What is Falco-exporter¶
Falco-exporter is a Prometheus Metrics exporter for Falco output events.
Falco-exporter is deployed as a DaemonSet on a Kubernetes cluster. If Prometheus is installed and running in the cluster, metrics provided by Falco-exporter will be automatically discovered.
Install Falco-exporter¶
This section describes how to install Falco-exporter.
Note
Before installing and using Falco-exporter, you need to install and run Falco with gRPC output enabled (enabled by via Unix sockets by default). For more information on enabling gRPC output in Falco Helm Chart, see Enabling gRPC.
Please confirm that your cluster has successfully connected to the Container Management platform, and then perform the following steps to install Falco-exporter.
-  Click Container Management->Clustersin the left navigation bar, then find the cluster name where you want to install Falco-exporter.
-  In the left navigation bar, select Helm Releases->Helm Charts, and then find and clickfalco-exporter.
-  Select the version you want to install in Versionand clickInstall.
-  On the installation screen, fill in the required installation parameters. In the screen as above, fill in application name,namespace,version, etc.In the screen as above, fill in the following parameters: -  Falco Prometheus Exporter->Image Settings->Registry: set the repository address of the falco-exporter image, which is already filled with the available online repositories by default. If it is a private environment, you can change it to a private repository address.
-  Falco Prometheus Exporter->Prometheus ServiceMonitor Settings->Repository: set the falco-exporter image name.
-  Falco Prometheus Exporter->Prometheus ServiceMonitor Settings->Install ServiceMonitor: install Prometheus Operator service monitor. It is enabled by default.
-  Falco Prometheus Exporter->Prometheus ServiceMonitor Settings->Scrape Interval: user-defined interval; if not specified, the Prometheus default interval is used.
-  Falco Prometheus Exporter->Prometheus ServiceMonitor Settings->Scrape Timeout: user-defined scrape timeout; if not specified, the Prometheus default scrape timeout is used.
 
-  
In the screen as above, fill in the following parameters:
- `Falco Prometheus Exporter` -> `Prometheus prometheusRules` -> `Install prometheusRules`: create PrometheusRules to alert on priority events. It is enabled by default.
- `Falco Prometheus Exporter` -> `Prometheus prometheusRules` -> `Alerts settings`: set whether alerts are enabled for different levels of log events, the interval between alerts, and the threshold for alerts.
- Click the OKbutton at the bottom right corner to complete the installation.