From b2374b3c196cafb1bc2c2dce3b92b2d6db7af371 Mon Sep 17 00:00:00 2001 From: Leonardo Grasso Date: Mon, 4 Sep 2023 17:14:28 +0200 Subject: [PATCH] fix(userspace/falco): apply suggestions for CLI help messages Co-authored-by: Melissa Kilby Signed-off-by: Leonardo Grasso --- userspace/falco/app/options.cpp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/userspace/falco/app/options.cpp b/userspace/falco/app/options.cpp index 3e2fab3fa5e..f76a60fa706 100644 --- a/userspace/falco/app/options.cpp +++ b/userspace/falco/app/options.cpp @@ -181,11 +181,11 @@ void options::define(cxxopts::Options& opts) ("cri", "Path to CRI socket for container metadata. Use the specified to fetch data from a CRI-compatible runtime. If not specified, built-in defaults for commonly known paths are used. This option can be passed multiple times to specify a list of sockets to be tried until a successful one is found.", cxxopts::value(cri_socket_paths), "") ("disable-cri-async", "Turn off asynchronous CRI metadata fetching. This is useful to let the input event wait for the container metadata fetch to finish before moving forward. Async fetching, in some environments leads to empty fields for container metadata when the fetch is not fast enough to be completed asynchronously. This can have a performance penalty on your environment depending on the number of containers and the frequency at which they are created/started/stopped.", cxxopts::value(disable_cri_async)->default_value("false")) #endif - ("disable-source", "Turn off a specific . By default, all loaded sources get enabled. Available sources are 'syscall' plus all sources defined by loaded plugins supporting the event sourcing capability. This option can be passed multiple times, but turning off all event sources simultaneously is permitted. This option can not be mixed with --enable-source. This option has no effect when reproducing events from a capture file.", cxxopts::value(disable_sources), "") + ("disable-source", "Turn off a specific . By default, all loaded sources get enabled. Available sources are 'syscall' plus all sources defined by loaded plugins supporting the event sourcing capability. This option can be passed multiple times, but turning off all event sources simultaneously is not permitted. This option can not be mixed with --enable-source. This option has no effect when reproducing events from a capture file.", cxxopts::value(disable_sources), "") ("dry-run", "Run Falco without processing events. It can help check that the configuration and rules do not have any errors.", cxxopts::value(dry_run)->default_value("false")) ("D", "Turn off any rules with names having the substring . This option can be passed multiple times. It cannot be mixed with -t.", cxxopts::value(disabled_rule_substrings), "") ("e", "Reproduce the events by reading from the given instead of opening a live session. Only capture files in .scap format are supported.", cxxopts::value(trace_filename), "") - ("enable-source", "Enable a specific . By default, all loaded sources get enabled. Available sources are 'syscall' plus all sources defined by loaded plugins supporting the event sourcing capability. This option can be passed multiple times. If used, only the selected event sources are loaded, and others get turned off. This option can not be mixed with --disable-source. This option has no effect when reproducing events from a capture file.", cxxopts::value(enable_sources), "") + ("enable-source", "Enable a specific . By default, all loaded sources get enabled. Available sources are 'syscall' plus all sources defined by loaded plugins supporting the event sourcing capability. This option can be passed multiple times. When using this option, only the event sources specified by it will be enabled. This option can not be mixed with --disable-source. This option has no effect when reproducing events from a capture file.", cxxopts::value(enable_sources), "") #ifdef HAS_GVISOR ("g,gvisor-config", "Collect 'syscall' events from gVisor using the specified file. A Falco-compatible configuration file can be generated with --gvisor-generate-config and utilized for both runsc and Falco.", cxxopts::value(gvisor_config), "") ("gvisor-generate-config", "Generate a configuration file that can be used for gVisor and exit. See --gvisor-config for more details.", cxxopts::value(gvisor_generate_config_with_socket)->implicit_value("/run/falco/gvisor.sock"), "") @@ -217,7 +217,7 @@ void options::define(cxxopts::Options& opts) ("S,snaplen", "Collect only the first bytes of each I/O buffer for 'syscall' events. By default, the first 80 bytes are collected by the driver and sent to the user space for processing. Use this option with caution since it can have a strong performance impact.", cxxopts::value(snaplen)->default_value("0"), "") ("support", "Print support information, including version, rules files used, loaded configuration, etc., and exit. The output is in JSON format.", cxxopts::value(print_support)->default_value("false")) ("T", "Turn off any rules with a tag=. This option can be passed multiple times. This option can not be mixed with -t.", cxxopts::value>(), "") - ("t", "Only enable those rules with a tag= and turn off others. This option can be passed multiple times. This option can not be mixed with -T/-D.", cxxopts::value>(), "") + ("t", "Only enable those rules with a tag=. This option can be passed multiple times. This option can not be mixed with -T/-D.", cxxopts::value>(), "") ("U,unbuffered", "Turn off output buffering for configured outputs. This causes every single line emitted by Falco to be flushed, which generates higher CPU usage but is useful when piping those outputs into another process or a script.", cxxopts::value(unbuffered_outputs)->default_value("false")) #if !defined(_WIN32) && !defined(__EMSCRIPTEN__) && !defined(MINIMAL_BUILD) ("u,userspace", "[DEPRECATED: this option will be removed in Falco 0.37] Use a userspace driver to collect 'syscall' events. To be used in conjunction with the ptrace(2) based driver (pdig).", cxxopts::value(userspace)->default_value("false"))