Falco Outputs
Falco can send alerts to one or more output channels:
- Standard Output
- A file
- Syslog
- A spawned program
- A HTTP/HTTPS endpoint
- A client via the gRPC API
The channels are configured via the Falco configuration file falco.yaml. See the Falco Configuration page for more details.
Find further information about how to configure each of those channels under Output Channels.
Integration with third parties
Falco alerts can easily be forwarded to third-party systems like off-host SIEM, databases, or Faas. While many tools can natively connect to the generic outputs channels that Falco provides such as files and standrd output, a forwarder proxy, Falcosidekick, was created to facilitate integration with more than 50 different systems.
Output Channels
Supported output channels for Falco Alerts
Output Formatting
Format Falco Alerts for Containers and Kubernetes
Forwarding Alerts
Forward Falco Alerts to third parties with Falcosidekick
Was this page helpful?
Let us know! You feedback will help us to improve the content and to stay in touch with our users.
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.
