From d6ee3ec06dfd8bda7b5dba580fe3179b2eb334ee Mon Sep 17 00:00:00 2001 From: Mark Stemm Date: Wed, 27 Mar 2019 15:46:06 -0700 Subject: [PATCH] Updated Falco Configuration (markdown) --- Falco-Configuration.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Falco-Configuration.md b/Falco-Configuration.md index 3071b45..6d65a8f 100644 --- a/Falco-Configuration.md +++ b/Falco-Configuration.md @@ -48,18 +48,18 @@ Minimum rule priority level to load and run. All rules having a priority more se #### `syscall_event_drops` -Controls [Actions For Dropped System Call Events]. An object containing these sub-keys: +Controls [[Actions For Dropped System Call Events]]. An object containing these sub-keys: * `actions`: A list containing one or more of these sub-keys: -** `ignore`: do nothing. If an empty list is provided, ignore is assumed. -** `log`: log a CRITICAL message noting that the buffer was full. -** `alert`: emit a falco alert noting that the buffer was full. -** `exit`: exit falco with a non-zero rc. + * `ignore`: do nothing. If an empty list is provided, ignore is assumed. + * `log`: log a CRITICAL message noting that the buffer was full. + * `alert`: emit a falco alert noting that the buffer was full. + * `exit`: exit falco with a non-zero rc. * `rate`: The steady-state rate at which actions can be taken. Units of actions/second. Default 0.03333 (one action per 30 seconds). * `max_burst`: The maximum number of actions that can be taken before the steady-state rate is applied. -#### `buffered_outputs: [true|false] +#### `buffered_outputs: [true|false]` # Whether or not output to any of the output channels below is buffered. Defaults to false.