From 9048424d593f32e30efbe96acd6070d60883ce16 Mon Sep 17 00:00:00 2001 From: Mark Stemm Date: Mon, 24 Oct 2016 15:53:49 -0700 Subject: [PATCH] Updated Falco Formatting for Containers and Orchestration (markdown) --- Falco-Formatting-for-Containers-and-Orchestration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Falco-Formatting-for-Containers-and-Orchestration.md b/Falco-Formatting-for-Containers-and-Orchestration.md index 06f6142..a4f0d1a 100644 --- a/Falco-Formatting-for-Containers-and-Orchestration.md +++ b/Falco-Formatting-for-Containers-and-Orchestration.md @@ -1,6 +1,6 @@ Like sysdig, falco has native support for containers and orchestration environments. With `-k`, falco communicates with the provided K8s API server to decorate events with the K8s pod/namespace/deployment/etc. associated with the event. With `-m`, falco communicates with the marathon server to do the same thing. -Like sysdig, falco can be run with `-pk`/`-pm`/`-pc`/`-p` arguments that change the formatted output to be a k8s-friendly/mesos-friendly/container-friendly/general format. However, unlike sysdig, the source of formatted output is in the set of rules and not on the command line. This page provides more detail on how `-pk`/`-pm`/`-pc/-p` interacts with the format strings in the `output` attribute of rules. +Like sysdig, falco can be run with `-pk`/`-pm`/`-pc`/`-p` arguments that change the formatted output to be a k8s-friendly/mesos-friendly/container-friendly/general format. However, unlike sysdig, the source of formatted output is in the set of rules and not on the command line. This page provides more detail on how `-pk`/`-pm`/`-pc`/`-p` interacts with the format strings in the `output` attribute of rules. The information from k8s/mesos/containers is used in conjunction with the command line options in these ways: