Skip to content

Add an option to output results as logs (preferably in a structured format like json) #77

Open
@jibanes

Description

Version

0.0.12

Linux Version

5.15.x

Is your feature request related to a problem? Please describe.

No response

Describe the solution you'd like

Much like Sysdig's Falco, it would be useful, for security instrumentation to format the output as json events, such as:
{"time":"2022-06-11T09:53:40.734542-0700","bpf":"opensnoop.o","event":"/proc/123/env"}
Then this output can be piped to fluentd or else.

Additionally, for instrumentation in general, event sampling (at the source) might also be valuable, i.e.:
define rate: -r 0.50 will drop every other log event.
this might be useful if you only want a sample of logs, i.e. if instrumenting TCP payloads, one could only care about the "ratio" of SYN packets over SYN+ACK.

Describe alternatives you've considered

No response

Additional Context

No response

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions