New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Start setting autodrop, which filters addl events #351

Merged
merged 1 commit into from Apr 12, 2018

Conversation

Projects
None yet
1 participant
@mstemm
Contributor

mstemm commented Apr 12, 2018

To further reduce falco's cpu usage, start setting the inspector in
"autodrop" mode with a sampling ratio of 1. When autodrop mode is
enabled, a second class of events (those having EF_ALWAYS_DROP in the
syscall table, or those syscalls that do not have specific handling in
the syscall table) are also excluded.

Start setting autodrop, which filters addl events
To further reduce falco's cpu usage, start setting the inspector in
"autodrop" mode with a sampling ratio of 1. When autodrop mode is
enabled, a second class of events (those having EF_ALWAYS_DROP in the
syscall table, or those syscalls that do not have specific handling in
the syscall table) are also excluded.

@mstemm mstemm added the in progress label Apr 12, 2018

@mstemm mstemm merged commit 5c58da2 into dev Apr 12, 2018

3 checks passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
continuous-integration/travis-ci/push The Travis CI build passed
Details
sign-off-checker The commit doesn't require sysdig sign-off CLA because it belongs to mstemm part of draios/falco collaborators
Details

@mstemm mstemm deleted the skip-always-drop-evts branch Apr 12, 2018

@mstemm mstemm removed the in progress label Apr 12, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment