Prometheus Metrics Exporter for Falco output events
Before using falco-exporter, you need Falco installed and running with the gRPC Output enabled. The Falco gRPC server works only with mutual TLS by design. Therefore, you also need valid certificate files to configure falco-exporter properly.
make
./falco-exporter
Then check the metrics endpoint at http://localhost:9376/metrics
Command line usage:
Usage of ./falco-exporter:
--client-ca string CA root file path for connecting to a Falco gRPC server (default "/etc/falco/certs/ca.crt")
--client-cert string cert file path for connecting to a Falco gRPC server (default "/etc/falco/certs/client.crt")
--client-hostname string hostname for connecting to a Falco gRPC server (default "localhost")
--client-key string key file path for connecting to a Falco gRPC server (default "/etc/falco/certs/client.key")
--client-port uint16 port for connecting to a Falco gRPC server (default 5060)
--listen-address string address on which to expose the Prometheus metrics (default ":9376")
Using the provided Helm chart is the easiest way to deploy falco-exporter.
To install the chart with the release name falco-exporter and default configuration values:
helm install falco-exporter \
--set-file certs.ca.crt=/path/to/ca.crt,certs.client.key=/path/to/client.key,certs.client.crt=/path/to/client.crt \
./deploy/helm/falco-exporter
The command deploys falco-exporter as Daemon Set on your the Kubernetes cluster. If a Prometheus installation is running within your cluster, metrics provided by falco-exporter will be automatically discovered.
Alternatively, it is possible to deploy falco-exporter without using Helm. Templates for manual installation are here.
The Falco dashboard can be imported into Grafana by copy-paste the provided grafana/dashboard.json or by getting it from the Grafana Dashboards website.
You can find detailed Grafana importing instructions here.
