K3S-HOME/security
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

FEAT(falco): add loki output to falcosidekick

Browse Source 
- Send Falco events directly to Loki
- Enables viewing detailed events in Grafana with all fields
- Same data as Falco UI but queryable in Grafana
This commit is contained in:
Mayne0213
2026-01-04 13:06:23 +09:00
parent 76c5fd8343
commit c66801a166
1 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
falco/helm-values.yaml
View File

@@ -35,6 +35,10 @@ falco:
# Performance tuning # Performance tuning
buffered_outputs: true buffered_outputs: true
# Rate limiting - reduce duplicate alerts
outputs_rate: 1 # Max 1 alert per second per rule
outputs_max_burst: 10 # Allow burst of 10 alerts
# Rules configuration # Rules configuration
rules_files: rules_files:
- /etc/falco/falco_rules.yaml - /etc/falco/falco_rules.yaml
@@ -130,6 +134,12 @@ falcosidekick:
# Output to stdout/logs # Output to stdout/logs
debug: false debug: false
# Loki integration - send events directly to Loki
loki:
hostport: "http://loki.loki.svc.cluster.local:3100"
minimumpriority: "" # Send all priorities
format: "json" # JSON format for easier parsing in Grafana
# Slack integration (optional) # Slack integration (optional)
# slack: # slack:
# webhookurl: "" # webhookurl: ""