github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-08-16 05:13:50 +00:00
Code Issues Projects Releases Wiki Activity

Updated Falco Configuration (markdown)

Mark Stemm 2019-03-27 15:46:06 -07:00
parent 29137654f3
commit d6ee3ec06d
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
Falco-Configuration.md

@ -48,18 +48,18 @@ Minimum rule priority level to load and run. All rules having a priority more se
#### `syscall_event_drops`
Controls [Actions For Dropped System Call Events]. An object containing these sub-keys:
Controls [[Actions For Dropped System Call Events]]. An object containing these sub-keys:
* `actions`: A list containing one or more of these sub-keys:
** `ignore`: do nothing. If an empty list is provided, ignore is assumed.
** `log`: log a CRITICAL message noting that the buffer was full.
** `alert`: emit a falco alert noting that the buffer was full.
** `exit`: exit falco with a non-zero rc.
* `ignore`: do nothing. If an empty list is provided, ignore is assumed.
* `log`: log a CRITICAL message noting that the buffer was full.
* `alert`: emit a falco alert noting that the buffer was full.
* `exit`: exit falco with a non-zero rc.
* `rate`: The steady-state rate at which actions can be taken. Units of actions/second. Default 0.03333 (one action per 30 seconds).
* `max_burst`: The maximum number of actions that can be taken before the steady-state rate is applied.
#### `buffered_outputs: [true|false]
#### `buffered_outputs: [true|false]`
# Whether or not output to any of the output channels below is buffered. Defaults to false.