aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--filter/files.go102
-rw-r--r--filter/filter.go328
-rw-r--r--filter/global.go73
-rw-r--r--filter/logs/files.log202
-rw-r--r--filter/logs/pid.log3702
-rw-r--r--filter/logs/tree.log26
-rw-r--r--filter/pids.go301
-rw-r--r--listener/basefunc.go54
-rw-r--r--listener/godo.go4
9 files changed, 4445 insertions, 347 deletions
diff --git a/filter/files.go b/filter/files.go
new file mode 100644
index 0000000..e8c0cd3
--- /dev/null
+++ b/filter/files.go
@@ -0,0 +1,102 @@
1package main
2
3import (
4 "fmt"
5 "path"
6 "sort"
7 "syscall"
8)
9
10type FileFlag struct {
11 Value uint64
12 Name string
13}
14
15var FileFlags = []FileFlag{
16 {Value: syscall.O_APPEND, Name: "O_APPEND"},
17 {Value: syscall.O_ASYNC, Name: "O_ASYNC"},
18 {Value: syscall.O_CLOEXEC, Name: "O_CLOEXEC"},
19 {Value: syscall.O_CREAT, Name: "O_CREAT"},
20 {Value: syscall.O_DIRECT, Name: "O_DIRECT"},
21 {Value: syscall.O_DIRECTORY, Name: "O_DIRECTORY"},
22 {Value: syscall.O_DSYNC, Name: "O_DSYNC"},
23 {Value: syscall.O_EXCL, Name: "O_EXCL"},
24 {Value: syscall.O_FSYNC, Name: "O_FSYNC"},
25 {Value: syscall.O_NDELAY, Name: "O_NDELAY"},
26 {Value: syscall.O_NOATIME, Name: "O_NOATIME"},
27 {Value: syscall.O_NOCTTY, Name: "O_NOCTTY"},
28 {Value: syscall.O_NOFOLLOW, Name: "O_NOFOLLOW"},
29 {Value: syscall.O_NONBLOCK, Name: "O_NONBLOCK"},
30 {Value: syscall.O_RDONLY, Name: "O_RDONLY"},
31 {Value: syscall.O_RDWR, Name: "O_RDWR"},
32 {Value: syscall.O_RSYNC, Name: "O_RSYNC"},
33 {Value: syscall.O_SYNC, Name: "O_SYNC"},
34 {Value: syscall.O_TRUNC, Name: "O_TRUNC"},
35 {Value: syscall.O_WRONLY, Name: "O_WRONLY"},
36}
37
38func filtFiles(pRawFileData *[]File) {
39 rawFileData := *pRawFileData
40 files = make([]File, 0)
41
42 // 所有文件按照特定顺序排
43 sort.Slice(rawFileData, func(i, j int) bool {
44 pi := &rawFileData[i]
45 pj := &rawFileData[j]
46
47 if pi.FileName < pj.FileName {
48 return true
49 } else if pi.FileName > pj.FileName {
50 return false
51 }
52 if pi.Pid < pj.Pid {
53 return true
54 } else if pi.Pid > pj.Pid {
55 return false
56 }
57 if pi.Fd < pj.Fd {
58 return true
59 } else if pi.Fd > pj.Fd {
60 return false
61 }
62 if pi.OpenTimestamp.Before(pj.OpenTimestamp) {
63 return true
64 } else {
65 return false
66 }
67 })
68
69 for _, file := range rawFileData {
70 tgid := findTgid[file.Pid]
71 pTgidNode, exists := helloTree[tgid]
72 if !exists {
73 continue
74 }
75 if file.CloseTimestamp.IsZero() {
76 index, exists := pTgidNode.FindPid[file.Pid]
77 if !exists || index < 0 || index >= len(pTgidNode.Threads) {
78 continue
79 }
80 file.CloseTimestamp = pTgidNode.Threads[index].ExitTimestamp
81 }
