Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Split the docs into a file per output #648

Merged
merged 1 commit into from
Sep 28, 2023
Merged

Split the docs into a file per output #648

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1,386 changes: 81 additions & 1,305 deletions README.md
View file
Open in desktop

Large diffs are not rendered by default.

5 changes: 2 additions & 3 deletions config_example.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,6 @@ tlsserver:
# - "/metrics"
# - "/healthz"


slack:
webhookurl: "" # Slack WebhookURL (ex: https://hooks.slack.com/services/XXXX/YYYY/ZZZZ), if not empty, Slack output is enabled
#channel: "" # Slack channel (optionnal)
Expand Down Expand Up @@ -59,7 +58,7 @@ mattermost:
# checkcert: true # check if ssl certificate of the output is valid (default: true)

teams:
webhookurl: "" # Teams WebhookURL (ex: https://hooks.slack.com/services/XXXX/YYYY/ZZZZ), if not empty, Teams output is enabled
webhookurl: "" # Teams WebhookURL, if not empty, Teams output is enabled
#activityimage: "" # Image for message section
outputformat: "all" # all (default), text, facts
minimumpriority: "" # minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" (default)
Expand Down Expand Up @@ -200,7 +199,7 @@ dogstatsd:
# key: "value"

opsgenie:
# apikey: "2c771471-e2af-4dc6-bd35-e7f6ff479b64" # Opsgenie API Key, if not empty, Opsgenie output is enabled
# apikey: "" # Opsgenie API Key, if not empty, Opsgenie output is enabled
region: "eu" # (us|eu) region of your domain
# minimumpriority: "" # minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" (default)

Expand Down
35 changes: 35 additions & 0 deletions docs/outputs/EXAMPLE.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
# Output Name

- **Category**: Category of the output
- **Website**: URL of the output

## Table of content

- [Output Name](#output-name)
- [Table of content](#table-of-content)
- [Configuration](#configuration)
- [Example of config.yaml](#example-of-configyaml)
- [Additional info](#additional-info)
- [Screenshots](#screenshots)

## Configuration

| Setting | Env var | Default value | Description |
| ------- | ------- | ------------- | ----------- |
| | | | |
| | | | |
| | | | |

> **Note**
The Env var values override the settings from yaml file.

## Example of config.yaml

```yaml
output:
setting: ""
```

## Additional info

## Screenshots
52 changes: 52 additions & 0 deletions docs/outputs/alertmanager.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
# AlertManager

- **Category**: Alerting
- **Website**: https://github.com/prometheus/alertmanager

## Table of content

- [AlertManager](#alertmanager)
- [Table of content](#table-of-content)
- [Configuration](#configuration)
- [Example of config.yaml](#example-of-configyaml)
- [Screenshots](#screenshots)

## Configuration

| Setting | Env var | Default value | Description |
| --------------------------------------- | --------------------------------------- | -------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `alertmanager.hostport` | `ALERTMANAGER_HOSTPORT` | | http://{domain or ip}:{port}, if not empty, Alertmanager output is **enabled** |
| `alertmanager.mutualtls` | `ALERTMANAGER_MUTUALTLS` | `false` | Authenticate to the output with TLS, if true, checkcert flag will be ignored (server cert will always be checked) |
| `alertmanager.checkcert` | `ALERTMANAGER_CHECKCERT` | `true` | check if ssl certificate of the output is valid |
| `alertmanager.endpoint` | `ALERTMANAGER_ENDPOINT` | `/api/v1/alerts` | Alertmanager endpoint for posting alerts `/api/v1/alerts` or `/api/v2/alerts` |
| `alertmanager.expiresafter` | `ALERTMANAGER_EXPIRESAFTER` | `0` | If set to a non-zero value, alert expires after that time in seconds |
| `alertmanager.extralabels` | `ALERTMANAGER_EXTRALABELS` | | Comma separated list of labels composed of a ':' separated name and value that is added to the Alerts. Example: `my_annotation_1:my_value_1, my_annotation_1:my_value_2` |
| `alertmanager.extraannotations` | `ALERTMANAGER_EXTRAANNOTATIONS` | | Comma separated list of annotations composed of a ':' separated name and value that is added to the Alerts Example: `debug:value_1,critical:value2` |
| `alertmanager.customseveritymap` | `ALERTMANAGER_CUSTOMSEVERITYMAP` | | Comma separated list of tuple composed of a ':' separated Falco priority and Alertmanager severity that is used to override the severity label associated to the priority level of falco event. Example: `debug:value_1,critical:value2` |
| `alertmanager.dropeventdefaultpriority` | `ALERTMANAGER_DROPEVENTDEFAULTPRIORITY` | `critical` | Default priority of dropped events, values are `emergency,alert,critical,error,warning,notice,informational,debug` |
| `alertmanager.dropeventthresholds` | `ALERTMANAGER_DROPEVENTTHRESHOLDS` | `10000:critical, 1000:critical, 100:critical, 10:warning, 1:warning` | Comma separated list of priority re-evaluation thresholds of dropped events composed of a ':' separated integer threshold and string priority. Example: `10000:critical, 100:warning, 1:informational` |
| `alertmanager.minimumpriority` | `ALERTMANAGER_MINIMUMPRIORITY` | `""` (= `debug`) | Minimum priority of event for using this output, order is `emergency,alert,critical,error,warning,notice,informational,debug or ""` |

