Use symbolic link as a hacky way to output to stdout

skroutz · Mar 5, 2024 · 9a75396 · 9a75396
1 parent c2d7962
commit 9a75396
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 5 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -20,14 +20,12 @@ RUN apt-get update && apt-get install -y gettext-base curl
 COPY deb/crowdstrike-cs-falconhoseclient_2.18.0_amd64.deb "${WORKDIR}/crowdstrike.deb"
 RUN dpkg -i "${WORKDIR}/crowdstrike.deb"
 
-RUN mkdir -p /var/log/containers
-
 # Prepare a simple user instead of root
 RUN groupadd -g 1000 user && useradd -r -u 1000 -g user user
+RUN ln -s /proc/self/fd/1 /var/log/crowdstrike/falconhoseclient/output
 RUN chown -R user:user /var/log/crowdstrike/falconhoseclient
 RUN chmod -R 755 /var/log/crowdstrike/falconhoseclient
 RUN chown -R user:user /opt/crowdstrike/etc
-RUN chown -R user:user /var/log/containers
 
 WORKDIR "${WORKDIR}"
 

diff --git a/cfg/cs.falconhoseclient.cfg.template b/cfg/cs.falconhoseclient.cfg.template
@@ -32,10 +32,10 @@ output_format = json
 # Will be true regardless if Syslog is not enabled
 # If path does not exist or user has no permission, log file will be used
 output_to_file = true
-output_path = /var/log/containers/falcon_output.log
+output_path = /var/log/crowdstrike/falconhoseclient/output
 
 # Offset file full filepath and filename
-offset_path = /var/log/containers/falcon_offsets.log
+offset_path = /var/log/crowdstrike/falconhoseclient/stream_offsets
 
 [Output_File_Rotation]
 # If the output is writing to a file, then the settings below will govern output file rotation