82 file.FileName = path.Clean(file.FileName)
83 files = append(files, file)
84 }
85}
86
87// 解析 Flags[1] 的值为描述性字符串
88func parseFlags(flag uint64) string {
89 var result string
90 for _, fileFlag := range FileFlags {
91 if flag&fileFlag.Value == fileFlag.Value {
92 if result != "" {
93 result += " | "
94 }
95 result += fileFlag.Name
96 }
97 }
98 if result == "" {
99 return fmt.Sprintf("0x%x", flag) // 返回原始十六进制值
100 }
101 return result
102}
diff --git a/filter/filter.go b/filter/filter.go
index 98c326c..6391afc 100644
--- a/filter/filter.go
+++ b/filter/filter.go
@@ -2,11 +2,10 @@ package main
2 2
3import ( 3import (
4 "context" 4 "context"
5 "encoding/json"
5 "fmt" 6 "fmt"
6 "log" 7 "log"
7 "os" 8 "os"
8 "path"
9 "sort"
10 9
11 "go.mongodb.org/mongo-driver/bson" 10 "go.mongodb.org/mongo-driver/bson"
12 "go.mongodb.org/mongo-driver/mongo" 11 "go.mongodb.org/mongo-driver/mongo"
@@ -33,7 +32,7 @@ var files []File
33 32
34func main() { 33func main() {
35 // 连接到MongoDB 34 // 连接到MongoDB
36 client, err := mongo.Connect(context.TODO(), options.Client().ApplyURI("mongodb://localhost:27017")) 35 client, err := mongo.Connect(context.TODO(), options.Client().ApplyURI("mongodb://192.168.192.136:27017"))
37 if err != nil { 36 if err != nil {
38 log.Fatal(err) 37 log.Fatal(err)
39 } 38 }
@@ -114,303 +113,48 @@ func main() {
114 for _, file := range files { 113 for _, file := range files {
115 newFileCol.InsertOne(context.Background(), file) 114 newFileCol.InsertOne(context.Background(), file)
116 } 115 }
117}
118
119func ProMerge(a, b Process) (res Process) {
120 // 合并过程中会遇到什么问题?
121 res.Star = false
122
123 if a.StartTimestamp.IsZero() {
124 res.StartTimestamp = b.StartTimestamp
125 } else if b.StartTimestamp.IsZero() {
126 res.StartTimestamp = a.StartTimestamp
127 } else if a.StartTimestamp.Before(b.StartTimestamp) {
128 res.StartTimestamp = a.StartTimestamp
129 } else {
130 res.StartTimestamp = b.StartTimestamp
131 }
132
133 res.Ppid = a.Ppid
134 if a.ParentTgid == 0 {
135 res.ParentTgid = b.ParentTgid
136 } else {
137 res.ParentTgid = a.ParentTgid
138 }
139
140 res.Pid = a.Pid
141 if a.Tgid == 0 {
142 res.Tgid = b.Tgid
143 } else {
144 res.Tgid = a.Tgid
145 }
146
147 if len(a.Args) == 0 {
148 res.Args = b.Args
149 } else {
150 res.Args = a.Args
151 }
152
153 if a.Comm == "" {
154 res.Comm = b.Comm
155 } else {
156 res.Comm = a.Comm
157 }
158
159 if a.RootFS == "" {
160 res.RootFS = b.RootFS
161 } else {
162 res.RootFS = a.RootFS
163 }
164
165 if a.Cwd == "" {
166 res.Cwd = b.Cwd
167 } else {
168 res.Cwd = a.Cwd
169 }
170
171 res.Execve = append(a.Execve, b.Execve...)
172 res.Children = append(a.Children, b.Children...)
