Julien
Julien
so for rules, test option probably works. will review. for config, it does not "error: unexpected argument '-c' found". would expect a `kunai validate -c /path/to/config.yaml`
Example where error message could be better: ``` /usr/bin/kunai run -c /etc/kunai/config.yaml Error: mapping values are not allowed in this context at line 43 column 42 [...] 40 read: 41...
ok for deserialization. summary is good. per above, 1 is already possible, 2 nok but quick fix, 3 seems the only one missing. just a run initialization/check and quit after...
it seems the test rules is only for detection, it does not test the filters which would be nice to debug complex filters
On management side, that was definitely a coming question :) On logs, I would prefer to stay agnostic and allow a central management server and/or a logging/SIEM system. Most of...
In the full paranoid mode, I like kunai not doing any networking and leave logs shipping to another tool :) Behavior seems more like a proxy and a single point...
Yes, good if using local journald (or syslog) do remote shipping too and likely the easier one to implement.
Yes, that works that way (requires buffered false too). For now as I filter on parseable json for my upstream log collection, no immediate issue but yes, better to get...
sure. need to clean stuff. short version is: kunai > opentelemetry-collector-contrib > openobserve
two simpler options than acl would be * option to customize log user/group * option to disable log rotation to use other tools like logrotate I checked workaround with inotifywait,...