Skip to content

Commit

Permalink
new(engine): add print_enabled_rules_falco_logger when log_level debug
Browse files Browse the repository at this point in the history
Signed-off-by: Melissa Kilby <[email protected]>
  • Loading branch information
incertum authored and poiana committed May 16, 2024
1 parent 0869abc commit 77341cb
Show file tree
Hide file tree
Showing 2 changed files with 27 additions and 1 deletion.
19 changes: 18 additions & 1 deletion userspace/engine/evttype_index_ruleset.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,8 @@ limitations under the License.

#include "falco_utils.h"

#include "../falco/logger.h"

#include <algorithm>

evttype_index_ruleset::evttype_index_ruleset(
Expand Down Expand Up @@ -225,7 +227,22 @@ void evttype_index_ruleset::add(

void evttype_index_ruleset::on_loading_complete()
{
// nothing to do for now
print_enabled_rules_falco_logger();
}

void evttype_index_ruleset::print_enabled_rules_falco_logger()
{
falco_logger::log(falco_logger::level::DEBUG, "Enabled rules:\n");
for (const auto& ruleset_ptr : m_rulesets)
{
if (ruleset_ptr)
{
for (const auto& wrap : ruleset_ptr->get_filters())
{
falco_logger::log(falco_logger::level::DEBUG, std::string(" ") + wrap->rule.name + "\n");
}
}
}
}

void evttype_index_ruleset::clear()
Expand Down
9 changes: 9 additions & 0 deletions userspace/engine/evttype_index_ruleset.h
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,10 @@ class evttype_index_ruleset: public filter_ruleset

void on_loading_complete() override;

// Print each enabled rule when running Falco with falco logger
// log_level=debug; invoked within on_loading_complete()
void print_enabled_rules_falco_logger();

void enable(
const std::string &pattern,
match_type match,
Expand Down Expand Up @@ -118,6 +122,11 @@ class evttype_index_ruleset: public filter_ruleset

uint64_t num_filters();

inline const std::set<std::shared_ptr<filter_wrapper>>& get_filters() const
{
return m_filters;
}

// Evaluate an event against the ruleset and return the first rule
// that matched.
bool run(sinsp_evt *evt, falco_rule& match);
Expand Down

0 comments on commit 77341cb

Please sign in to comment.