Closed mstemm closed 7 years ago
When the falco engine matches an event to a rule, it returns the rule's name, priority, and output string.
Later, in the outputs module, the output string is prefixed with '*' to ensure that if an event doesn't have a matching value for a given %xxx field, the rest of the values are filled in. See https://github.com/draios/sysdig/wiki/Sysdig-User-Guide#output-formatting for details.
The engine should really just add the '*' prefix itself so the outputs module doesn't have to.
This was fixed in #181, closing.
mstemm
commented
7 years ago mstemm
commented
7 years ago
When the falco engine matches an event to a rule, it returns the rule's name, priority, and output string.
Later, in the outputs module, the output string is prefixed with '*' to ensure that if an event doesn't have a matching value for a given %xxx field, the rest of the values are filled in. See https://github.com/draios/sysdig/wiki/Sysdig-User-Guide#output-formatting for details.
The engine should really just add the '*' prefix itself so the outputs module doesn't have to.