-
Notifications
You must be signed in to change notification settings - Fork 876
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ROADMAP: Improved Falco Outputs #528
Comments
This pr (#523) shows how to implement an output handler. It also shows how to leverage C++ functions in Lua which makes it easier to use C/C++ libraries for the output destination. |
Hello, I'd like to contribute to this idea, can someone give me advice on how to get start with the project :) Thanks! |
@laphets I've made sure that we have issues tagged with help wanted. These are various issues we need fixed and might provide a better opportunity to get started with the project. Also there are rules you can contribute to in the falcosecurity/profiles repo. For adding additional output destinations, you should review #523 to understand what code changes need to be made to add an output. Feel free to ping me on Slack if you have more questions. A GRPC output might be a good start. We are investigating the idea of using sidecar containers to provide the various output destinations for Falco and being able to tie the containers together with GRPC would be better than the current implementation of a named pipe. |
@mfdii I think that the output of this will be to implement a gRPC streaming service to stream events. This is a good idea for multiple reasons
|
For following up some discussions we had on Slack, here a quick schema about basic principles I had in mind. A lot are inspired by my falcosidekick with some enhancements I wanted to add (queues + gRPC) Feel free to discuss about and challenge. The main challenge will be to formalize and standardize how we implement plugins, those could be in any language, only interfaces matters and that let anybody write and propose a new output. |
/kind design |
Description: The goal behind this idea is to improve the available options for sending alerts from Falco when a security violation occurs inside a container. Currently outputs are limited to stdout, files, syslog, and executing a program. We’d like to offer more output options such as: NATS.io, Kafka, gRPC, Google Pub/Sub, AWS SNS, HTTPs Webhooks, etc.
Also, currently, Falco only supports a single program output. We want it to support multiple program_outputs instead.
Recommended Skills: C/C++ experience, working with external libraries, working knowledge of message queues and modern Pub/Sub systems.
Mentor(s): Mark Stemm (@mstemm), Loris Degioanni (@ldegio), Michael Ducy (@mfdii)
The text was updated successfully, but these errors were encountered: