Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Run rules by priority #281

Merged
merged 2 commits into from
Oct 6, 2017
Merged

Run rules by priority #281

merged 2 commits into from
Oct 6, 2017

Conversation

mstemm
Copy link
Contributor

@mstemm mstemm commented Oct 6, 2017
edited
Loading

Add ability to only run rules with a minimum priority.

This fixes #62.

@mstemm mstemm force-pushed the filter-by-severity branch from 4947ba5 to 8fc4726 Compare October 6, 2017 01:06
@mstemm
Add ability to filter events by priority/cleanups
aa07358 
Clean up the handling of priority levels within rules. It used to be a
mix of strings handled in various places. Now, in falco_common.h there's
a consistent type for priority-as-number as well as a list of
priority-as-string values. Priorities are passed around as numbers
instead of strings. It's still permissive about capitalization.

Also add the ability to load rules by severity. New falco
config option "priority=<val>"/-o priority=<val> specifies the minimum
priority level of rules that will be loaded.

Add unit tests for same. The test suppresses INFO notifications for a
rule/trace file combination that would otherwise generate them.
@mstemm mstemm force-pushed the filter-by-severity branch from 3578435 to 502f541 Compare October 6, 2017 01:08
@mstemm
Fully remove falco package.
283c6ee 
In case there are modified config files from a prior install.
@mstemm mstemm force-pushed the filter-by-severity branch from fb080f5 to 283c6ee Compare October 6, 2017 01:28
@mstemm mstemm changed the title Filter by severity Run rules by priority Oct 6, 2017
@mstemm mstemm merged commit dca7686 into dev Oct 6, 2017
@mstemm mstemm deleted the filter-by-severity branch October 6, 2017 16:08
@mstemm mstemm mentioned this pull request Oct 6, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add filtering based on rule severity
1 participant
@mstemm