173 116
174 var flag bool // 真a假b 117 /* Step 3: 输出到文件
175 if a.ExitTimestamp.IsZero() { 118 * - 所有内容输出到logs目录,所有文本存在则覆盖,不存在则创建
176 flag = false 119 * - 进程树输出到logs/tree.log
177 } else if b.ExitTimestamp.IsZero() { 120 * - 每个进程以json格式输出到logs/pids.log
178 flag = true 121 * - 文件信息输出到logs/files.log
179 } else if a.ExitTimestamp.Before(b.ExitTimestamp) { 122 */
180 flag = true 123 stat, err := os.Stat("logs")
181 } else { 124 if err != nil || !stat.IsDir() {
182 flag = false 125 os.Mkdir("logs", 0755)
183 }
184
185 if flag {
186 res.ExitCode = a.ExitCode
187 res.ExitSignal = a.ExitSignal
188 res.ExitTimestamp = a.ExitTimestamp
189 } else {
190 res.ExitCode = b.ExitCode
191 res.ExitSignal = b.ExitSignal
192 res.ExitTimestamp = b.ExitTimestamp
193 }
194
195 return res
196}
197
198func mergeProcess(pRawPidData *[]Process) (merged []Process) {
199 rawPidData := *pRawPidData
200 // 合并由多线程导致的重复记录,顺便按照pid升序
201 index := make(map[int]int)
202 for _, process := range rawPidData {
203 i, exists := index[process.Pid]
204 if exists {
205 // 已存在,合并
206 merged[i] = ProMerge(merged[i], process)
207 } else {
208 // 不存在,直接添加
209 merged = append(merged, process)
210 index[process.Pid] = len(merged) - 1
211 }
212 }
213 sort.Slice(merged, func(i, j int) bool {
214 return merged[i].Pid < merged[j].Pid
215 })
216 return merged
217}
218
219func getTgidNodes(merged []Process) (tgidMap map[int]*tgidNode, starTgid int, rootfsPids []int) {
220 // 合并出来的进程整理为tgidNode
221 tgidMap = make(map[int]*tgidNode)
222 findTgid = make(map[int]int) // pid --> tgid
223 // var starTgid, rootFsPid int
224 starTgid = -1
225 // rootfsPid = -1
226 rootfsPids = make([]int, 0)
227 for _, val := range merged {
228 if val.Star {
229 starTgid = val.Tgid
230 } else if val.RootFS != "" {
231 rootfsPids = append(rootfsPids, val.Pid)
232 }
233 // 登记tgid
234 findTgid[val.Pid] = val.Tgid
235 nodeval, exists := tgidMap[val.Tgid]
236 if exists {
237 // 直接记录
238 nodeval.Threads = append(nodeval.Threads, val)
239 nodeval.FindPid[val.Pid] = len(nodeval.Threads) - 1
240 } else {
241 node := tgidNode{
242 Tgid: val.Tgid,
243 FindPid: make(map[int]int),
244 Threads: make([]Process, 0),
245 ChildTgid: make([]int, 0),
246 }
247 node.Threads = append(node.Threads, val)
248 node.FindPid[val.Pid] = 0
249 tgidMap[val.Tgid] = &node
250 }
251 } 126 }
252 return tgidMap, starTgid, rootfsPids
253}
254 127
255func buildTree(tgidMap map[int]*tgidNode, starTgid int) { 128 // 进程树
256 // 从tgid==starTgid开始,构建树 129 treeFile, err := os.OpenFile("logs/tree.log", os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0644)
257 helloTree = make(map[int]*tgidNode) // 在树上的tgid节点,tgid --> *tgidNode 130 if err != nil {
258 var q Queue // 记录每一个整理好的结构体,bfs 131 fmt.Fprintf(os.Stderr, "Err: %v\n", err)
259 visited := make(map[int]bool) // 哪些tgid已经访问过
260
261 tmp, exists := tgidMap[starTgid]
262 if !exists {
263 return 132 return
264 } 133 }
265 134 defer treeFile.Close()
266 // helloTree负责在遍历到该节点时记录 135 pidFile, err := os.OpenFile("logs/pid.log", os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0644)
267 // 队列仅负责搞明白哪些节点在树上 136 if err != nil {
268 // 因而所有添加子代tgid的行为只针对helloTree 137 fmt.Fprintf(os.Stderr, "Err: %v\n", err)
269 // q不添加,直接把新的tgid对应的tgidNode入队就是了 138 return
270 q.Enqueue(tmp)
271 visited[starTgid] = true
272 for !q.IsEmpty() {
