diff --git a/README.md b/README.md index 555a4773c..e9d962815 100644 --- a/README.md +++ b/README.md @@ -171,7 +171,7 @@ See **config_example.yaml** : #listenaddress: "" # ip address to bind falcosidekick to (default: "" meaning all addresses) #listenport: 2801 # port to listen for daemon (default: 2801) debug: false # if true all outputs will print in stdout the payload they send (default: false) -customfields: # custom fields are added to falco events +customfields: # custom fields are added to falco events, if the value starts with % the relative env var is used Akey: "AValue" Bkey: "BValue" Ckey: "CValue" @@ -520,7 +520,7 @@ care of lower/uppercases**) : `yaml: a.b --> envvar: A_B` : - **LISTENPORT** : port to listen for daemon (default: `2801`) - **DEBUG** : if _true_ all outputs will print in stdout the payload they send (default: false) -- **CUSTOMFIELDS** : a list of comma separated custom fields to add to falco +- **CUSTOMFIELDS** : a list of comma separated custom fields to add to falco, if the value starts with % the relative env var is used events, syntax is "key:value,key:value" **MUTUALTLSFILESPATH**: path which will be used to stored certs and key for mutual tls authentication (default: "/etc/certs") - **SLACK_WEBHOOKURL** : Slack Webhook URL (ex: diff --git a/config.go b/config.go index bc7f384e4..35e41fee5 100644 --- a/config.go +++ b/config.go @@ -374,7 +374,15 @@ func getConfig() *types.Configuration { for _, label := range customfields { tagkeys := strings.Split(label, ":") if len(tagkeys) == 2 { - c.Customfields[tagkeys[0]] = tagkeys[1] + if strings.HasPrefix(tagkeys[1], "%") { + if s := os.Getenv(tagkeys[1][1:]); s != "" { + c.Customfields[tagkeys[0]] = s + } else { + log.Printf("[ERROR] : Can't find env var %v for custom fields", tagkeys[1][1:]) + } + } else { + c.Customfields[tagkeys[0]] = tagkeys[1] + } } } } diff --git a/config_example.yaml b/config_example.yaml index b0707efe9..3d30e72a7 100644 --- a/config_example.yaml +++ b/config_example.yaml @@ -1,7 +1,7 @@ #listenaddress: "" # ip address to bind falcosidekick to (default: "" meaning all addresses) #listenport: 2801 # port to listen for daemon (default: 2801) debug: false # if true all outputs will print in stdout the payload they send (default: false) -customfields: # custom fields are added to falco events and metrics +customfields: # custom fields are added to falco events and metrics, if the value starts with % the relative env var is used Akey: "AValue" Bkey: "BValue" Ckey: "CValue"