cilium · cy83rc0llect0r · Apr 24, 2025 · Apr 24, 2025 · Apr 24, 2025 · Apr 24, 2025
@@ -15,9 +15,9 @@ require (
 require (
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
-	golang.org/x/net v0.38.0 // indirect
+	golang.org/x/net v0.39.0 // indirect
 	golang.org/x/sys v0.32.0 // indirect
-	golang.org/x/text v0.23.0 // indirect
+	golang.org/x/text v0.24.0 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20250407143221-ac9807e6c755 // indirect
 	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect

@@ -39,13 +39,13 @@ go.opentelemetry.io/otel/sdk/metric v1.34.0 h1:5CeK9ujjbFVL5c1PhLuStg1wxA7vQv7ce
 go.opentelemetry.io/otel/sdk/metric v1.34.0/go.mod h1:jQ/r8Ze28zRKoNRdkjCZxfs6YvBTG1+YIqyFVFYec5w=
 go.opentelemetry.io/otel/trace v1.34.0 h1:+ouXS2V8Rd4hp4580a8q23bg0azF2nI8cqLYnC8mh/k=
 go.opentelemetry.io/otel/trace v1.34.0/go.mod h1:Svm7lSjQD7kG7KJ/MUHPVXSDGz2OX4h0M2jHBhmSfRE=
-golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8=
-golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
+golang.org/x/net v0.39.0 h1:ZCu7HMWDxpXpaiKdhzIfaltL9Lp31x/3fCP11bc6/fY=
+golang.org/x/net v0.39.0/go.mod h1:X7NRbYVEA+ewNkCNyJ513WmMdQ3BineSwVtN2zD/d+E=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.32.0 h1:s77OFDvIQeibCmezSnk/q6iAfkdiQaJi4VzroCFrN20=
 golang.org/x/sys v0.32.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
-golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
-golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
+golang.org/x/text v0.24.0 h1:dd5Bzh4yt5KYA8f9CJHCP4FB4D51c2c6JvN37xJJkJ0=
+golang.org/x/text v0.24.0/go.mod h1:L8rBsPeo2pSS+xqN0d5u2ikmjtmoJbDBT1b7nHvFCdU=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20250407143221-ac9807e6c755 h1:TwXJCGVREgQ/cl18iY0Z4wJCTL/GmW+Um2oSwZiZPnc=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20250407143221-ac9807e6c755/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A=
 google.golang.org/grpc v1.72.0 h1:S7UkcVa60b5AAQTaO6ZKamFp1zMZSU0fGDK2WZLbBnM=

@@ -17,7 +17,7 @@ github.com/sirupsen/logrus
 ## explicit; go 1.17
 github.com/stretchr/testify/assert
 github.com/stretchr/testify/assert/yaml
-# golang.org/x/net v0.38.0
+# golang.org/x/net v0.39.0
 ## explicit; go 1.23.0
 golang.org/x/net/http/httpguts
 golang.org/x/net/http2
@@ -30,7 +30,7 @@ golang.org/x/net/trace
 ## explicit; go 1.23.0
 golang.org/x/sys/unix
 golang.org/x/sys/windows
-# golang.org/x/text v0.23.0
+# golang.org/x/text v0.24.0
 ## explicit; go 1.23.0
 golang.org/x/text/secure/bidirule
 golang.org/x/text/transform

