diff options
author | We-unite <3205135446@qq.com> | 2024-07-22 11:41:59 +0800 |
---|---|---|
committer | We-unite <3205135446@qq.com> | 2024-07-22 19:36:34 +0800 |
commit | cf5618ff2e2a183c5bdf6444787dccdcbf26ce76 (patch) | |
tree | 6cc173b9bffe2c1414887a338b6dc2bdbd594fd1 /src/go.mod | |
parent | 7cf8e470471d30fc821a8be350dcb97dc64e5add (diff) | |
download | godo-cf5618ff2e2a183c5bdf6444787dccdcbf26ce76.tar.gz godo-cf5618ff2e2a183c5bdf6444787dccdcbf26ce76.zip |
Use mongodb, insert process info into it
I failed to print the process tree out. While I'm printing the tree,
the tree itself gets changed, maybe deleted. What's more, the output
show that there are 4 lines with the same ppid and pid, how an absurd
result! It may be caused by multi-thread. So, use database instead.
Mongodb uses bson(binary json) to store data but not relational
database like mysql, which means it's more easy to use.(?)
Beside inserting, I've also solved a question that "fork" is called
once but returns twice. For instance, pid 1 forked pid 2, in the
audit log it's not an event "syscall=clone,ppid=1,pid=2", but actually
two events "syscall=clone,exit=0,ppid=0,pid=1" and "syscall=clone,exit=
2,ppid=0,pid=1", which is just what we see in sys_fork in kernel source.
To deal with this, when syscall is clone and exit is 0 we just drop it.
Left question: To find out the exit code when a process exit/exit_group,
and finish the code to record it in the database.
Diffstat (limited to '')
-rw-r--r-- | src/go.mod | 16 |
1 files changed, 13 insertions, 3 deletions
@@ -5,12 +5,22 @@ go 1.21.5 | |||
5 | require ( | 5 | require ( |
6 | github.com/elastic/go-libaudit/v2 v2.5.0 | 6 | github.com/elastic/go-libaudit/v2 v2.5.0 |
7 | github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 | 7 | github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 |
8 | gopkg.in/yaml.v3 v3.0.1 | 8 | go.mongodb.org/mongo-driver v1.16.0 |
9 | ) | 9 | ) |
10 | 10 | ||
11 | require ( | 11 | require ( |
12 | github.com/golang/snappy v0.0.4 // indirect | ||
13 | github.com/klauspost/compress v1.13.6 // indirect | ||
14 | github.com/montanaflynn/stats v0.7.1 // indirect | ||
15 | github.com/xdg-go/pbkdf2 v1.0.0 // indirect | ||
16 | github.com/xdg-go/scram v1.1.2 // indirect | ||
17 | github.com/xdg-go/stringprep v1.0.4 // indirect | ||
18 | github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d // indirect | ||
12 | go.uber.org/atomic v1.7.0 // indirect | 19 | go.uber.org/atomic v1.7.0 // indirect |
13 | go.uber.org/multierr v1.7.0 // indirect | 20 | go.uber.org/multierr v1.7.0 // indirect |
14 | golang.org/x/sys v0.11.0 // indirect | 21 | golang.org/x/crypto v0.22.0 // indirect |
15 | gopkg.in/yaml.v2 v2.4.0 // indirect | 22 | golang.org/x/sync v0.7.0 // indirect |
23 | golang.org/x/sys v0.19.0 // indirect | ||
24 | golang.org/x/text v0.14.0 // indirect | ||
25 | gopkg.in/yaml.v3 v3.0.1 // indirect | ||
16 | ) | 26 | ) |