Update README env vars

Signed-off-by: Jose Angel Santiago <>

README.md

@@ -211,17 +211,18 @@ loki:
   # minimumpriority: "" # minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" (default)
   # checkcert: true # check if ssl certificate of the output is valid (default: true)
 
-nats:
-  # hostport: "" # nats://{domain or ip}:{port}, if not empty, NATS output is enabled
-  # minimumpriority: "" # minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" (default)
-  # mutualtls: false # if true, checkcert flag will be ignored (server cert will always be checked)
-  # checkcert: true # check if ssl certificate of the output is valid (default: true)
-
 stan:
   # hostport: "" # nats://{domain or ip}:{port}, if not empty, STAN output is enabled
   # clusterid: "" # Cluster name, if not empty, STAN output is enabled
   # clientid: "" # Client ID, if not empty, STAN output is enabled
   # minimumpriority: "" # minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" (default)
+  # mutualtls: false # if true, checkcert flag will be ignored (server cert will always be checked)
+  # checkcert: true # check if ssl certificate of the output is valid (default: true)
+
+nats:
+  # hostport: "" # nats://{domain or ip}:{port}, if not empty, NATS output is enabled
+  # minimumpriority: "" # minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" (default)
+  # mutualtls: false # if true, checkcert flag will be ignored (server cert will always be checked)
   # checkcert: true # check if ssl certificate of the output is valid (default: true)
 
 aws:
@@ -270,7 +271,6 @@ opsgenie:
   # apikey: "2c771471-e2af-4dc6-bd35-e7f6ff479b64" # Opsgenie API Key, if not empty, Opsgenie output is enabled
   region: "eu" # (us|eu) region of your domain
   # minimumpriority: "" # minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" (default)
-  # checkcert: true # check if ssl certificate of the output is valid (default: true)
 
 webhook:
   # address: "" # Webhook address, if not empty, Webhook output is enabled
@@ -281,10 +281,10 @@ webhook:
   # checkcert: true # check if ssl certificate of the output is valid (default: true)
 
 azure:
-  # eventHub:
-  # name: "" # The name of the Hub, if not empty, EventHub output is enabled
-  # namespace: "" # The name of the space the Hub is part of
-  # minimumpriority: "" # minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" (default)
+  eventHub:
+    name: "" # Name of the Hub, if not empty, EventHub is enabled
+    namespace: "" # Name of the space the Hub is in
+    # minimumpriority: "" # minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" (default)
 
 discord:
   webhookurl: "" # discord WebhookURL (ex: https://discord.com/api/webhooks/xxxxxxxxxx...), if not empty, Discord output is enabled
@@ -317,7 +317,6 @@ kafka:
 pagerduty:
   routingKey: "" # Pagerduty Routing Key, if not empty, Pagerduty output is enabled
   minimumpriority: "" # minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" (default)
-  # checkcert: true # check if ssl certificate of the output is valid (default: true)
 
 kubeless:
   function: "" # Name of Kubeless function, if not empty, Kubeless is enabled
@@ -337,6 +336,11 @@ openfaas:
   # minimumpriority: "debug" # minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" (default)
   # checkcert: true # check if ssl certificate of the output is valid (default: true)
 