@@ -710,36 +710,73 @@ func startExporter(ctx context.Context, server *server.Server) error {
 	if err != nil {
 		return err
 	}
+
+	var rateLimiter *ratelimit.RateLimiter
+	var aggregationOptions *tetragon.AggregationOptions
+	if option.Config.EnableExportAggregation {
+		aggregationOptions = &tetragon.AggregationOptions{
+			WindowSize:        durationpb.New(option.Config.ExportAggregationWindowSize),
+			ChannelBufferSize: option.Config.ExportAggregationBufferSize,
+		}
+	}
+	req := tetragon.GetEventsRequest{AllowList: allowList, DenyList: denyList, AggregationOptions: aggregationOptions, FieldFilters: fieldFilters}
+	log.WithFields(logrus.Fields{
+		"fieldFilters": fieldFilters,
+		"allowList":    allowList,
+		"denyList":     denyList,
+	}).Info("Configured event request")
+
+	// Handle export.mode
+	if option.Config.ExportMode == "stdout" {
+		log.WithFields(logrus.Fields{"mode": "stdout"}).Warn("export.mode 'stdout' is deprecated; use 'file' or 'direct-stdout'")
+		option.Config.ExportMode = "file" // Fallback to file
+	}
+
+	if option.Config.ExportMode == "direct-stdout" {
+		log.WithFields(logrus.Fields{"mode": "direct-stdout"}).Info("Starting direct stdout exporter")
+		stdoutEncoder := encoder.NewJSONStdoutEncoder()
+		if option.Config.ExportRateLimit >= 0 {
+			rateLimiter = ratelimit.NewRateLimiter(ctx, 1*time.Minute, option.Config.ExportRateLimit, stdoutEncoder)
+			log.WithFields(logrus.Fields{"rateLimit": option.Config.ExportRateLimit}).Info("Rate limiter enabled")
+		}
+		exporter := exporter.NewExporter(ctx, &req, server, stdoutEncoder, stdoutEncoder, rateLimiter)
+		log.WithFields(logrus.Fields{"destination": "stdout"}).Debug("Starting JSON stdout exporter")
+		go exporter.Start() // Run in goroutine like previous code
+		return nil
+	}
+
+	// File mode
+	if option.Config.ExportMode != "file" {
+		log.WithFields(logrus.Fields{"mode": option.Config.ExportMode}).Warn("Invalid export.mode; defaulting to 'file'")
+		option.Config.ExportMode = "file"
+	}
+
+	log.WithFields(logrus.Fields{"mode": "file"}).Info("Starting file-based exporter")
 	writer := &lumberjack.Logger{
 		Filename:   option.Config.ExportFilename,
 		MaxSize:    option.Config.ExportFileMaxSizeMB,
 		MaxBackups: option.Config.ExportFileMaxBackups,
 		Compress:   option.Config.ExportFileCompress,
 	}
-
 	perms, err := fileutils.RegularFilePerms(option.Config.ExportFilePerm)
 	if err != nil {
-		log.WithError(err).Warnf("Failed to parse export file permission '%s', failing back to %v",
+		log.WithError(err).Warnf("Failed to parse export file permission '%s', falling back to %v",
 			option.KeyExportFilePerm, perms)
 	}
 	writer.FileMode = perms
 
 	finfo, err := os.Stat(filepath.Clean(option.Config.ExportFilename))
 	if err == nil && finfo.IsDir() {
-		// Error if exportFilename points to a directory
-		return errors.New("passed export JSON logs file point to a directory")
+		return errors.New("passed export JSON logs file points to a directory")
 	}
 	logFile := filepath.Base(option.Config.ExportFilename)
 	logsDir, err := filepath.Abs(filepath.Dir(filepath.Clean(option.Config.ExportFilename)))
 	if err != nil {
 		log.WithError(err).Warnf("Failed to get absolute path of exported JSON logs '%s'", option.Config.ExportFilename)
-		// Do not fail; we let lumberjack handle this. We want to
-		// log the rotate logs operation.
 		logsDir = filepath.Dir(option.Config.ExportFilename)
 	}
 
 	if option.Config.ExportFileRotationInterval < 0 {
-		// Passed an invalid interval let's error out
 		return fmt.Errorf("frequency '%s' at which to rotate JSON export files is negative", option.Config.ExportFileRotationInterval.String())
 	} else if option.Config.ExportFileRotationInterval > 0 {
 		log.WithFields(logrus.Fields{
@@ -767,25 +804,15 @@ func startExporter(ctx context.Context, server *server.Server) error {
 		}()
 	}
 
