Melissa Kilby

Started the plugin dev, should have a wip up next week and directly noticed we typically prefix the `.so` output with `lib`, plus simply `anomalydetection` would be less ambiguous and...

Please note that this PR has been open for 8 months now without receiving any review whatsoever. It even appears unprecedented to back up such an important proposal through public...

@epcim would you be in a position to re-run some test with eBPF and libbpf stats kernel setting enabled with Falco's new experimental [native metrics](https://github.com/falcosecurity/falco/blob/e7534d945523192efcd7f72ae148b27744254e40/falco.yaml#L602)? Asking because I would be...

In addition @epcim could we get more information around the cgroups version on these machines? Memory counting in the kernel can in many cases be just wrong. For example see...

Just out of curiosity this particular host is running kernel cgroups v1 or cgroups v2? Thank you! We will investigate the cgroups related memory metrics the OOM killer uses more,...

Hi @emilgelman thanks this is great news you have cgroups v2. By the way we now also have the `base_syscalls` config in `falco.yaml` for radical syscalls monitoring control, check it...

Simulated a noisy Falco config on my developer Linux box. Enabling most supported syscalls was sufficient to simulate memory issues: ``` - rule: test desc: test condition: evt.type!=close enabled: true...

Thanks @leogr all of the above is true. And for everyone reading this, unbounded queues can be a good choice and more efficient anyways if you have other controls prior....

I opened the PR to expose the configs to set a custom capacity.

Perfect, yes I would suggest to first try the option of being able to set a queue capacity and after test deployments we shall see if there are other issues...