falcosecurity · poiana · May 16, 2024 · May 15, 2024 · May 16, 2024
diff --git a/userspace/engine/evttype_index_ruleset.cpp b/userspace/engine/evttype_index_ruleset.cpp
@@ -19,6 +19,8 @@ limitations under the License.
 
 #include "falco_utils.h"
 
+#include "../falco/logger.h"
+
 #include <algorithm>
 
 evttype_index_ruleset::evttype_index_ruleset(
@@ -225,7 +227,25 @@ void evttype_index_ruleset::add(
 
 void evttype_index_ruleset::on_loading_complete()
 {
-	// nothing to do for now
+	print_enabled_rules_falco_logger();
+}
+
+void evttype_index_ruleset::print_enabled_rules_falco_logger()
+{
+	falco_logger::log(falco_logger::level::DEBUG, "Enabled rules:\n");
+	int n = 0;
+	for (const auto& ruleset_ptr : m_rulesets)
+	{
+		if (ruleset_ptr)
+		{
+			for (const auto& wrap : ruleset_ptr->get_filters())
+			{
+				n++;
+				falco_logger::log(falco_logger::level::DEBUG, std::string("   ") + wrap->rule.name + "\n");
+			}
+		}
+	}
+	falco_logger::log(falco_logger::level::DEBUG, "(" + std::to_string(n) + ") enabled rules in total\n");
 }
 
 void evttype_index_ruleset::clear()

diff --git a/userspace/engine/evttype_index_ruleset.h b/userspace/engine/evttype_index_ruleset.h
@@ -52,6 +52,10 @@ class evttype_index_ruleset: public filter_ruleset
 
 	void on_loading_complete() override;
 
+	// Print each enabled rule when running Falco with falco logger
+	// log_level=debug; invoked within on_loading_complete()
+	void print_enabled_rules_falco_logger();
+
 	void enable(
 		const std::string &pattern,
 		match_type match,
@@ -118,6 +122,11 @@ class evttype_index_ruleset: public filter_ruleset
 
 		uint64_t num_filters();
 
+		inline const std::set<std::shared_ptr<filter_wrapper>>& get_filters() const
+		{
+			return m_filters;
+		}
+
 		// Evaluate an event against the ruleset and return the first rule
 		// that matched.
 		bool run(sinsp_evt *evt, falco_rule& match);