273 tmp, ok := q.Dequeue()
274 if !ok {
275 continue
276 }
277 node := tmp.(*tgidNode) // 队列里的一个节点,这里必须重新申请node
278 helloTree[node.Tgid] = node
279 for i := 0; i < len(node.Threads); i++ {
280 for j := 0; j < len(node.Threads[i].Children); j++ {
281 tgid := findTgid[node.Threads[i].Children[j]]
282 _, exists := visited[tgid]
283 if !exists {
284 // 子代里有没见过的tgid
285 tgidNode, exists := tgidMap[tgid]
286 if !exists {
287 continue
288 }
289 helloTree[node.Tgid].ChildTgid = append(helloTree[node.Tgid].ChildTgid, tgid)
290 q.Enqueue(tgidNode)
291 visited[tgid] = true
292 }
293 }
294 }
295 }
296}
297
298func optimazePid(starTgid int, rootfsPids []int) {
299 getDockerRootFs := make(map[string]string) // dockerId --> rootfs
300 // 首先处理一下记录有pivot_root信息的进程,防止pivot先于fork
301 for _, rootfsPid := range rootfsPids {
302 rootfsTgid := findTgid[rootfsPid]
303 i := helloTree[rootfsTgid].FindPid[rootfsPid]
304 rootfsProcess := &(helloTree[rootfsTgid].Threads[i])
305 if rootfsProcess.RootFS == "cwd" {
306 rootfsProcess.RootFS = rootfsProcess.Cwd
307 }
308 getDockerRootFs[rootfsProcess.DockerId] = rootfsProcess.RootFS
309 } 139 }
140 defer pidFile.Close()
141 // 从starTgid开始,按照树的形状输出
142 drawTree(treeFile, pidFile, helloTree[starTgid], "", true)
310 143
311 count := 0 144 // 文件信息,json格式
312 for _, val := range helloTree { 145 fileFile, err := os.OpenFile("logs/files.log", os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0644)
313 // 处理一下pid结束时间,顺便找找爹 146 if err != nil {
314 // 结束时间是因为很多线程结束时间没获取到,默认按照进程退出时间处理 147 fmt.Fprintf(os.Stderr, "Err: %v\n", err)
315 // Ppid是因为进程产生之初收到的信息写的爹一定是亲爹 148 return
316 // 但是产生线程时候该进程很可能已作为孤儿被收养,导致线程里关于爹的记录是继父
317 for i := 0; i < len(val.Threads); i++ {
318 if i != 0 {
319 if val.Threads[i].Tgid < val.Threads[0].Tgid {
320 val.Threads[i].ParentTgid = val.Threads[0].ParentTgid
321 val.Threads[i].Ppid = val.Threads[0].Ppid
322 }
323 if val.Threads[i].ExitTimestamp.IsZero() {
324 val.Threads[i].ExitCode = val.Threads[0].ExitCode
325 val.Threads[i].ExitTimestamp = val.Threads[0].ExitTimestamp
326 val.Threads[i].ExitSignal = val.Threads[0].ExitSignal
327 }
328 }
329
330 dockerId := val.Threads[i].DockerId
331 if dockerId != "" {
332 rootfs, exists := getDockerRootFs[dockerId]
333 if !exists {
334 fmt.Fprintf(os.Stderr, "Err: the docker rootfs of pid %d is not known!\n", val.Threads[i].Pid)
335 continue
336 }
337 val.Threads[i].RootFS = rootfs
338 }
339 }
340
341 count++
342 fmt.Printf("%v\n", *val)
343 } 149 }
344 fmt.Printf("Star: %d, res: %d\n", starTgid, count) 150 defer fileFile.Close()
345} 151 for _, file := range files {
346 152 jsonData, err := json.MarshalIndent(file, "", " ")
347func filtPids(pRawPidData *[]Process) { 153 if err != nil {
348 /* ATTENTION: 把map/slice直接传参是危险的 154 fmt.Fprintf(os.Stderr, "Err: %v\n", err)
349 * 传递的是指针,不会引起大的复制开销, 155 return
350 * 但是map/slice在callee func内被修改**可能**导致内存更改
351 * 而这样的内存更改对caller function来说是不可见的,看到的还是原来的东西
352 * 这里由于参数几乎都是只读不写,因而用一下
353 */
354
355 // 合并由多线程导致的重复记录,顺便按照pid升序
356 // 多线程已经取消了,但保险起见还是留着
357 merged := mergeProcess(pRawPidData)
358 // 将Process按照tgid合并
359 tgidMap, starTgid, rootfsPids := getTgidNodes(merged)
360 // 建树,helloTree
361 buildTree(tgidMap, starTgid)
362 // 对树上的进程做一些优化处理
363 optimazePid(starTgid, rootfsPids)
364}
365
366func filtFiles(pRawFileData *[]File) {
367 rawFileData := *pRawFileData
