Skip to content
/ falco-filebeat-daemonset Public

Easily deployable daemonset which moves logs from falco with filebeat.

License

Apache-2.0 license
4 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Popsiclestick/falco-filebeat-daemonset

BranchesTags

Repository files navigation

Falco-filebeat-daemonset

Daemonset configurations to get falco output scraped and sent by filebeat.

This exists to provide a concrete example for getting falco and filebeat working together. I took falcosecurity's example daemonset and added the necessary filebeat components.

Run

Configure the RBAC, Namespace, etc

:; kubectl create -f falco-rbac.yml

Create ConfigMap to store Falco & Filebeat configurations

:; kubectl create configmap --namespace security-system falco-config --from-file=falco-config
:; kubectl create configmap --namespace security-system falcobeat-config --from-file=falcobeat-config

Deploy the daemonset

:; kubectl create -f falco-daemonset-configmap.yml

Verify

Find the pod && Peek the logs

:; kubectl get pods -A
:; kubectl --namespace security-system logs falco-daemonset-${RANDOM} filebeat

Notes

The configurations are examples/templates. You'll want to change the output of your falcobeat.yml as well as tune Falco's rules in falco-config.

About

Easily deployable daemonset which moves logs from falco with filebeat.

Topics

kubernetes security containers filebeat daemonset falco

Resources

Readme

License

Apache-2.0 license
Activity

Stars

4 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published