-	// Track how many bytes are written to the event export location
 	encoderWriter := exporter.NewExportedBytesTotalWriter(writer)
-	encoder := encoder.NewProtojsonEncoder(encoderWriter)
-	var rateLimiter *ratelimit.RateLimiter
+	jsonEncoder := encoder.NewProtojsonEncoder(encoderWriter)
 	if option.Config.ExportRateLimit >= 0 {
-		rateLimiter = ratelimit.NewRateLimiter(ctx, 1*time.Minute, option.Config.ExportRateLimit, encoder)
-	}
-	var aggregationOptions *tetragon.AggregationOptions
-	if option.Config.EnableExportAggregation {
-		aggregationOptions = &tetragon.AggregationOptions{
-			WindowSize:        durationpb.New(option.Config.ExportAggregationWindowSize),
-			ChannelBufferSize: option.Config.ExportAggregationBufferSize,
-		}
+		rateLimiter = ratelimit.NewRateLimiter(ctx, 1*time.Minute, option.Config.ExportRateLimit, jsonEncoder)
 	}
-	req := tetragon.GetEventsRequest{AllowList: allowList, DenyList: denyList, AggregationOptions: aggregationOptions, FieldFilters: fieldFilters}
-	log.WithFields(logrus.Fields{"fieldFilters": fieldFilters}).Info("Configured field filters")
 	log.WithFields(logrus.Fields{"logger": writer, "request": &req}).Info("Starting JSON exporter")
-	exporter := exporter.NewExporter(ctx, &req, server, encoder, writer, rateLimiter)
-	return exporter.Start()
+	exporter := exporter.NewExporter(ctx, &req, server, jsonEncoder, writer, rateLimiter)
+	go exporter.Start()
+	return nil
 }
 
 func Serve(ctx context.Context, listenAddr string, srv *server.Server) error {

@@ -46,7 +46,7 @@ require (
 	github.com/stoewer/go-strcase v1.2.0 // indirect
 	github.com/tetratelabs/wazero v1.8.2-0.20241030035603-dc08732e57d5 // indirect
 	golang.org/x/exp v0.0.0-20250103183323-7d7fa50e5329 // indirect
-	golang.org/x/net v0.38.0 // indirect
+	golang.org/x/net v0.39.0 // indirect
 	golang.org/x/sys v0.32.0 // indirect
 	golang.org/x/text v0.24.0 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20250303144028-a0af3efb3deb // indirect

@@ -140,8 +140,8 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8=
-golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
+golang.org/x/net v0.39.0 h1:ZCu7HMWDxpXpaiKdhzIfaltL9Lp31x/3fCP11bc6/fY=
+golang.org/x/net v0.39.0/go.mod h1:X7NRbYVEA+ewNkCNyJ513WmMdQ3BineSwVtN2zD/d+E=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=

@@ -189,7 +189,7 @@ github.com/tetratelabs/wazero/sys
 # golang.org/x/exp v0.0.0-20250103183323-7d7fa50e5329
 ## explicit; go 1.22.0
 golang.org/x/exp/slices
-# golang.org/x/net v0.38.0
+# golang.org/x/net v0.39.0
 ## explicit; go 1.23.0
 golang.org/x/net/http/httpguts
 golang.org/x/net/http2

@@ -150,11 +150,11 @@ require (
 	go.opentelemetry.io/otel/trace v1.34.0 // indirect
 	go4.org/netipx v0.0.0-20231129151722-fdeea329fbba // indirect
 	golang.org/x/exp v0.0.0-20241004190924-225e2abe05e6 // indirect
-	golang.org/x/mod v0.22.0 // indirect
-	golang.org/x/net v0.38.0 // indirect
+	golang.org/x/mod v0.24.0 // indirect
+	golang.org/x/net v0.39.0 // indirect
 	golang.org/x/oauth2 v0.27.0 // indirect
-	golang.org/x/text v0.23.0 // indirect
-	golang.org/x/tools v0.28.0 // indirect
+	golang.org/x/text v0.24.0 // indirect
+	golang.org/x/tools v0.32.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
 	google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20250407143221-ac9807e6c755 // indirect