> **Note**
The Env var values override the settings from yaml file.

## Example of config.yaml

```yaml
alertmanager:
hostport: "" # http://{domain or ip}:{port}, if not empty, Alertmanager output is enabled
# mutualtls: false # if true, checkcert flag will be ignored (server cert will always be checked)
# checkcert: true # check if ssl certificate of the output is valid (default: true)
# endpoint: "" # alertmanager endpoint for posting alerts: "/api/v1/alerts" or "/api/v2/alerts" (default: "/api/v1/alerts")
# expiresafter: "" if set to a non-zero value, alert expires after that time in seconds (default: 0)
# extralabels: "" # comma separated list of labels composed of a ':' separated name and value that is added to the Alerts. Example: my_label_1:my_value_1, my_label_1:my_value_2
# extraannotations: "" # comma separated list of annotations composed of a ':' separated name and value that is added to the Alerts. Example: my_annotation_1:my_value_1, my_annotation_1:my_value_2
# customseveritymap: "" # comma separated list of tuple composed of a ':' separated Falco priority and Alertmanager severity that is used to override the severity label associated to the priority level of falco event. Example: debug:value_1,critical:value2. Default mapping: emergency:critical,alert:critical,critical:critical,error:warning,warning:warning,notice:information,informational:information,debug:information. (default: "")
# dropeventdefaultpriority: "" # default priority of dropped events, values are emergency|alert|critical|error|warning|notice|informational|debug (default: "critical")
# dropeventthresholds: # comma separated list of priority re-evaluation thresholds of dropped events composed of a ':' separated integer threshold and string priority. Example: `10000:critical, 100:warning, 1:informational` (default: `"10000:critical, 1000:critical, 100:critical, 10:warning, 1:warning"`)
# minimumpriority: "" # minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" (default)
```

## Screenshots

![alertmanager example](images/alertmanager.png)
76 changes: 76 additions & 0 deletions docs/outputs/aws_cloudwatch_logs.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
# AWS Cloudwatch Logs

- **Category**: Logs
- **Website**: https://aws.amazon.com/cloudwatch/features/

## Table of content

- [AWS Cloudwatch Logs](#aws-cloudwatch-logs)
- [Table of content](#table-of-content)
- [Configuration](#configuration)
- [Example of config.yaml](#example-of-configyaml)
- [Additional info](#additional-info)
- [CloudWatch Logs Sample IAM Policy](#cloudwatch-logs-sample-iam-policy)
- [Screenshots](#screenshots)

## Configuration

| Setting | Env var | Default value | Description |
| ------------------------------------ | ------------------------------------ | ---------------- | ----------------------------------------------------------------------------------------------------------------------------------- |
| `aws.accesskeyid` | `AWS_ACCESSKEYID` | | AWS access key (optional if you use EC2 Instance Profile) |
| `aws.secretaccesskey` | `AWS_SECRETACCESSKEY` | | AWS secret access key (optional if you use EC2 Instance Profile) |
| `aws.region` | `AWS_REGION` | | AWS region (by default, the metadata are used to get it) |
| `aws.rolearn` | `AWS_ROLEARN` | | AWS role to assume (optional if you use EC2 Instance Profile) |
| `aws.externalid` | `AWS_EXTERNALID` | | External id for the role to assume (optional if you use EC2 Instance Profile) |
| `aws.checkidentity` | `AWS_CHECKIDENTITY` | `true` | Check the identity credentials, set to false for locale developments |
| `aws.cloudwatchlogs.loggroup` | `AWS_CLOUDWATCHLOGS_LOGGROUP` | | AWS CloudWatch Logs Group name, if not empty, CloudWatch Logs output is **enabled** |
| `aws.cloudwatchlogs.logstream` | `AWS_CLOUDWATCHLOGS_LOGSTREAM` | | AWS CloudWatch Logs Stream name, if empty, Falcosidekick will try to create a log stream |
| `aws.cloudwatchlogs.minimumpriority` | `AWS_CLOUDWATCHLOGS_MINIMUMPRIORITY` | `""` (= `debug`) | Minimum priority of event for using this output, order is `emergency,alert,critical,error,warning,notice,informational,debug or ""` |


> **Note**
The Env var values override the settings from yaml file.

