Use /var/log/containers/ dir for output

skroutz · Mar 5, 2024 · aeb96b7 · aeb96b7
1 parent cbc17d1
commit aeb96b7
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/Dockerfile b/Dockerfile
@@ -20,11 +20,14 @@ RUN apt-get update && apt-get install -y gettext-base curl
 COPY deb/crowdstrike-cs-falconhoseclient_2.18.0_amd64.deb "${WORKDIR}/crowdstrike.deb"
 RUN dpkg -i "${WORKDIR}/crowdstrike.deb"
 
+RUN mkdir -p /var/log/containers
+
 # Prepare a simple user instead of root
 RUN groupadd -g 1000 user && useradd -r -u 1000 -g user user
 RUN chown -R user:user /var/log/crowdstrike/falconhoseclient
 RUN chmod -R 755 /var/log/crowdstrike/falconhoseclient
 RUN chown -R user:user /opt/crowdstrike/etc
+RUN chown -R user:user /var/log/containers
 
 WORKDIR "${WORKDIR}"
 

diff --git a/cfg/cs.falconhoseclient.cfg.template b/cfg/cs.falconhoseclient.cfg.template
@@ -32,7 +32,7 @@ output_format = json
 # Will be true regardless if Syslog is not enabled
 # If path does not exist or user has no permission, log file will be used
 output_to_file = true
-output_path = /proc/self/fd/1
+output_path = /var/log/containers/falcon_output.log
 
 # Offset file full filepath and filename
 offset_path = /var/log/crowdstrike/falconhoseclient/stream_offsets