diff --git a/test/confs/file_output.yaml b/test/confs/file_output.yaml
new file mode 100644
index 00000000000..9e35aa82d42
--- /dev/null
+++ b/test/confs/file_output.yaml
@@ -0,0 +1,27 @@
+# File containing Falco rules, loaded at startup.
+rules_file: /etc/falco_rules.yaml
+
+# Whether to output events in json or text
+json_output: false
+
+# Send information logs to stderr and/or syslog Note these are *not* security
+# notification logs! These are just Falco lifecycle (and possibly error) logs.
+log_stderr: false
+log_syslog: false
+
+# Where security notifications should go.
+# Multiple outputs can be enabled.
+
+syslog_output:
+  enabled: false
+
+file_output:
+  enabled: true
+  filename: /tmp/falco_outputs/file_output.txt
+
+stdout_output:
+  enabled: true
+
+program_output:
+  enabled: false
+  program: mail -s "Falco Notification" someone@example.com
diff --git a/test/confs/program_output.yaml b/test/confs/program_output.yaml
new file mode 100644
index 00000000000..85cc017b82b
--- /dev/null
+++ b/test/confs/program_output.yaml
@@ -0,0 +1,27 @@
+# File containing Falco rules, loaded at startup.
+rules_file: /etc/falco_rules.yaml
+
+# Whether to output events in json or text
+json_output: false
+
+# Send information logs to stderr and/or syslog Note these are *not* security
+# notification logs! These are just Falco lifecycle (and possibly error) logs.
+log_stderr: false
+log_syslog: false
+
+# Where security notifications should go.
+# Multiple outputs can be enabled.
+
+syslog_output:
+  enabled: false
+
+file_output:
+  enabled: false
+  filename: ./output.txt
+
+stdout_output:
+  enabled: true
+
+program_output:
+  enabled: true
+  program: cat > /tmp/falco_outputs/program_output.txt