Use /var/log/pods as output

skroutz · Mar 6, 2024 · ca4c872 · ca4c872
1 parent 649b9b2
commit ca4c872
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 1 deletion.
diff --git a/Dockerfile b/Dockerfile
@@ -20,11 +20,14 @@ RUN apt-get update && apt-get install -y gettext-base curl
 COPY deb/crowdstrike-cs-falconhoseclient_2.18.0_amd64.deb "${WORKDIR}/crowdstrike.deb"
 RUN dpkg -i "${WORKDIR}/crowdstrike.deb"
 
+RUN mkdir -p /var/log/pods/falconhoseclient
+
 # Prepare a simple user instead of root
 RUN groupadd -g 1000 user && useradd -r -u 1000 -g user user
 RUN chown -R user:user /var/log/crowdstrike/falconhoseclient
 RUN chmod -R 755 /var/log/crowdstrike/falconhoseclient
 RUN chown -R user:user /opt/crowdstrike/etc
+RUN chown -R user:user /var/log/pods/falconhoseclient
 
 WORKDIR "${WORKDIR}"
 

diff --git a/cfg/cs.falconhoseclient.cfg.template b/cfg/cs.falconhoseclient.cfg.template
@@ -32,7 +32,8 @@ output_format = json
 # Will be true regardless if Syslog is not enabled
 # If path does not exist or user has no permission, log file will be used
 output_to_file = true
-output_path = /dev/stdout
+#output_path = /dev/stdout
+output_path = /var/log/pods/falconhoseclient/events.log
 
 # Offset file full filepath and filename
 offset_path = /var/log/crowdstrike/falconhoseclient/stream_offsets