## Example of config.yaml

```yaml
aws:
# accesskeyid: "" # aws access key (optional if you use EC2 Instance Profile)
# secretaccesskey: "" # aws secret access key (optional if you use EC2 Instance Profile)
# region : "" # aws region (by default, the metadata are used to get it)
# rolearn: "" # aws role to assume (optional if you use EC2 Instance Profile)
# externalid: "" # external id for the role to assume (optional if you use EC2 Instance Profile)
# checkidentity: true # check the identity credentials, set to false for locale developments (default: true)
cloudwatchlogs:
loggroup : "" # AWS CloudWatch Logs Group name, if not empty, CloudWatch Logs output is enabled
logstream : "" # AWS CloudWatch Logs Stream name, if empty, Falcosidekick will try to create a log stream
# minimumpriority: "" # minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" (default)
```

## Additional info

> **Note**
When using this AWS output you will need to set the AWS keys or role with some permissions.

### CloudWatch Logs Sample IAM Policy

```json
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "cloudwacthlogs",
"Effect": "Allow",
"Action": [
"logs:CreateLogStream",
"logs:DescribeLogStreams",
"logs:PutRetentionPolicy",
"logs:PutLogEvents"
],
"Resource": "*"
}
]
}
```

## Screenshots
51 changes: 51 additions & 0 deletions docs/outputs/aws_kinesis.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
# AWS Kinesis

- **Category**: Message Queue / Streaming
- **Website**: https://aws.amazon.com/kinesis/

## Table of content

- [AWS Kinesis](#aws-kinesis)
- [Table of content](#table-of-content)
- [Configuration](#configuration)
- [Example of config.yaml](#example-of-configyaml)
- [Additional info](#additional-info)
- [Screenshots](#screenshots)

## Configuration

| Setting | Env var | Default value | Description |
| ----------------------------- | ----------------------------- | ---------------- | ----------------------------------------------------------------------------------------------------------------------------------- |
| `aws.accesskeyid` | `AWS_ACCESSKEYID` | | AWS access key (optional if you use EC2 Instance Profile) |
| `aws.secretaccesskey` | `AWS_SECRETACCESSKEY` | | AWS secret access key (optional if you use EC2 Instance Profile) |
| `aws.region` | `AWS_REGION` | | AWS region (by default, the metadata are used to get it) |
| `aws.rolearn` | `AWS_ROLEARN` | | AWS role to assume (optional if you use EC2 Instance Profile) |
| `aws.externalid` | `AWS_EXTERNALID` | | External id for the role to assume (optional if you use EC2 Instance Profile) |
| `aws.checkidentity` | `AWS_CHECKIDENTITY` | `true` | Check the identity credentials, set to false for locale developments |
| `aws.kinesis.streamname` | `AWS_KINESIS_STREAMNAME` | | AWS Kinesis Stream Name, if not empty, Kinesis output is **enabled** |
| `aws.kinesis.minimumpriority` | `AWS_KINESIS_MINIMUMPRIORITY` | `""` (= `debug`) | Minimum priority of event for using this output, order is `emergency,alert,critical,error,warning,notice,informational,debug or ""` |

> **Note**
The Env var values override the settings from yaml file.

## Example of config.yaml

```yaml
aws:
# accesskeyid: "" # aws access key (optional if you use EC2 Instance Profile)
# secretaccesskey: "" # aws secret access key (optional if you use EC2 Instance Profile)
# region : "" # aws region (by default, the metadata are used to get it)
# rolearn: "" # aws role to assume (optional if you use EC2 Instance Profile)
# externalid: "" # external id for the role to assume (optional if you use EC2 Instance Profile)
# checkidentity: true # check the identity credentials, set to false for locale developments (default: true)
kinesis:
streamname: "" # AWS Kinesis Stream Name, if not empty, Kinesis output is enabled
# minimumpriority: "" # minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" (default)
```

## Additional info

> **Note**
When using this AWS output you will need to set the AWS keys or role with some permissions.

## Screenshots
Loading