As containerized applications continue to rise in popularity, ensuring their security becomes more and more crucial. With Kubernetes, you have a powerful tool for managing containers, but it doesn’t necessarily provide all the security features you need out of the box. That’s where Falco comes in.
Falco is an open-source container security tool that monitors your Kubernetes cluster in real-time and alerts you of any suspicious activity. In this guide, we’ll walk you through setting up Falco on your Kubernetes cluster and discuss its main benefits.
Install Falco on Your Kubernetes Cluster
There are few methods you can install Falco, details can be found in the official documentation: installation or directly on K8s: deployment. The easiest way to install Falco on your Kubernetes cluster is using Helm. Helm is a package manager for Kubernetes that makes it easy to install and manage applications.
Let’s talk a little about VNX for File and monitoring features provided by Unisphere. I will explain where to find event logs, how to create an e-mail notifications, how to set up notifications for various Severity levels. Let’s first have a quick glympse of Unisphere monitoring features.
Unisphere System Monitoring features
There are several areas within the Unisphere System monitoring page, where the system can be monitored.
Unisphere Monitoring Page
Let’s quickly review few of them:
- Alerts for various system conditions
- In this section you can see if there are any critical errors, warnings, or other errors. Once you see an alert, you can double-click on it to retrieve it properties. Each alert detail has full description, recommended action, and event code. Take a look at example printscreen
Unisphere Alert Details
- SP Event Logs – SP logs can be collected and exported via the graphical interface.
- Background Task Monitoring for File – list of all tasks that are running in the background
- Event Logs for File – place where File related events can be monitored. The page can be configred to display log messages from the Control Station or the Data Movers.
- Notifications for File – a notification is an action that CS (Control Station) takes in response to a particular system condition. For example, the Control Station can send an email message to an admin when a critical system event occurs, such as a disk failure. Another example would be a threshold being reached, etc. Event Severity levels are: critical, error, warning, info.
- Statistics for File – this option provide the user with information file system and network performance. Graphs are configurable and given in real-time.
VNX Email Notifications
For Notifications to be sent via SMTP mail option Email User must be configured. To configure that option navigate to the Notifications page. Select the Manage Email User option. You can find it in the bottom right section called “Service Task”. The configuration screen looks like:
Unisphere Configure Email
Once you have configured the e-mail information (provided in the form above) you can now create an event. Navigate to System > Monitoring and Alerts > Notifications for File. Then select the Create button and a popup screen will prompt for which Facility you want to monitor. Take a look at picture below.
Unipshere Create notification
Choose the event you want monitored. The nchoose the Severity level (Critical, Error, Warning or Info) for events to be notified for. Select how the notification will be sent (the options are: mail, logfile, smtp trap). For logfile you have to provide an absolute path on the control station ot save it, for SMTP trap you can provide IP address, community name or a hostname. The example e-mail notification is presented above.