+rabbitmq:
+  url: "" # Rabbitmq URL, if not empty, Rabbitmq output is enabled
+  queue: "" # Rabbitmq Queue name
+  # minimumpriority: "debug" # minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" (default)
+
 wavefront:
   endpointtype: "direct" # Wavefront endpoint type, must be 'direct' or 'proxy'. If not empty, with endpointhost, Wavefront output is enabled
   endpointhost: "" # Wavefront endpoint address (only the host). If not empty, with endpointhost, Wavefront output is enabled
@@ -376,7 +380,7 @@ care of lower/uppercases**) : `yaml: a.b --> envvar: A_B` :
   (default: false)
 - **CUSTOMFIELDS** : a list of comma separated custom fields to add to falco
   events, syntax is "key:value,key:value"
-  **MUTUALTLSFILESPATH**: path which will be used to stored certs and key for mutual tls authentication
+  **MUTUALTLSFILESPATH**: path which will be used to stored certs and key for mutual tls authentication (default: "/etc/certs")
 - **SLACK_WEBHOOKURL** : Slack Webhook URL (ex:
   https://hooks.slack.com/services/XXXX/YYYY/ZZZZ), if not `empty`, Slack output
   is _enabled_
@@ -392,8 +396,6 @@ care of lower/uppercases**) : `yaml: a.b --> envvar: A_B` :
   displayed in addition to the output from `SLACK_OUTPUTFORMAT`, see
   [Slack Message Formatting](#slack-message-formatting) in the README for
   details. If empty, no Text is displayed before Attachment.
-- **SLACK_CHECKCERT** : check if ssl certificate of the output is valid (default:
-  `true`)
 - **ROCKETCHAT_WEBHOOKURL** : Rocketchat Webhook URL (ex:
   https://XXXX/hooks/YYYY), if not `empty`, Rocketchat output is _enabled_
 - **ROCKETCHAT_ICON** : Rocketchat icon (avatar)
@@ -408,6 +410,8 @@ care of lower/uppercases**) : `yaml: a.b --> envvar: A_B` :
   `ROCKETCHAT_OUTPUTFORMAT`, see
   [Slack Message Formatting](#slack-message-formatting) in the README for
   details. If empty, no Text is displayed before Attachment.
+- **ROCKETCHAT_MUTUALTLS** : enable mutual tls authentication for this output (default:
+  `false`)  
 - **ROCKETCHAT_CHECKCERT** : check if ssl certificate of the output is valid (default:
   `true`)
 - **MATTERMOST_WEBHOOKURL** : Mattermost Webhook URL (ex:
@@ -425,6 +429,8 @@ care of lower/uppercases**) : `yaml: a.b --> envvar: A_B` :
   `MATTERMOST_OUTPUTFORMAT`, see
   [Mattermost Message Formatting](#slack-message-formatting) in the README for
   details. If empty, no Text is displayed before Attachment.
+- **MATTERMOST_MUTUALTLS** : enable mutual tls authentication for this output (default:
+  `false`)  
 - **MATTERMOST_CHECKCERT** : check if ssl certificate of the output is valid (default:
   `true`)
 - **TEAMS_WEBHOOKURL** : Teams Webhook URL (ex:
@@ -436,17 +442,13 @@ care of lower/uppercases**) : `yaml: a.b --> envvar: A_B` :
 - **TEAMS_MINIMUMPRIORITY** : minimum priority of event for using use this
   output, order is
   `emergency|alert|critical|error|warning|notice|informational|debug or "" (default)`
-- **MATTERMOST_CHECKCERT** : check if ssl certificate of the output is valid (default:
-  `true`)
 - **DATADOG_APIKEY** : Datadog API Key, if not `empty`, Datadog output is
   _enabled_
 - **DATADOG_HOST** : Datadog host. Override if you are on the Datadog EU site.
   Defaults to american site with "https://api.datadoghq.com"
 - **DATADOG_MINIMUMPRIORITY** : minimum priority of event for using this output,
   order is
   `emergency|alert|critical|error|warning|notice|informational|debug or "" (default)`
-- **DATADOG_CHECKCERT** : check if ssl certificate of the output is valid (default:
-  `true`)
 - **DISCORD_WEBHOOKURL** : Discord WebhookURL (ex:
   https://discord.com/api/webhooks/xxxxxxxxxx...), if not empty, Discord output
   is _enabled_
@@ -459,6 +461,8 @@ care of lower/uppercases**) : `yaml: a.b --> envvar: A_B` :
 - **ALERTMANAGER_MINIMUMPRIORITY** : minimum priority of event for using this
   output, order is
   `emergency|alert|critical|error|warning|notice|informational|debug or "" (default)`
+- **ALERTMANAGER_MUTUALTLS** : enable mutual tls authentication for this output (default:
+  `false`)
 - **ALERTMANAGER_CHECKCERT** : check if ssl certificate of the output is valid (default:
   `true`)
 - **ELASTICSEARCH_HOSTPORT** : Elasticsearch http://host:port, if not `empty`,
@@ -470,6 +474,8 @@ care of lower/uppercases**) : `yaml: a.b --> envvar: A_B` :
   `emergency|alert|critical|error|warning|notice|informational|debug or "" (default)`
 - **ELASTICSEARCH_SUFFIX** : date suffix for index rotation : `daily` (default),
   `monthly`, `annually`, `none`
+- **ELASTICSEARCH_MUTUALTLS** : enable mutual tls authentication for this output (default:
+  `false`)
 - **ELASTICSEARCH_CHECKCERT** : check if ssl certificate of the output is valid (default:
   `true`)
 - **INFLUXDB_HOSTPORT** : Influxdb http://host:port, if not `empty`, Influxdb is
@@ -480,6 +486,8 @@ care of lower/uppercases**) : `yaml: a.b --> envvar: A_B` :
 - **INFLUXDB_MINIMUMPRIORITY** : minimum priority of event for using this
   output, order is
   `emergency|alert|critical|error|warning|notice|informational|debug or "" (default)`
+- **INFLUXDB_MUTUALTLS** : enable mutual tls authentication for this output (default:
+  `false`)
