diff options
author | We-unite <3205135446@qq.com> | 2024-09-02 16:45:07 +0800 |
---|---|---|
committer | We-unite <3205135446@qq.com> | 2024-09-02 16:45:07 +0800 |
commit | 08207d77be79afc6f75d1611726b92bdf622717f (patch) | |
tree | 918991217807ff18025b998407b87bcd31d4ddc3 /filter/global.go | |
parent | f9f8f35ccd8b505a827d40f95c52ed039512b79d (diff) | |
download | godo-dev.tar.gz godo-dev.zip |
In the listener, I change the order coroutines are started to avoid
'send on a closed channel'. Besides, the method to get syscall names
and numbers are not so universial, so let's go back to check unistd.h.
In the filter, the output is set to be written to ./log dir. Pid tree
are shown in logs/tree.log, and detail info in pids.log, while file info
in the logs/files.log. tree.log shows a tree just like `tree` command,
the other two files are written in json.
What's more, the flags while opening files are also checked ans showed
in files.log.
Diffstat (limited to '')
-rw-r--r-- | filter/global.go | 73 |
1 files changed, 44 insertions, 29 deletions
diff --git a/filter/global.go b/filter/global.go index bade895..7ba3fc1 100644 --- a/filter/global.go +++ b/filter/global.go | |||
@@ -1,39 +1,40 @@ | |||
1 | package main | 1 | package main |
2 | 2 | ||
3 | import ( | 3 | import ( |
4 | "encoding/json" | ||
4 | "fmt" | 5 | "fmt" |
5 | "time" | 6 | "time" |
6 | ) | 7 | ) |
7 | 8 | ||
8 | type Exec struct { | 9 | type Exec struct { |
9 | Timestamp time.Time `bson:"timestamp"` | 10 | Timestamp time.Time `bson:"timestamp" json:"timestamp"` |
10 | ExecArgs []string `bson:"execArgs"` | 11 | ExecArgs []string `bson:"execArgs" json:"execArgs"` |
11 | } | 12 | } |
12 | 13 | ||
13 | type Process struct { | 14 | type Process struct { |
14 | Star bool `bson:"star"` | 15 | Star bool `bson:"star" json:"star"` |
15 | StartTimestamp time.Time `bson:"start_timestamp"` | 16 | StartTimestamp time.Time `bson:"start_timestamp" json:"start_timestamp"` |
16 | Ppid int `bson:"ppid"` | 17 | Ppid int `bson:"ppid" json:"ppid"` |
17 | ParentTgid int `bson:"parentTgid"` | 18 | ParentTgid int `bson:"parentTgid" json:"parentTgid"` |
18 | Pid int `bson:"pid"` | 19 | Pid int `bson:"pid" json:"pid"` |
19 | Tgid int `bson:"tgid"` | 20 | Tgid int `bson:"tgid" json:"tgid"` |
20 | Args []string `bson:"args"` | 21 | Args []string `bson:"args" json:"args"` |
21 | Comm string `bson:"comm"` | 22 | Comm string `bson:"comm" json:"comm"` |
22 | RootFS string `bson:"rootfs"` | 23 | RootFS string `bson:"rootfs" json:"rootfs"` |
23 | Cwd string `bson:"cwd"` | 24 | Cwd string `bson:"cwd" json:"cwd"` |
24 | Children []int `bson:"children"` | 25 | Children []int `bson:"children" json:"children"` |
25 | DockerId string `bson:"docker_id"` | 26 | DockerId string `bson:"docker_id" json:"docker_id"` |
26 | Execve []Exec `bson:"execve"` | 27 | Execve []Exec `bson:"execve" json:"execve"` |
27 | ExitCode int `bson:"exit_code"` | 28 | ExitCode int `bson:"exit_code" json:"exit_code"` |
28 | ExitSignal int `bson:"exit_signal"` | 29 | ExitSignal int `bson:"exit_signal" json:"exit_signal"` |
29 | ExitTimestamp time.Time `bson:"exit_timestamp"` | 30 | ExitTimestamp time.Time `bson:"exit_timestamp" json:"exit_timestamp"` |
30 | } | 31 | } |
31 | 32 | ||
32 | type tgidNode struct { | 33 | type tgidNode struct { |
33 | Tgid int `bson:"tgid"` | 34 | Tgid int `bson:"tgid" json:"tgid"` |
34 | FindPid map[int]int `bson:"findPid"` | 35 | FindPid map[int]int `bson:"findPid" json:"findPid"` |
35 | Threads []Process `bson:"threads"` | 36 | Threads []Process `bson:"threads" json:"threads"` |
36 | ChildTgid []int `bson:"child_tgid"` | 37 | ChildTgid []int `bson:"child_tgid" json:"child_tgid"` |
37 | } | 38 | } |
38 | 39 | ||
39 | func (p Process) String() string { | 40 | func (p Process) String() string { |
@@ -80,13 +81,27 @@ func (node tgidNode) String() string { | |||
80 | } | 81 | } |
81 | 82 | ||
82 | type File struct { | 83 | type File struct { |
83 | OpenTimestamp time.Time `bson:"timestamp"` | 84 | OpenTimestamp time.Time `bson:"timestamp" json:"timestamp"` |
84 | FileName string `bson:"fileName"` | 85 | FileName string `bson:"fileName" json:"fileName"` |
85 | Pid int `bson:"pid"` | 86 | Pid int `bson:"pid" json:"pid"` |
86 | Fd int `bson:"fd"` | 87 | Fd int `bson:"fd" json:"fd"` |
87 | Flags [4]uint64 `bson:"flags"` | 88 | Flags [4]uint64 `bson:"flags" json:"flags"` |
88 | Written []time.Time `bson:"written"` | 89 | Written []time.Time `bson:"written" json:"written"` |
89 | CloseTimestamp time.Time `bson:"close_timestamp"` | 90 | CloseTimestamp time.Time `bson:"close_timestamp" json:"close_timestamp"` |
91 | } | ||
92 | |||
93 | func (f File) MarshalJSON() ([]byte, error) { | ||
94 | type Alias File // 使用别名避免递归调用 | ||
95 | |||
96 | return json.Marshal(&struct { | ||
97 | Alias | ||
98 | Flags0 string `json:"FileNamePointer"` | ||
99 | Flags1 string `json:"FileFlags"` | ||
100 | }{ | ||
101 | Alias: Alias(f), | ||
102 | Flags0: fmt.Sprintf("%#012x", f.Flags[0]), // flags[0] 转换为小写16进制 | ||
103 | Flags1: parseFlags(f.Flags[1]), // flags[1] 解析为字符串 | ||
104 | }) | ||
90 | } | 105 | } |
91 | 106 | ||
92 | // Queue 定义一个队列结构体 | 107 | // Queue 定义一个队列结构体 |