Spartan-65

I tried to insert the log at this location ```c if(pe->ts < min_ts) { printf("pe->len: %u, dev->m_sn_len: %u dev->m_lastreadsize: %u\n", pe->len, dev->m_sn_len, dev->m_lastreadsize); /* if the event length is greater...

deepflow ebpf map info ```bash bpftool map 1: hash name calico_failsafe flags 0x1 key 4B value 1B max_entries 65535 memlock 5246976B 36: hash name __active_read_a flags 0x0 key 8B value...

> I've seen you are using `0.36.2` with the kernel module, I'm not able to reproduce this issue [falcosecurity/libs#1359](https://github.com/falcosecurity/libs/issues/1359) with Falco `0.36.2` can you confirm this? @Andreagit97 It's not the...

- 添加x86版本的Dockerfile - 添加docker 运行机器人使用教程

@yinjiping 谢谢，我编译测试一下看有没有问题了

> 我执行`bpftool prog`命令看到了这些bpf程序，想要请教 """61: perf_event name bpf_perf_event tag 42b497adb6d498f9 gpl"""这个程序是怎么挂载的呢？作用是什么？因为最近碰到一个perf event ringbuf 内存访问错误的问题 > > ```shell > # bpftool prog > 4: kprobe name runtime_execute tag 90d70e4151b22e21 gpl > loaded_at...

@yinjiping falco 使用的也是 BPF_MAP_TYPE_PERF_EVENT_ARRAY，使用方式基本上是一样的，但是falco不会有这个bpf prog，perf event机制应该是内核实现的，不用加载perf_event的bpf prog。意思是perf event 的bpf 程序是bcc加载的？ perf_event_fd: https://github.com/falcosecurity/libs/blob/master/userspace/libscap/engine/bpf/scap_bpf.c#L1607 mmap映射: https://github.com/falcosecurity/libs/blob/master/userspace/libscap/engine/bpf/scap_bpf.c#L1629 环形队列 error的位置: https://github.com/falcosecurity/libs/blob/master/userspace/libscap/ringbuffer/ringbuffer.h#L272 在error的位置部分打印信息 ```bash pe->len: 2896438784, pe->type: 35682, pe->nparams:12528, dev->m_sn_len: 20696 dev->m_lastreadsize: 57118428 Syscall event...

@yinjiping 目前看是的，有deepflow的节点falco就会出错 ```bash uname -a Linux bclinux-test 4.19.25-204.el7.bclinux.x86_64 #1 SMP Wed Dec 23 15:41:17 CST 2020 x86_64 x86_64 x86_64 GNU/Linux ``` 可以单点部署falco ebpf模式测试 ```bash docker run --pull=always -i -t --rm...

> ei @Spartan-65 I'm sorry for that! Do you mind testing the latest Falco version https://github.com/falcosecurity/falco/releases/tag/0.35.1? Just to see if the issue is still here Sorry, operations engineers are not...