Write documents of the program.

Add README.md on the design of the whole program, and how its every
part(listener, filter) works, finally how to compile and use them.

Besides, notes.md records the things and technology learned in this
program, such as how to read kernel src, how the pthread_create/fork/
clone syscall works on processes and threads, the techs used to make
docker container works well, and books to be read. Good good study,
day day up.

1 files changed, 19 insertions, 1 deletions

diff --git a/listener/organize.go b/listener/organize.go
index 0c05eb4..cf6dad3 100644
--- a/listener/organize.go
+++ b/listener/organize.go
@@ -2,6 +2,7 @@ package main
 
 import (
         "fmt"
+        "io"
         "os"
         "regexp"
         "strconv"
@@ -41,13 +42,30 @@ func orgnaze() {
         var raw interface{}
         var rawEvent libaudit.RawAuditMessage
 
+        var diagWriter io.Writer
+        var f *os.File
+        var err error
+        var fileName string
+        if *diag != "" {
+                fileName = *diag
+        } else {
+                fileName = "godo.log"
+        }
+
+        f, err = os.OpenFile(fileName, os.O_CREATE|os.O_RDWR|os.O_TRUNC, 0o664)
+        if err != nil {
+                f = nil
+        }
+        defer f.Close()
+        diagWriter = f
+
         for {
                 raw, ok = <-rawChan
                 if !ok {
                         break
                 }
                 rawEvent = raw.(libaudit.RawAuditMessage)
-                // fmt.Printf("type=%v msg=%s\n", rawEvent.Type, rawEvent.Data)
+                fmt.Fprintf(diagWriter, "type=%v msg=%s\n", rawEvent.Type, rawEvent.Data)
 
                 switch rawEvent.Type {
                 case auparse.AUDIT_SYSCALL: