Skip to content

Commit

Permalink
Split docs for the outputs
Browse files Browse the repository at this point in the history 
Signed-off-by: Thomas Labarussias <[email protected]>
  • Loading branch information
@Issif
Issif committed Sep 28, 2023
1 parent 7b7e446 commit 99a316a
Show file tree
Hide file tree
Showing 92 changed files with 3,082 additions and 1,308 deletions.
1,383 changes: 78 additions & 1,305 deletions README.md
View file

Large diffs are not rendered by default.

5 changes: 2 additions & 3 deletions config_example.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,6 @@ tlsserver:
# - "/metrics"
# - "/healthz"


slack:
webhookurl: "" # Slack WebhookURL (ex: https://hooks.slack.com/services/XXXX/YYYY/ZZZZ), if not empty, Slack output is enabled
#channel: "" # Slack channel (optionnal)
Expand Down Expand Up @@ -59,7 +58,7 @@ mattermost:
# checkcert: true # check if ssl certificate of the output is valid (default: true)

teams:
webhookurl: "" # Teams WebhookURL (ex: https://hooks.slack.com/services/XXXX/YYYY/ZZZZ), if not empty, Teams output is enabled
webhookurl: "" # Teams WebhookURL, if not empty, Teams output is enabled
#activityimage: "" # Image for message section
outputformat: "all" # all (default), text, facts
minimumpriority: "" # minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" (default)
Expand Down Expand Up @@ -200,7 +199,7 @@ dogstatsd:
# key: "value"

opsgenie:
# apikey: "2c771471-e2af-4dc6-bd35-e7f6ff479b64" # Opsgenie API Key, if not empty, Opsgenie output is enabled
# apikey: "" # Opsgenie API Key, if not empty, Opsgenie output is enabled
region: "eu" # (us|eu) region of your domain
# minimumpriority: "" # minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" (default)

Expand Down
35 changes: 35 additions & 0 deletions docs/outputs/EXAMPLE.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
# Output Name

- **Category**: Category of the output
- **Website**: URL of the output

## Table of content

- [Output Name](#output-name)
- [Table of content](#table-of-content)
- [Configuration](#configuration)
- [Example of config.yaml](#example-of-configyaml)
- [Additional info](#additional-info)
- [Screenshots](#screenshots)

## Configuration

| Setting | Env var | Default value | Description |
| ------- | ------- | ------------- | ----------- |
| | | | |
| | | | |
| | | | |

> **Note**
The Env var values override the settings from yaml file.

## Example of config.yaml

```yaml
output:
setting: ""
```
## Additional info
## Screenshots
52 changes: 52 additions & 0 deletions docs/outputs/alertmanager.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
# AlertManager

- **Category**: Alerting
- **Website**: https://github.com/prometheus/alertmanager

## Table of content

- [AlertManager](#alertmanager)
- [Table of content](#table-of-content)
- [Configuration](#configuration)
- [Example of config.yaml](#example-of-configyaml)
- [Screenshots](#screenshots)

## Configuration

| Setting | Env var | Default value | Description |
| --------------------------------------- | --------------------------------------- | -------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `alertmanager.hostport` | `ALERTMANAGER_HOSTPORT` | | http://{domain or ip}:{port}, if not empty, Alertmanager output is **enabled** |
| `alertmanager.mutualtls` | `ALERTMANAGER_MUTUALTLS` | `false` | Authenticate to the output with TLS, if true, checkcert flag will be ignored (server cert will always be checked) |
| `alertmanager.checkcert` | `ALERTMANAGER_CHECKCERT` | `true` | check if ssl certificate of the output is valid |
| `alertmanager.endpoint` | `ALERTMANAGER_ENDPOINT` | `/api/v1/alerts` | Alertmanager endpoint for posting alerts `/api/v1/alerts` or `/api/v2/alerts` |
| `alertmanager.expiresafter` | `ALERTMANAGER_EXPIRESAFTER` | `0` | If set to a non-zero value, alert expires after that time in seconds |
| `alertmanager.extralabels` | `ALERTMANAGER_EXTRALABELS` | | Comma separated list of labels composed of a ':' separated name and value that is added to the Alerts. Example: `my_annotation_1:my_value_1, my_annotation_1:my_value_2` |
| `alertmanager.extraannotations` | `ALERTMANAGER_EXTRAANNOTATIONS` | | Comma separated list of annotations composed of a ':' separated name and value that is added to the Alerts Example: `debug:value_1,critical:value2` |
| `alertmanager.customseveritymap` | `ALERTMANAGER_CUSTOMSEVERITYMAP` | | Comma separated list of tuple composed of a ':' separated Falco priority and Alertmanager severity that is used to override the severity label associated to the priority level of falco event. Example: `debug:value_1,critical:value2` |
| `alertmanager.dropeventdefaultpriority` | `ALERTMANAGER_DROPEVENTDEFAULTPRIORITY` | `critical` | Default priority of dropped events, values are `emergency,alert,critical,error,warning,notice,informational,debug` |
| `alertmanager.dropeventthresholds` | `ALERTMANAGER_DROPEVENTTHRESHOLDS` | `10000:critical, 1000:critical, 100:critical, 10:warning, 1:warning` | Comma separated list of priority re-evaluation thresholds of dropped events composed of a ':' separated integer threshold and string priority. Example: `10000:critical, 100:warning, 1:informational` |
| `alertmanager.minimumpriority` | `ALERTMANAGER_MINIMUMPRIORITY` | `""` (= `debug`) | Minimum priority of event for using this output, order is `emergency,alert,critical,error,warning,notice,informational,debug or ""` |