 - **INFLUXDB_CHECKCERT** : check if ssl certificate of the output is valid (default:
   `true`)
 - **LOKI_HOSTPORT** : Loki http://host:port, if not `empty`, Loki is _enabled_
@@ -492,13 +500,19 @@ care of lower/uppercases**) : `yaml: a.b --> envvar: A_B` :
 - **NATS_MINIMUMPRIORITY** : minimum priority of event for using this output,
   order is
   `emergency|alert|critical|error|warning|notice|informational|debug or "" (default)`
+- **NATS_MUTUALTLS** : enable mutual tls authentication for this output (default:
+  `false`)
 - **NATS_CHECKCERT** : check if ssl certificate of the output is valid (default:
   `true`)
 - **STAN_HOSTPORT** : NATS "nats://host:port", if not `empty`, STAN is _enabled_
 - **STAN_CLUSTERID** : Cluster name, if not `empty`, STAN is _enabled_
 - **STAN_CLIENTID** : Client ID to use, if not `empty`, STAN is _enabled_
 - **STAN_MINIMUMPRIORITY** : minimum priority of event for using this output,
   order is
+- **STAN_MUTUALTLS** : enable mutual tls authentication for this output (default:
+  `false`)
+- **STAN_CHECKCERT** : check if ssl certificate of the output is valid (default:
+  `true`)
   `emergency|alert|critical|error|warning|notice|informational|debug or "" (default)`
 - **AWS_ACCESSKEYID** : AWS Access Key Id (optional if you use EC2 Instance
   Profile)
@@ -549,8 +563,6 @@ care of lower/uppercases**) : `yaml: a.b --> envvar: A_B` :
 - **OPSGENIE_MINIMUMPRIORITY** : minimum priority of event for using this
   output, order is
   `emergency|alert|critical|error|warning|notice|informational|debug or "" (default)`
-- **OPSGENIE_CHECKCERT** : check if ssl certificate of the output is valid (default:
-  `true`)
 - **STATSD_FORWARDER**: The address for the StatsD forwarder, in the form
   http://host:port, if not empty StatsD is _enabled_
 - **STATSD_NAMESPACE**: A prefix for all metrics (default: "falcosidekick.")
@@ -565,6 +577,8 @@ care of lower/uppercases**) : `yaml: a.b --> envvar: A_B` :
 - **WEBHOOK_MINIMUMPRIORITY** : minimum priority of event for using this output,
   order is
   `emergency|alert|critical|error|warning|notice|informational|debug or "" (default)`
+- **WEBHOOK_MUTUALTLS** : enable mutual tls authentication for this output (default:
+  `false`)
 - **WEBHOOK_CHECKCERT** : check if ssl certificate of the output is valid (default:
   `true`)
 - **CLOUDEVENTS_ADDRESS** : CloudEvents consumer address, if not empty,
@@ -574,8 +588,6 @@ care of lower/uppercases**) : `yaml: a.b --> envvar: A_B` :
 - **CLOUDEVENTS_MINIMUMPRIORITY** : minimum priority of event for using this
   output, order is
   `emergency|alert|critical|error|warning|notice|informational|debug or "" (default)`
-- **CLOUDEVENTS_CHECKCERT** : check if ssl certificate of the output is valid (default:
-  `true`)
 - **AZURE_EVENTHUB_NAME**: Name of the Hub, if not empty, EventHub is _enabled_
 - **AZURE_EVENTHUB_NAMESPACE**: Name of the space the Hub is in
 - **AZURE_EVENTHUB_MINIMUMPRIORITY**: minimum priority of event for using this
@@ -605,8 +617,6 @@ care of lower/uppercases**) : `yaml: a.b --> envvar: A_B` :
   `GOOGLECHAT_OUTPUTFORMAT`, see
   [Slack Message Formatting](#slack-message-formatting) in the README for
   details. If empty, no Text is displayed before sections.
-- **GOOGLECHAT_CHECKCERT** : check if ssl certificate of the output is valid (default:
-  `true`)
 - **KAFKA_HOSTPORT**: The Host:Port of the Kafka (ex: localhost:9092), if not
   empty, Kafka is _enabled_
 - **KAFKA_TOPIC**: The name of the Kafka topic
@@ -625,8 +635,6 @@ care of lower/uppercases**) : `yaml: a.b --> envvar: A_B` :
 - **PAGERDUTY_MINIMUMPRIORITY**: minimum priority of event for using this
   output, order is
   `emergency|alert|critical|error|warning|notice|informational|debug or "" (default)`
-- **PAGERDUTY_CHECKCERT** : check if ssl certificate of the output is valid (default:
-  `true`)
 - **KUBELESS_FUNCTION**: Name of Kubeless function, if not empty, Kubeless is
   _enabled_
 - **KUBELESS_NAMESPACE**: Namespace of Kubeless function (mandatory)
@@ -636,6 +644,8 @@ care of lower/uppercases**) : `yaml: a.b --> envvar: A_B` :
 - **KUBELESS_MINIMUMPRIORITY**: "debug" # minimum priority of event for using
   this output, order is
   `emergency|alert|critical|error|warning|notice|informational|debug or "" (default)`
+- **KUBELESS_CHECKCERT** : check if ssl certificate of the output is valid (default:
+  `true`)
 - **OPENFAAS_GATEWAYNAMESPACE** : Namespace of OpenFaaS Gateway, "openfaas" (default)
 - **OPENFAAS_GATEWAYSERVICE** : Service of OpenFaaS Gateway, "gateway" (default)
 - **OPENFAAS_FUNCTIONNAME** : Name of OpenFaaS function, if not empty, OpenFaaS is enabled
@@ -646,6 +656,8 @@ care of lower/uppercases**) : `yaml: a.b --> envvar: A_B` :
 - **OPENFAAS_MINIMUMPRIORITY** : "debug" # minimum priority of event for using
   this output, order is
   `emergency|alert|critical|error|warning|notice|informational|debug or "" (default)`
+- **OPENFAAS_CHECKCERT** : check if ssl certificate of the output is valid (default:
+  `true`)
 - **WEBUI_URL** : WebUI URL, if not empty, WebUI output is 
   _enabled_
 - **RABBITMQ_URL**: Rabbitmq URL, if not empty, Rabbitmq output is enabled
@@ -706,13 +718,14 @@ All logs are sent to `stdout`.
 
