From 8a697502b99042c1403d67a1721cde1033b29055 Mon Sep 17 00:00:00 2001 From: Melissa Kilby Date: Tue, 16 Jan 2024 16:14:22 +0000 Subject: [PATCH] update!(config): add deprecation notice for syscall_event_drops Signed-off-by: Melissa Kilby --- falco.yaml | 4 ++-- userspace/falco/app/actions/load_config.cpp | 6 ++++++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/falco.yaml b/falco.yaml index a94aae35799..7ff645be557 100644 --- a/falco.yaml +++ b/falco.yaml @@ -61,7 +61,7 @@ # Falco logging / alerting / metrics related to software functioning (advanced) # output_timeout # syscall_event_timeouts -# syscall_event_drops +# syscall_event_drops [DEPRECATED] -> Use `metrics` instead, `syscall_event_drops` will be removed in Falco 0.38! # metrics # Falco performance tuning (advanced) # syscall_buf_size_preset [DEPRECATED] -> Replaced by `engine..buf_size_preset` starting Falco 0.38! @@ -793,7 +793,7 @@ output_timeout: 2000 syscall_event_timeouts: max_consecutives: 1000 -# [Stable] `syscall_event_drops` +# [Stable] `syscall_event_drops` -> Use `metrics` instead, `syscall_event_drops` will be removed in Falco 0.38! # # Generates "Falco internal: syscall event drop" rule output when `priority=debug` at minimum # diff --git a/userspace/falco/app/actions/load_config.cpp b/userspace/falco/app/actions/load_config.cpp index 8dac82f5bd2..b34cb0e2c30 100644 --- a/userspace/falco/app/actions/load_config.cpp +++ b/userspace/falco/app/actions/load_config.cpp @@ -41,6 +41,12 @@ static falco::app::run_result apply_deprecated_options(falco::app::state& s) return run_result::fatal("You can not specify more than one of -e, -g (--gvisor-config), --modern-bpf, --nodriver, and the FALCO_BPF_PROBE env var"); } + if(s.config->m_min_priority == falco_common::PRIORITY_DEBUG) + { + falco_logger::log(falco_logger::level::WARNING, + "DEPRECATION NOTICE: 'syscall_event_drops' config is deprecated and will be removed in Falco 0.38! Use 'metrics' config instead. Note that the 'syscall_event_drops' config is enabled by default when the 'priority' is set to 'debug'. You can turn it off by setting the 'priority' to any higher level\n"); + } + // Please note: is not possible to mix command line options and configs to obtain a configuration // we need to use only one method. For example, is not possible to set the gvisor-config through // the command line and the gvisor-root through the config file. For this reason, if we detect