> **Note**
The Env var values override the settings from yaml file.

## Example of config.yaml

```yaml
alertmanager:
hostport: "" # http://{domain or ip}:{port}, if not empty, Alertmanager output is enabled
# mutualtls: false # if true, checkcert flag will be ignored (server cert will always be checked)
# checkcert: true # check if ssl certificate of the output is valid (default: true)
# endpoint: "" # alertmanager endpoint for posting alerts: "/api/v1/alerts" or "/api/v2/alerts" (default: "/api/v1/alerts")
# expiresafter: "" if set to a non-zero value, alert expires after that time in seconds (default: 0)
# extralabels: "" # comma separated list of labels composed of a ':' separated name and value that is added to the Alerts. Example: my_label_1:my_value_1, my_label_1:my_value_2
# extraannotations: "" # comma separated list of annotations composed of a ':' separated name and value that is added to the Alerts. Example: my_annotation_1:my_value_1, my_annotation_1:my_value_2
# customseveritymap: "" # comma separated list of tuple composed of a ':' separated Falco priority and Alertmanager severity that is used to override the severity label associated to the priority level of falco event. Example: debug:value_1,critical:value2. Default mapping: emergency:critical,alert:critical,critical:critical,error:warning,warning:warning,notice:information,informational:information,debug:information. (default: "")
# dropeventdefaultpriority: "" # default priority of dropped events, values are emergency|alert|critical|error|warning|notice|informational|debug (default: "critical")
# dropeventthresholds: # comma separated list of priority re-evaluation thresholds of dropped events composed of a ':' separated integer threshold and string priority. Example: `10000:critical, 100:warning, 1:informational` (default: `"10000:critical, 1000:critical, 100:critical, 10:warning, 1:warning"`)
# minimumpriority: "" # minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" (default)
```

## Screenshots

![alertmanager example](images/alertmanager.png)
76 changes: 76 additions & 0 deletions docs/outputs/aws_cloudwatch_logs.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
# AWS Cloudwatch Logs

- **Category**: Logs
- **Website**: https://aws.amazon.com/cloudwatch/features/

## Table of content

- [AWS Cloudwatch Logs](#aws-cloudwatch-logs)
- [Table of content](#table-of-content)
- [Configuration](#configuration)
- [Example of config.yaml](#example-of-configyaml)
- [Additional info](#additional-info)
- [CloudWatch Logs Sample IAM Policy](#cloudwatch-logs-sample-iam-policy)
- [Screenshots](#screenshots)

## Configuration

| Setting | Env var | Default value | Description |
| ------------------------------------ | ------------------------------------ | ---------------- | ----------------------------------------------------------------------------------------------------------------------------------- |
| `aws.accesskeyid` | `AWS_ACCESSKEYID` | | AWS access key (optional if you use EC2 Instance Profile) |
| `aws.secretaccesskey` | `AWS_SECRETACCESSKEY` | | AWS secret access key (optional if you use EC2 Instance Profile) |
| `aws.region` | `AWS_REGION` | | AWS region (by default, the metadata are used to get it) |
| `aws.rolearn` | `AWS_ROLEARN` | | AWS role to assume (optional if you use EC2 Instance Profile) |
| `aws.externalid` | `AWS_EXTERNALID` | | External id for the role to assume (optional if you use EC2 Instance Profile) |
| `aws.checkidentity` | `AWS_CHECKIDENTITY` | `true` | Check the identity credentials, set to false for locale developments |
| `aws.cloudwatchlogs.loggroup` | `AWS_CLOUDWATCHLOGS_LOGGROUP` | | AWS CloudWatch Logs Group name, if not empty, CloudWatch Logs output is **enabled** |
| `aws.cloudwatchlogs.logstream` | `AWS_CLOUDWATCHLOGS_LOGSTREAM` | | AWS CloudWatch Logs Stream name, if empty, Falcosidekick will try to create a log stream |
| `aws.cloudwatchlogs.minimumpriority` | `AWS_CLOUDWATCHLOGS_MINIMUMPRIORITY` | `""` (= `debug`) | Minimum priority of event for using this output, order is `emergency,alert,critical,error,warning,notice,informational,debug or ""` |


> **Note**
The Env var values override the settings from yaml file.

