Falco Go Client
Go client and SDK for Falco
Install
go get -u github.com/falcosecurity/client-goUsage
Client creation
package main
imports(
"github.com/falcosecurity/client-go/pkg/client"
)
func main() {
c, err := client.NewForConfig(&client.Config{
Hostname: "localhost",
Port: 5060,
CertFile: "/tmp/client.crt",
KeyFile: "/tmp/client.key",
CARootFile: "/tmp/ca.crt",
})
}Falco outputs API
outputClient, err := c.Output()
if err != nil {
log.Fatalf("unable to obtain an output client: %v", err)
}
ctx := context.Background()
// Keepalive true means that the client will wait indefinitely for new events to come
// Use keepalive false if you only want to receive the accumulated events and stop
fcs, err := outputClient.Subscribe(ctx, &output.Request{Keepalive: true})
if err != nil {
log.Fatalf("could not subscribe: %v", err)
}
for {
res, err := fcs.Recv()
if err == io.EOF {
break
}
if err != nil {
log.Fatalf("error closing stream after EOF: %v", err)
}
fmt.Printf("rule: %s\n", res.Rule)
}Falco version API
// Set up a connection to the server.
c, err := client.NewForConfig(&client.Config{
Hostname: "localhost",
Port: 5060,
CertFile: "/tmp/client.crt",
KeyFile: "/tmp/client.key",
CARootFile: "/tmp/ca.crt",
})
if err != nil {
log.Fatalf("unable to create a Falco client: %v", err)
}
defer c.Close()
versionClient, err := c.Version()
if err != nil {
log.Fatalf("unable to obtain a version client: %v", err)
}
ctx := context.Background()
res, err := versionClient.Version(ctx, &version.Request{})
if err != nil {
log.Fatalf("error obtaining the Falco version: %v", err)
}
fmt.Printf("%v\n", res)Full Examples
Update protos
Perform the following edits to the Makefile:
- Update the
PROTOSarray with the destination path of the.protofile. - Update the
PROTO_URLSarray with the URL from which to download it. - Update thr
PROTO_SHASarray with the SHA256 sum of the file to download. - Execute the following commands:
make clean
make protos