aboutsummaryrefslogtreecommitdiffstats
path: root/filter/global.go
diff options
context:
space:
mode:
authorWe-unite <3205135446@qq.com>2024-09-02 16:45:07 +0800
committerWe-unite <3205135446@qq.com>2024-09-02 16:45:07 +0800
commit08207d77be79afc6f75d1611726b92bdf622717f (patch)
tree918991217807ff18025b998407b87bcd31d4ddc3 /filter/global.go
parentf9f8f35ccd8b505a827d40f95c52ed039512b79d (diff)
downloadgodo-dev.tar.gz
godo-dev.zip
Show filt result in tree&json, fix sth in listenerHEADmasterdev
In the listener, I change the order coroutines are started to avoid 'send on a closed channel'. Besides, the method to get syscall names and numbers are not so universial, so let's go back to check unistd.h. In the filter, the output is set to be written to ./log dir. Pid tree are shown in logs/tree.log, and detail info in pids.log, while file info in the logs/files.log. tree.log shows a tree just like `tree` command, the other two files are written in json. What's more, the flags while opening files are also checked ans showed in files.log.
Diffstat (limited to '')
-rw-r--r--filter/global.go73
1 files changed, 44 insertions, 29 deletions
diff --git a/filter/global.go b/filter/global.go
index bade895..7ba3fc1 100644
--- a/filter/global.go
+++ b/filter/global.go
@@ -1,39 +1,40 @@
1package main 1package main
2 2
3import ( 3import (
4 "encoding/json"
4 "fmt" 5 "fmt"
5 "time" 6 "time"
6) 7)
7 8
8type Exec struct { 9type Exec struct {
9 Timestamp time.Time `bson:"timestamp"` 10 Timestamp time.Time `bson:"timestamp" json:"timestamp"`
10 ExecArgs []string `bson:"execArgs"` 11 ExecArgs []string `bson:"execArgs" json:"execArgs"`
11} 12}
12 13
13type Process struct { 14type Process struct {
14 Star bool `bson:"star"` 15 Star bool `bson:"star" json:"star"`
15 StartTimestamp time.Time `bson:"start_timestamp"` 16 StartTimestamp time.Time `bson:"start_timestamp" json:"start_timestamp"`
16 Ppid int `bson:"ppid"` 17 Ppid int `bson:"ppid" json:"ppid"`
17 ParentTgid int `bson:"parentTgid"` 18 ParentTgid int `bson:"parentTgid" json:"parentTgid"`
18 Pid int `bson:"pid"` 19 Pid int `bson:"pid" json:"pid"`
19 Tgid int `bson:"tgid"` 20 Tgid int `bson:"tgid" json:"tgid"`
20 Args []string `bson:"args"` 21 Args []string `bson:"args" json:"args"`
21 Comm string `bson:"comm"` 22 Comm string `bson:"comm" json:"comm"`
22 RootFS string `bson:"rootfs"` 23 RootFS string `bson:"rootfs" json:"rootfs"`
23 Cwd string `bson:"cwd"` 24 Cwd string `bson:"cwd" json:"cwd"`
24 Children []int `bson:"children"` 25 Children []int `bson:"children" json:"children"`
25 DockerId string `bson:"docker_id"` 26 DockerId string `bson:"docker_id" json:"docker_id"`
26 Execve []Exec `bson:"execve"` 27 Execve []Exec `bson:"execve" json:"execve"`
27 ExitCode int `bson:"exit_code"` 28 ExitCode int `bson:"exit_code" json:"exit_code"`
28 ExitSignal int `bson:"exit_signal"` 29 ExitSignal int `bson:"exit_signal" json:"exit_signal"`
29 ExitTimestamp time.Time `bson:"exit_timestamp"` 30 ExitTimestamp time.Time `bson:"exit_timestamp" json:"exit_timestamp"`
30} 31}
31 32
32type tgidNode struct { 33type tgidNode struct {
33 Tgid int `bson:"tgid"` 34 Tgid int `bson:"tgid" json:"tgid"`
34 FindPid map[int]int `bson:"findPid"` 35 FindPid map[int]int `bson:"findPid" json:"findPid"`
35 Threads []Process `bson:"threads"` 36 Threads []Process `bson:"threads" json:"threads"`
36 ChildTgid []int `bson:"child_tgid"` 37 ChildTgid []int `bson:"child_tgid" json:"child_tgid"`
37} 38}
38 39
39func (p Process) String() string { 40func (p Process) String() string {
@@ -80,13 +81,27 @@ func (node tgidNode) String() string {
80} 81}
81 82
82type File struct { 83type File struct {
83 OpenTimestamp time.Time `bson:"timestamp"` 84 OpenTimestamp time.Time `bson:"timestamp" json:"timestamp"`
84 FileName string `bson:"fileName"` 85 FileName string `bson:"fileName" json:"fileName"`
85 Pid int `bson:"pid"` 86 Pid int `bson:"pid" json:"pid"`
86 Fd int `bson:"fd"` 87 Fd int `bson:"fd" json:"fd"`
87 Flags [4]uint64 `bson:"flags"` 88 Flags [4]uint64 `bson:"flags" json:"flags"`
88 Written []time.Time `bson:"written"` 89 Written []time.Time `bson:"written" json:"written"`
89 CloseTimestamp time.Time `bson:"close_timestamp"` 90 CloseTimestamp time.Time `bson:"close_timestamp" json:"close_timestamp"`
91}
92
93func (f File) MarshalJSON() ([]byte, error) {
94 type Alias File // 使用别名避免递归调用
95
96 return json.Marshal(&struct {
97 Alias
98 Flags0 string `json:"FileNamePointer"`
99 Flags1 string `json:"FileFlags"`
100 }{
101 Alias: Alias(f),
102 Flags0: fmt.Sprintf("%#012x", f.Flags[0]), // flags[0] 转换为小写16进制
103 Flags1: parseFlags(f.Flags[1]), // flags[1] 解析为字符串
104 })
90} 105}
91 106
92// Queue 定义一个队列结构体 107// Queue 定义一个队列结构体