github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-08-26 18:09:01 +00:00
Code Issues Projects Releases Wiki Activity

Updated Running Falco (markdown)

Mark Stemm 2017-03-29 15:17:47 -07:00
parent 2b6847f342
commit 5e4f391d6b
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
Running-Falco.md

@ -23,10 +23,11 @@ Usage: falco [options]
Options:
-h, --help Print this page
-c Configuration file (default <source dir>/falco.yaml, /etc/falco.yaml)
-c Configuration file (default /mnt/sf_mstemm/work/src/falco/falco.yaml, /etc/falco.yaml)
-A Monitor all events, including those with EF_DROP_FALCO flag.
-d, --daemon Run as a daemon
-D <pattern> Disable any rules matching the regex <pattern>. Can be specified multiple times.
Can not be specified with -t.
-e <events_file> Read the events from <events_file> (in .scap format) instead of tapping into live.
-k <url>, --k8s-api=<url>
Enable Kubernetes support by connecting to the API server
@ -52,6 +53,7 @@ Options:
Marathon url is optional and defaults to Mesos address, port 8080.
The API servers can also be specified via the environment variable
FALCO_MESOS_API.
-M <num_seconds> Stop collecting after <num_seconds> reached.
-o, --option <key>=<val> Set the value of option <key> to <val>. Overrides values in configuration file.
<key> can be a two-part <key>.<subkey>
-p <output_format>, --print=<output_format>
@ -67,7 +69,12 @@ Options:
Can be specified multiple times to read from multiple files.
-s <stats_file> If specified, write statistics related to falco's reading/processing of events
to this file. (Only useful in live mode).
-T <tag> Disable any rules with a tag=<tag>. Can be specified multiple times.
Can not be specified with -t.
-t <tag> Only run those rules with a tag=<tag>. Can be specified multiple times.
Can not be specified with -T/-D.
-v Verbose output.
--version Print version number.
```