New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Multiple slack notifications #930
Comments
For more advanced notifications in Slack, you can take a look at : https://github.com/falcosecurity/falcosidekick |
Thanks, I've tried falcosidekick, but I still get x7 duplicate notifications(same number of nodes in the ds) for each triggered rule. |
Your notifications are about a k8s event from audit logs? Seems logical that all pods of the daemonset detect it. |
This is a typical event that's repeated x7 times
On a different note I don't see the pod name or container name(host being a red herring #865 #629)
|
Another user reported that kind of issue on Slack. cc @JPLachance. Have the name of related rule which triggers that? For missing fields, it's known and people are figuring out how to solve that. |
Thanks guys, using 0.18.0 solved the problem. Closing. |
Thanks for confirming @seanmcrw ! |
What happened:
Default installation on k8s(AWS EKS x7 EC2 nodes in cluster) with helm
helm install --name falco stable/falco
creates x7 duplicate notifications when using the slack integration.What you expected to happen:
Only one notification should be posted to slack.
How to reproduce it (as minimally and precisely as possible):
Default helm install, with slack notifications enabled.
Anything else we need to know?:
Environment:
falco --version
):falco version 0.15.3
AWS
cat /etc/os-release
):uname -a
):The text was updated successfully, but these errors were encountered: