Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reduce noisiness #1586

Merged
merged 12 commits into from
Mar 22, 2021
Merged

Reduce noisiness #1586

merged 12 commits into from
Mar 22, 2021

Conversation

leodido
Copy link
Member

@leodido leodido commented Mar 22, 2021
edited
Loading

What type of PR is this?

Uncomment one (or more) /kind <> lines:

/kind feature

Any specific area of the project related to this PR?

/area engine

/area tests

What this PR does / why we need it:

Which issue(s) this PR fixes:

NONE

Special notes for your reviewer:

Need to update the falco-tester container image.

Does this PR introduce a user-facing change?:

new: introduce a new configuration field `syscall_event_drops.threshold` to tune the drop noisiness
fix: ignore action can not be used with log and alert ones (`syscall_event_drops` config)
update: lower the `syscall_event_drops.max_burst` default value to 1

leodido added 10 commits March 19, 2021 12:43
@leodido
update: reduce the max burst of event drops
5fb3cc3 
This also introduces a threshold configurable value.

Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
@leodido
update(userspace/falco): grab the threshold configuration value + do …
a19ddd7 
…not allow the ignore action to work with any other except the exit one

Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
@leodido
refactor(userspace/falco): refactor the enum of drop actions into an …
db1cade 
…enum class

Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
@leodido
update(userspace/falco): reduce noisiness
95e06b6 
The threshold governs the noisiness of the drops.

Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
@leodido
update(userspace/falco): pass to sdropmgr the threshold
33ef6a0 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
@leodido
new(test): test case about illogical drop actions
f0f4bb5 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
@leodido
fix(userspace/falco): n_evts does not containd the dropped events count
b68a173 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
@leodido
fix(userspace/falco): validate the drop threshold config value
7e2aa26 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
@leodido
update(userspace/falco): drop messages are DEBUG level
1ee6c39 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
@leodido
new(test): test cases about wrong threshold drop config value
c200100 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
@poiana poiana requested review from krisnova and leogr March 22, 2021 08:29
@poiana poiana added the size/L label Mar 22, 2021
@leodido leodido changed the title Reduce noisiness wip: Reduce noisiness Mar 22, 2021
leodido and others added 2 commits March 22, 2021 13:50
@leodido @leogr
fix(test/confs): drop log messages are debug, fix the test fixture ac…
d88428a 
…cordingly

Co-authored-by: Leonardo Grasso <me@leonardograsso.com>
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
@leodido
update(test): tighten the condition to test the drops thresholds
fcdf4f6 
Signed-off-by: Leonardo Di Donato <leodidonato@gmail.com>
@leodido
Copy link
Member Author

leodido commented Mar 22, 2021

/cc @fntlnz

@poiana poiana requested a review from fntlnz March 22, 2021 13:56
leogr
leogr approved these changes Mar 22, 2021
View reviewed changes
Copy link
Member

@leogr leogr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@poiana poiana added the lgtm label Mar 22, 2021
@poiana
Copy link
Contributor

poiana commented Mar 22, 2021

LGTM label has been added.

Git tree hash: 82acdd48f4c7ffd1c7169b20801c86430b6b3306

@leogr leogr added this to the 0.28.0 milestone Mar 22, 2021
@poiana
Copy link
Contributor

poiana commented Mar 22, 2021

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: fntlnz, leogr

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@leodido leodido changed the title wip: Reduce noisiness Reduce noisiness Mar 22, 2021
@poiana poiana merged commit 1ded30f into master Mar 22, 2021
@poiana poiana deleted the update/drop-noisiness branch March 22, 2021 18:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fntlnz fntlnz fntlnz approved these changes

@leogr leogr leogr approved these changes

@krisnova krisnova Awaiting requested review from krisnova

Assignees

@fntlnz fntlnz

@leogr leogr

Labels
approved area/engine area/tests dco-signoff: yes kind/feature lgtm release-note size/L
Projects
None yet
Milestone
0.28.0
Development

Successfully merging this pull request may close these issues.
4 participants
@leodido @poiana @fntlnz @leogr