When using program output, can't send to logger

[mstemm]

(Content copied from #99)

ikoniaris commented on Aug 19 • edited
Hi @mstemm, does this really work and how can I debug it?

For example, testing the program_output as so:

program_output:
enabled: true
program: logger -t falco-test
doesn't seem to do anything.

...

ikoniaris commented 2 days ago
I tried with Trusty, same thing. mailx works, logger doesn't. Not sure where the problem lies. Do you think I might be missing some lua-related libraries @mstemm? Is falco self-contained?

---

Falco should be self-contained wrt lua libraries and runtime. Just to be sure, can you attach your falco.yaml file so we can compare configurations?

Other things to check would be that you can run logger by hand to send messages and that logger is in your path, etc.

I think another thing you could try to do is to run sysdig to monitor the actions that falco performs, writing its events to a trace file. Hopefully the trace file will help diagnose the problem. sudo sysdig -w /tmp/falco_logger.scap "proc.name=falco or proc.name=logger" would be a good command line to run.

[mstemm]

I haven't heard back about this, so I'm guessing it's working now? If not, reopen and we'll get your config and try to track down the problem.