Add write

author: We-unite <3205135446@qq.com> 2024-07-29 14:25:06 +0800
committer: We-unite <3205135446@qq.com> 2024-07-29 14:25:06 +0800
commit: 0deb0b10c28f72f08c330f183ef64d90405b1358 (patch)
tree: 257cecc63c0de65d04493ef09e5719747ae89975 /src/organize.go
parent: a345258c3082903702c81c6c830ff1fd35758861 (diff)
download: godo-0deb0b10c28f72f08c330f183ef64d90405b1358.tar.gz
godo-0deb0b10c28f72f08c330f183ef64d90405b1358.zip
1 files changed, 14 insertions, 0 deletions
diff --git a/src/organize.go b/src/organize.go
index 1b064c1..f5c9992 100644
--- a/src/organize.go
+++ b/src/organize.go
@@ -160,6 +160,20 @@ func syscallRaw(rawEvent libaudit.RawAuditMessage) {
                        syscallParam: a,
                        pathName:     "",
                })
+        case "write":
+                eventTable.Store(eventId, &Event{
+                        tag:          FILEWRITE,
+                        timestamp:    event.timestamp,
+                        syscall:      event.syscall,
+                        exit_code:    uint64(exit),
+                        ppid:         event.ppid,
+                        pid:          event.pid,
+                        argc:         0,
+                        argv:         make([]string, 0),
+                        cwd:          "",
+                        syscallParam: a,
+                        // pathName:     "",
+                })
        case "close":
                // 文件关闭
                eventTable.Store(eventId, &Event{
author	We-unite <3205135446@qq.com>	2024-07-29 14:25:06 +0800
committer	We-unite <3205135446@qq.com>	2024-07-29 14:25:06 +0800
commit	0deb0b10c28f72f08c330f183ef64d90405b1358 (patch)
tree	257cecc63c0de65d04493ef09e5719747ae89975 /src/organize.go
parent	a345258c3082903702c81c6c830ff1fd35758861 (diff)
download	godo-0deb0b10c28f72f08c330f183ef64d90405b1358.tar.gz godo-0deb0b10c28f72f08c330f183ef64d90405b1358.zip

diff --git a/src/organize.go b/src/organize.go index 1b064c1..f5c9992 100644 --- a/src/organize.go +++ b/src/organize.go
@@ -160,6 +160,20 @@ func syscallRaw(rawEvent libaudit.RawAuditMessage) {
160	syscallParam: a,	160	syscallParam: a,
161	pathName: "",	161	pathName: "",
162	})	162	})
		163	case "write":
		164	eventTable.Store(eventId, &Event{
		165	tag: FILEWRITE,
		166	timestamp: event.timestamp,
		167	syscall: event.syscall,
		168	exit_code: uint64(exit),
		169	ppid: event.ppid,
		170	pid: event.pid,
		171	argc: 0,
		172	argv: make([]string, 0),
		173	cwd: "",
		174	syscallParam: a,
		175	// pathName: "",
		176	})
163	case "close":	177	case "close":
164	// 文件关闭	178	// 文件关闭
165	eventTable.Store(eventId, &Event{	179	eventTable.Store(eventId, &Event{