include in logs. Note: these levels are separate from the priority field of rules. This refers only to the log level of falco's internal logging.
####`outputs` #### `outputs`
a list containing these sub-keys: a list containing these sub-keys:
@ -40,13 +40,13 @@ A throttling mechanism implemented as a token bucket limits the rate of falco no
With these defaults, falco could send up to 1000 notifications after an initial quiet period, and then up to 1 notification per second afterward. It would gain the full burst back after 1000 seconds of no activity. With these defaults, falco could send up to 1000 notifications after an initial quiet period, and then up to 1 notification per second afterward. It would gain the full burst back after 1000 seconds of no activity.
####`syslog_output` #### `syslog_output`
a list containing these sub-keys: a list containing these sub-keys:
* `enabled: [true|false]`: if true, falco alerts will be sent via syslog * `enabled: [true|false]`: if true, falco alerts will be sent via syslog
####`file_output` #### `file_output`
a list containing these sub-keys: a list containing these sub-keys:
@ -54,13 +54,13 @@ a list containing these sub-keys:
* `filename: <path>`: the location of the file to which alerts will be sent * `filename: <path>`: the location of the file to which alerts will be sent
####`stdout_output` #### `stdout_output`
a list containing these sub-keys: a list containing these sub-keys:
* `enabled: [true|false]`: if true, falco alerts will be sent to standard output * `enabled: [true|false]`: if true, falco alerts will be sent to standard output
####`program_output` #### `program_output`
a list containing these sub-keys: a list containing these sub-keys: