diff --git a/userspace/falco/app/actions/configure_interesting_sets.cpp b/userspace/falco/app/actions/configure_interesting_sets.cpp index 9f7e60306c2..463db87ac93 100644 --- a/userspace/falco/app/actions/configure_interesting_sets.cpp +++ b/userspace/falco/app/actions/configure_interesting_sets.cpp @@ -18,6 +18,7 @@ limitations under the License. #include "actions.h" #include "helpers.h" #include "../app.h" +#include using namespace falco::app; using namespace falco::app::actions; @@ -73,6 +74,25 @@ static void select_event_set(falco::app::state& s, const libsinsp::events::set

plugin_ev_codes; + for (const auto &p : s.offline_inspector->get_plugin_manager()->plugins()) + { + if(!(p->caps() & CAP_PARSING)) + { + continue; + } + plugin_ev_codes.merge(p->parse_event_codes()); + } + const auto plugin_sc_set = libsinsp::events::event_set_to_sc_set(plugin_ev_codes); + const auto plugin_names = libsinsp::events::sc_set_to_event_names(plugin_sc_set); + if (!plugin_sc_set.empty()) + { + falco_logger::log(falco_logger::level::DEBUG, "(" + std::to_string(plugin_names.size()) + + ") syscalls required by plugins: " + concat_set_in_order(plugin_names) + "\n"); + } + + /* DEFAULT OPTION: * Current `sinsp_state_sc_set()` approach includes multiple steps: * (1) Enforce all positive syscalls from each Falco rule @@ -111,9 +131,10 @@ static void select_event_set(falco::app::state& s, const libsinsp::events::set

m_base_syscalls_repair && user_positive_sc_set.empty()) diff --git a/userspace/falco/app/actions/init_inspectors.cpp b/userspace/falco/app/actions/init_inspectors.cpp index 4da21f5c987..4a5c2c49df0 100644 --- a/userspace/falco/app/actions/init_inspectors.cpp +++ b/userspace/falco/app/actions/init_inspectors.cpp @@ -163,11 +163,6 @@ falco::app::run_result falco::app::actions::init_inspectors(falco::app::state& s std::unordered_set used_plugins; const auto& all_plugins = s.offline_inspector->get_plugin_manager()->plugins(); - if((s.config->m_metrics_flags & METRICS_V2_STATE_COUNTERS)) - { - - } - for (const auto &src : s.loaded_sources) { auto src_info = s.source_infos.at(src);