@@ -443,8 +443,8 @@ go4.org/netipx v0.0.0-20231129151722-fdeea329fbba/go.mod h1:PLyyIXexvUFg3Owu6p/W
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=
-golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
+golang.org/x/crypto v0.37.0 h1:kJNSjF/Xp7kU0iB2Z+9viTPMW4EqqsrywMXLJOOsXSE=
+golang.org/x/crypto v0.37.0/go.mod h1:vg+k43peMZ0pUMhYmVAWysMK35e6ioLh3wB8ZCAfbVc=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20241004190924-225e2abe05e6 h1:1wqE9dj9NpSm04INVsJhhEUzhuDVjbcyKH91sVyPATw=
 golang.org/x/exp v0.0.0-20241004190924-225e2abe05e6/go.mod h1:NQtJDoLvd6faHhE7m4T/1IY708gDefGGjR/iUW8yQQ8=
@@ -453,8 +453,8 @@ golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvx
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.22.0 h1:D4nJWe9zXqHOmWqj4VMOJhvzj7bEZg4wEYa759z1pH4=
-golang.org/x/mod v0.22.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
+golang.org/x/mod v0.24.0 h1:ZfthKaKaT4NrhGVZHO1/WDTwGES4De8KtWO0SIbNJMU=
+golang.org/x/mod v0.24.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -466,8 +466,8 @@ golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
-golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8=
-golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
+golang.org/x/net v0.39.0 h1:ZCu7HMWDxpXpaiKdhzIfaltL9Lp31x/3fCP11bc6/fY=
+golang.org/x/net v0.39.0/go.mod h1:X7NRbYVEA+ewNkCNyJ513WmMdQ3BineSwVtN2zD/d+E=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.27.0 h1:da9Vo7/tDv5RH/7nZDz1eMGS/q1Vv1N/7FCrBhI9I3M=
@@ -503,8 +503,8 @@ golang.org/x/term v0.31.0/go.mod h1:R4BeIy7D95HzImkxGkTW1UQTtP54tio2RyHz7PwK0aw=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
-golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
+golang.org/x/text v0.24.0 h1:dd5Bzh4yt5KYA8f9CJHCP4FB4D51c2c6JvN37xJJkJ0=
+golang.org/x/text v0.24.0/go.mod h1:L8rBsPeo2pSS+xqN0d5u2ikmjtmoJbDBT1b7nHvFCdU=
 golang.org/x/time v0.11.0 h1:/bpjEDfN9tkoN/ryeYHnv5hcMlc8ncjMcM4XBk5NWV0=
 golang.org/x/time v0.11.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -515,8 +515,8 @@ golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBn
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.28.0 h1:WuB6qZ4RPCQo5aP3WdKZS7i595EdWqWR8vqJTlwTVK8=
-golang.org/x/tools v0.28.0/go.mod h1:dcIOrVd3mfQKTgrDVQHqCPMWy6lnhfhtX3hLXYVLfRw=
+golang.org/x/tools v0.32.0 h1:Q7N1vhpkQv7ybVzLFtTjvQya2ewbwNDZzUgfXGqtMWU=
+golang.org/x/tools v0.32.0/go.mod h1:ZxrU41P/wAbZD8EDa6dDCa6XfpkhJ7HFMjHJXfBDu8s=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

@@ -34,8 +34,10 @@
       name: bpf-maps
     - mountPath: "/var/run/cilium"
       name: cilium-run
+{{- if or (eq .Values.export.mode "file") (eq .Values.export.mode "stdout") }}
     - mountPath: {{ .Values.exportDirectory }}
       name: export-logs
+{{- end }}
     - mountPath: "/procRoot"
       name: host-proc
 {{- if and (.Values.tetragon.cri.enabled) (.Values.tetragon.cri.socketHostPath) }}

@@ -56,7 +56,7 @@ spec:
 {{- end }}
       {{- include "initcontainers.extra" . | nindent 6 }}
       containers:
-{{- if eq .Values.export.mode "stdout" }}
+{{- if or (eq .Values.export.mode "file") (eq .Values.export.mode "stdout") }}
       {{- include "container.export.stdout" . | nindent 6 -}}
 {{- end }}
 {{- if .Values.tetragon.enabled }}
@@ -82,10 +82,12 @@ spec:
         hostPath:
           path: /var/run/cilium
           type: DirectoryOrCreate
+{{- if or (eq .Values.export.mode "file") (eq .Values.export.mode "stdout") }}
       - name: export-logs
         hostPath:
           path: {{ .Values.exportDirectory }}
           type: DirectoryOrCreate
+{{- end }}
 {{- if .Values.tetragon.enabled }}
       - name: tetragon-config
         configMap:

