diff --git a/Running-Falco.md b/Running-Falco.md index 76b661e..a3e3673 100644 --- a/Running-Falco.md +++ b/Running-Falco.md @@ -23,10 +23,11 @@ Usage: falco [options] Options: -h, --help Print this page - -c Configuration file (default /falco.yaml, /etc/falco.yaml) + -c Configuration file (default /mnt/sf_mstemm/work/src/falco/falco.yaml, /etc/falco.yaml) -A Monitor all events, including those with EF_DROP_FALCO flag. -d, --daemon Run as a daemon -D Disable any rules matching the regex . Can be specified multiple times. + Can not be specified with -t. -e Read the events from (in .scap format) instead of tapping into live. -k , --k8s-api= Enable Kubernetes support by connecting to the API server @@ -52,6 +53,7 @@ Options: Marathon url is optional and defaults to Mesos address, port 8080. The API servers can also be specified via the environment variable FALCO_MESOS_API. + -M Stop collecting after reached. -o, --option = Set the value of option to . Overrides values in configuration file. can be a two-part . -p , --print= @@ -67,7 +69,12 @@ Options: Can be specified multiple times to read from multiple files. -s If specified, write statistics related to falco's reading/processing of events to this file. (Only useful in live mode). + -T Disable any rules with a tag=. Can be specified multiple times. + Can not be specified with -t. + -t Only run those rules with a tag=. Can be specified multiple times. + Can not be specified with -T/-D. -v Verbose output. + --version Print version number. ```