Add an option to output results as logs (preferably in a structured format like json) #77
Open
Description
Version
0.0.12
Linux Version
5.15.x
Is your feature request related to a problem? Please describe.
No response
Describe the solution you'd like
Much like Sysdig's Falco, it would be useful, for security instrumentation to format the output as json events, such as:
{"time":"2022-06-11T09:53:40.734542-0700","bpf":"opensnoop.o","event":"/proc/123/env"}
Then this output can be piped to fluentd or else.
Additionally, for instrumentation in general, event sampling (at the source) might also be valuable, i.e.:
define rate: -r 0.50 will drop every other log event.
this might be useful if you only want a sample of logs, i.e. if instrumenting TCP payloads, one could only care about the "ratio" of SYN packets over SYN+ACK.
Describe alternatives you've considered
No response
Additional Context
No response
Metadata
Assignees
Labels
No labels