@@ -87,3 +87,4 @@ data:
 {{- end }}
   enable-cgidmap: {{ .Values.tetragon.cgidmap.enabled | quote }}
   enable-pod-annotations: {{ .Values.tetragon.podAnnotations.enabled | default "false" | quote }}
+  export-mode: {{ .Values.export.mode | default "stdout" | quote }}
@@ -351,7 +351,7 @@ tetragonOperator:
       scrapeInterval: "10s"
 # -- Tetragon events export settings
 export:
-  # "stdout". "" to disable.
+  # "stdout (deprecated)" - file (sidecar + volume) - direct-stdout (stdout without file and sidecar).
   mode: "stdout"
   resources: {}
   securityContext: {}

@@ -0,0 +1,47 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright Authors of Tetragon
+
+package encoder
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/cilium/tetragon/api/v1/tetragon"
+	"github.com/cilium/tetragon/pkg/logger"
+	"google.golang.org/protobuf/encoding/protojson"
+)
+
+type JSONStdoutEncoder struct{}
+
+func NewJSONStdoutEncoder() *JSONStdoutEncoder {
+	return &JSONStdoutEncoder{}
+}
+
+func (e *JSONStdoutEncoder) Encode(v interface{}) error {
+	logger.GetLogger().Debug("Received event for encoding")
+	evt, ok := v.(*tetragon.GetEventsResponse)
+	if !ok {
+		logger.GetLogger().WithField("type", fmt.Sprintf("%T", v)).Warn("Expected GetEventsResponse, got different type")
+		return fmt.Errorf("expected GetEventsResponse, got %T", v)
+	}
+	jsonBytes, err := protojson.Marshal(evt)
+	if err != nil {
+		logger.GetLogger().WithError(err).Warn("Failed to marshal event to JSON")
+		return nil
+	}
+	logger.GetLogger().Debugf("Encoded event: %s", string(jsonBytes))
+	output := append([]byte("EVENT: "), jsonBytes...) // Add EVENT: prefix
+	output = append(output, '\n')
+	if _, err := os.Stdout.Write(output); err != nil {
+		logger.GetLogger().WithError(err).Warn("Failed to write to stdout")
+		return nil
+	}
+	os.Stdout.Sync()
+	logger.GetLogger().Debugf("Wrote JSON to stdout: %s", string(output))
+	return nil
+}
+
+func (e *JSONStdoutEncoder) Close() error {
+	return nil
+}
@@ -39,6 +39,7 @@ func InitializeDefaultLogger() (logger *logrus.Logger) {
 	fmt, _ := getFormatter(defaultLogFormat)
 	logger.SetFormatter(fmt)
 	logger.SetLevel(defaultLogLevel)
+	logger.SetOutput(os.Stderr)
 	return
 }
 
@@ -82,7 +83,7 @@ func (o LogOptions) getLogFormat() LogFormat {
 }
 
 func ResetLogOutput() {
-	DefaultLogger.SetOutput(os.Stdout)
+	DefaultLogger.SetOutput(os.Stderr)
 }
 
 func GetLogLevel() logrus.Level {
@@ -132,7 +133,7 @@ func SetupLogging(o LogOptions, debug bool) error {
 	// Updating the default log format
 	setLogFormat(o.getLogFormat())
 
-	logrus.SetOutput(os.Stdout)
+	logrus.SetOutput(os.Stderr)
 
 	// Updating the default log level, overriding the log options if the debug arg is being set
 	if debug {

@@ -28,6 +28,7 @@ type config struct {
 	ClusterName     string
 
 	EnablePodAnnotations bool
+	ExportMode           string
 
 	EnableProcessAncestors           bool
 	EnableProcessKprobeAncestors     bool