 ## Mutual TLS ##
 
-Outputs with mutualtls enabled in their configuration require *client.crt*, *client.key* and *ca.crt* files to be stored in the path configured in **mutualtlsfilespath** global parameter (**important**: files' name must be preserved)
+Outputs with `mutualtls` enabled in their configuration require *client.crt*, *client.key* and *ca.crt* files to be stored in the path configured in **mutualtlsfilespath** global parameter (**important**: file names must be preserved)
 
 ```bash
 docker run -d -p 2801:2801 -e MUTUALTLSFILESPATH=/etc/certs -e ALERTMANAGER_HOSTPORT=https://XXXX -e ALERTMANAGER_MUTUALTLS=true -e INFLUXDB_HOSTPORT=https://XXXX -e INFLUXDB_MUTUALTLS=true -e WEBHOOK_ADDRESS=XXXX -v /localpath/myclientcert.crt:/etc/certs/client.crt -v /localpath/myclientkey.key:/etc/certs/client.key -v /localpath/ca.crt:/etc/certs/ca.crt falcosecurity/falcosidekick
 ```
 
 In above example, the same client certificate will be used for both Alertmanager & InfluxDB outputs which have mutualtls flag set to true.
+
 ## Metrics
 
 ### Golang ExpVar

config_example.yaml

@@ -88,6 +88,7 @@ stan:
   # clusterid: "" # Cluster name, if not empty, STAN output is enabled
   # clientid: "" # Client ID, if not empty, STAN output is enabled
   # minimumpriority: "" # minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" (default)
+  # mutualtls: false # if true, checkcert flag will be ignored (server cert will always be checked)
   # checkcert: true # check if ssl certificate of the output is valid (default: true)
 
 nats:
@@ -142,7 +143,6 @@ opsgenie:
   # apikey: "2c771471-e2af-4dc6-bd35-e7f6ff479b64" # Opsgenie API Key, if not empty, Opsgenie output is enabled
   region: "eu" # (us|eu) region of your domain
   # minimumpriority: "" # minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" (default)
-  # checkcert: true # check if ssl certificate of the output is valid (default: true)
 
 webhook:
   # address: "" # Webhook address, if not empty, Webhook output is enabled
@@ -194,7 +194,6 @@ kafka:
 pagerduty:
   routingKey: "" # Pagerduty Routing Key, if not empty, Pagerduty output is enabled
   minimumpriority: "" # minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" (default)
-  # checkcert: true # check if ssl certificate of the output is valid (default: true)
 
 kubeless:
   function: "" # Name of Kubeless function, if not empty, Kubeless is enabled
@@ -214,9 +213,6 @@ openfaas:
   # minimumpriority: "debug" # minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" (default)
   # checkcert: true # check if ssl certificate of the output is valid (default: true)
 
-webui:
-  url: "" # WebUI URL, if not empty, WebUI output is enabled
-
 rabbitmq:
   url: "" # Rabbitmq URL, if not empty, Rabbitmq output is enabled
   queue: "" # Rabbitmq Queue name
@@ -232,3 +228,5 @@ wavefront:
   # batchsize: 10000 # Wavefront batch size. If empty uses the default 10000. Only used when endpointtype is 'direct'
   # flushintervalseconds: 1 # Wavefront flush interval in seconds. Defaults to 1
 
+webui:
+  url: "" # WebUI URL, if not empty, WebUI output is enabled