## Example of config.yaml

```yaml
aws:
# accesskeyid: "" # aws access key (optional if you use EC2 Instance Profile)
# secretaccesskey: "" # aws secret access key (optional if you use EC2 Instance Profile)
# region : "" # aws region (by default, the metadata are used to get it)
# rolearn: "" # aws role to assume (optional if you use EC2 Instance Profile)
# externalid: "" # external id for the role to assume (optional if you use EC2 Instance Profile)
# checkidentity: true # check the identity credentials, set to false for locale developments (default: true)
cloudwatchlogs:
loggroup : "" # AWS CloudWatch Logs Group name, if not empty, CloudWatch Logs output is enabled
logstream : "" # AWS CloudWatch Logs Stream name, if empty, Falcosidekick will try to create a log stream
# minimumpriority: "" # minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" (default)
```

## Additional info

> **Note**
When using this AWS output you will need to set the AWS keys or role with some permissions.

### CloudWatch Logs Sample IAM Policy

```json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "cloudwacthlogs",
"Effect": "Allow",
"Action": [
"logs:CreateLogStream",
"logs:DescribeLogStreams",
"logs:PutRetentionPolicy",
"logs:PutLogEvents"
],
"Resource": "*"
}
]
}
```

## Screenshots
51 changes: 51 additions & 0 deletions docs/outputs/aws_kinesis.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
# AWS Kinesis

- **Category**: Message Queue / Streaming
- **Website**: https://aws.amazon.com/kinesis/

## Table of content

- [AWS Kinesis](#aws-kinesis)
- [Table of content](#table-of-content)
- [Configuration](#configuration)
- [Example of config.yaml](#example-of-configyaml)
- [Additional info](#additional-info)
- [Screenshots](#screenshots)

## Configuration

| Setting | Env var | Default value | Description |
| ----------------------------- | ----------------------------- | ---------------- | ----------------------------------------------------------------------------------------------------------------------------------- |
| `aws.accesskeyid` | `AWS_ACCESSKEYID` | | AWS access key (optional if you use EC2 Instance Profile) |
| `aws.secretaccesskey` | `AWS_SECRETACCESSKEY` | | AWS secret access key (optional if you use EC2 Instance Profile) |
| `aws.region` | `AWS_REGION` | | AWS region (by default, the metadata are used to get it) |
| `aws.rolearn` | `AWS_ROLEARN` | | AWS role to assume (optional if you use EC2 Instance Profile) |
| `aws.externalid` | `AWS_EXTERNALID` | | External id for the role to assume (optional if you use EC2 Instance Profile) |
| `aws.checkidentity` | `AWS_CHECKIDENTITY` | `true` | Check the identity credentials, set to false for locale developments |
| `aws.kinesis.streamname` | `AWS_KINESIS_STREAMNAME` | | AWS Kinesis Stream Name, if not empty, Kinesis output is **enabled** |
| `aws.kinesis.minimumpriority` | `AWS_KINESIS_MINIMUMPRIORITY` | `""` (= `debug`) | Minimum priority of event for using this output, order is `emergency,alert,critical,error,warning,notice,informational,debug or ""` |

> **Note**
The Env var values override the settings from yaml file.

## Example of config.yaml

```yaml
aws:
# accesskeyid: "" # aws access key (optional if you use EC2 Instance Profile)
# secretaccesskey: "" # aws secret access key (optional if you use EC2 Instance Profile)
# region : "" # aws region (by default, the metadata are used to get it)
# rolearn: "" # aws role to assume (optional if you use EC2 Instance Profile)
# externalid: "" # external id for the role to assume (optional if you use EC2 Instance Profile)
# checkidentity: true # check the identity credentials, set to false for locale developments (default: true)
kinesis:
streamname: "" # AWS Kinesis Stream Name, if not empty, Kinesis output is enabled
# minimumpriority: "" # minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" (default)
```

## Additional info

> **Note**
When using this AWS output you will need to set the AWS keys or role with some permissions.

## Screenshots
Loading

0 comments on commit 99a316a

Please sign in to comment.