-
Notifications
You must be signed in to change notification settings - Fork 895
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[New Feature] Support regex within rules #438
Comments
@harrysx I'm closing this one since no one expressed interest in making this happen. Feel free to continue the discussion or send a PR with this feature regardless, in that case reopen the issue please. |
This would be helpful to have. Could you consider to reopen it? |
@tspearconquest do you have specific use cases in mind? I can reopen this issue for you if you want. My gut feeling is that nobody ever approached the problem for various technical issues:
|
Hi Jason,
RE2 would be perfectly fine for most use cases I can think of; and understood on all of it because the performance hit would probably increase syscall drops.
I can work around not having regex, it just would be easier to be more specific with rules.
For example, I want to have rules that are more specific than what glob matching allows. I can't specify `([0-9]{1,2}.){2}([0-9{1,2})` in glob, to match version numbers, using ? to match doesn't let me get specific enough, and I try to avoid * usage because it's too greedy.
|
Let's keep this open just so that's visible to other community members as well. However, I don't want to set any expectation about bringing this feature to mainline before having measured the performance tradeoffs. /reopen |
@jasondellaluce: Reopened this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Issues go stale after 90d of inactivity. Mark the issue as fresh with Stale issues rot after an additional 30d of inactivity and eventually close. If this issue is safe to close now please do so with Provide feedback via https://github.com/falcosecurity/community. /lifecycle stale |
/remove-lifecycle stale |
regex match pods name of daemonset or statefulset maybe very useful |
Issues go stale after 90d of inactivity. Mark the issue as fresh with Stale issues rot after an additional 30d of inactivity and eventually close. If this issue is safe to close now please do so with Provide feedback via https://github.com/falcosecurity/community. /lifecycle stale |
/remove-lifecycle stale |
Issues go stale after 90d of inactivity. Mark the issue as fresh with Stale issues rot after an additional 30d of inactivity and eventually close. If this issue is safe to close now please do so with Provide feedback via https://github.com/falcosecurity/community. /lifecycle stale |
/remove-lifecycle stale |
/assign @jasondellaluce |
Closing this as the feature has been addressed in falcosecurity/libs#1904. Please anyone feel free to reopen this issue in case we haven't reached a satisfactory state. |
Regex support will be useful for matching multiple conditions, for example a single rule to match
/var/log-6456546/1
/var/log-3566456/1
/var/log-5686786/1
Or:
1.1.1.1
1.1.2.1
1.1.3.1
The text was updated successfully, but these errors were encountered: