Closed ajinkya1986 closed 1 year ago
Hello,
Few months ago, we introduced the plugins to extend the number of inputs for Falco. We already prepared a plugin to replace the current implementation for audit logs and the plugins for managed k8s will follow in next weeks.
Hi , I am working with falco-1.19.0, once I have enabled k8saudit plugin , i see below error and i do not see this plugin is available with version mentioned in drivers folder. can someone upload file
`[SUCCESS] Cleaning phase correctly terminated.
================ Cleaning phase ================
I'm getting the following error when I try to enable auditlog
2022-06-13T19:32:30.575962573Z
# In a local/user rules file, you could override this macro to # explicitly enumerate the container images that you want to run in # your environment. In this main falco rules file, there isn't any way # to know all the containers that can run, so any container is # allowed, by using the always_true macro. In the overridden macro, the condition # would look something like (ka.req.pod.containers.image.repository in (my-repo/my-image))
@eric-engberg Can you add your configurations (i.e. values.yaml) when you enable audit logs?
@eric-engberg I run in the same issue. The problem was solved, after I enabled the json plugin too.
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close
.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle stale
Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten
.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close
.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle rotten
Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen
.
Mark the issue as fresh with /remove-lifecycle rotten
.
Provide feedback via https://github.com/falcosecurity/community. /close
@poiana: Closing this issue.
Motivation
To enable kubernetes audit events in Cloud Environments
Feature
How do we enable kubernetes audit events in Cloud like AWS,Azure and GCP.