Announcing Falco 0.3.0
- Reordering a rule condition’s operators to put likely-to-fail operators at the beginning and expensive operators at the end. This allows rules to shortcut early when they don’t match.
- Adding the ability to perform x in (a, b, c, ...) as a single set membership test instead of individual comparisons between x=a, x=b, etc.
- Avoid unnecessary string manipulations.
- Using startswith as a string comparison operator when possible.
- Use is_open_read/is_open_write when possible instead of searching through open flags.
- Group rules by event type, which allows for an initial filter using event type before going through each rule’s condition.
- Phoronix‘s pts/apache and pts/dbench tests.
- Sysdig Cloud Kubernetes Demo: Starts a kubernetes environment using docker with apache and wordpress instances + synthetic workloads.
- Juttle-engine examples: Several elasticsearch, node.js, logstash, mysql, postgres, influxdb instances run under docker-compose.
|Workload||0.2.0 CPU Usage||0.3.0 CPU Usage|
|Kubernetes-Demo (During Teardown)||15%||3%|
- Add a new output type "program" that writes a formatted event to a configurable program. Each notification results in one invocation of the program. A common use of this output type would be to send an email for every falco notification.
- Add the ability to run falco on all events, including events that are flagged with EF_DROP_FALCO. EF_DROP_FALCO events are high-volume, low-value events that are ignored by default to improve performance.
The release is available via the usual channels–rpm/debian packages, docker hub, github.
Finally, if you want the complete story on Falco, head over to the website and read all about it.
Let us know if you have any issues, and enjoy!
Btw, we are running a webinar discussing the challenges of troubleshooting issues and errors in Docker containers and Kubernetes, like pods in CrashLoopBackOff, join this session and learn:
- How to gain visibility into Docker containers with Sysdig open source and Sysdig Inspect.
- Demo: troubleshoot a 502 Bad Gateway error on containerized app with HAproxy.
- Demo: troubleshoot a web application that mysteriously dies after some time.
- Demo: Nginx Kubernetes pod goes into CrashLoopBackOff, what's you can do? Will show you how to find the error without SSHin into production servers.
Start Your Free Trial Today