368 files = make([]File, 0)
369
370 // 所有文件按照特定顺序排
371 sort.Slice(rawFileData, func(i, j int) bool {
372 pi := &rawFileData[i]
373 pj := &rawFileData[j]
374
375 if pi.FileName < pj.FileName {
376 return true
377 } else if pi.FileName > pj.FileName {
378 return false
379 }
380 if pi.Pid < pj.Pid {
381 return true
382 } else if pi.Pid > pj.Pid {
383 return false
384 }
385 if pi.Fd < pj.Fd {
386 return true
387 } else if pi.Fd > pj.Fd {
388 return false
389 }
390 if pi.OpenTimestamp.Before(pj.OpenTimestamp) {
391 return true
392 } else {
393 return false
394 }
395 })
396
397 for _, file := range rawFileData {
398 if file.FileName == "/root/test/1/../.hello.c.swp" {
399 fmt.Printf("Test\n")
400 }
401 tgid := findTgid[file.Pid]
402 pTgidNode, exists := helloTree[tgid]
403 if !exists {
404 continue
405 }
406 if file.CloseTimestamp.IsZero() {
407 index, exists := pTgidNode.FindPid[file.Pid]
408 if !exists || index < 0 || index >= len(pTgidNode.Threads) {
409 continue
410 }
411 file.CloseTimestamp = pTgidNode.Threads[index].ExitTimestamp
412 } 156 }
413 file.FileName = path.Clean(file.FileName) 157 fileFile.Write(jsonData)
414 files = append(files, file) 158 fileFile.WriteString("\n\n")
415 } 159 }
416} 160}
diff --git a/filter/global.go b/filter/global.go
index bade895..7ba3fc1 100644
--- a/filter/global.go
+++ b/filter/global.go
@@ -1,39 +1,40 @@
1package main 1package main
2 2
3import ( 3import (
4 "encoding/json"
4 "fmt" 5 "fmt"
5 "time" 6 "time"
6) 7)
7 8
8type Exec struct { 9type Exec struct {
9 Timestamp time.Time `bson:"timestamp"` 10 Timestamp time.Time `bson:"timestamp" json:"timestamp"`
10 ExecArgs []string `bson:"execArgs"` 11 ExecArgs []string `bson:"execArgs" json:"execArgs"`
11} 12}
12 13
13type Process struct { 14type Process struct {
14 Star bool `bson:"star"` 15 Star bool `bson:"star" json:"star"`
15 StartTimestamp time.Time `bson:"start_timestamp"` 16 StartTimestamp time.Time `bson:"start_timestamp" json:"start_timestamp"`
16 Ppid int `bson:"ppid"` 17 Ppid int `bson:"ppid" json:"ppid"`
17 ParentTgid int `bson:"parentTgid"` 18 ParentTgid int `bson:"parentTgid" json:"parentTgid"`
18 Pid int `bson:"pid"` 19 Pid int `bson:"pid" json:"pid"`
19 Tgid int `bson:"tgid"` 20 Tgid int `bson:"tgid" json:"tgid"`
20 Args []string `bson:"args"` 21 Args []string `bson:"args" json:"args"`
21 Comm string `bson:"comm"` 22 Comm string `bson:"comm" json:"comm"`
22 RootFS string `bson:"rootfs"` 23 RootFS string `bson:"rootfs" json:"rootfs"`
23 Cwd string `bson:"cwd"` 24 Cwd string `bson:"cwd" json:"cwd"`
24 Children []int `bson:"children"` 25 Children []int `bson:"children" json:"children"`
25 DockerId string `bson:"docker_id"` 26 DockerId string `bson:"docker_id" json:"docker_id"`
26 Execve []Exec `bson:"execve"` 27 Execve []Exec `bson:"execve" json:"execve"`
27 ExitCode int `bson:"exit_code"` 28 ExitCode int `bson:"exit_code" json:"exit_code"`
28 ExitSignal int `bson:"exit_signal"` 29 ExitSignal int `bson:"exit_signal" json:"exit_signal"`
29 ExitTimestamp time.Time `bson:"exit_timestamp"` 30 ExitTimestamp time.Time `bson:"exit_timestamp" json:"exit_timestamp"`
30} 31}
31 32
32type tgidNode struct { 33type tgidNode struct {
33 Tgid int `bson:"tgid"` 34 Tgid int `bson:"tgid" json:"tgid"`
34 FindPid map[int]int `bson:"findPid"` 35 FindPid map[int]int `bson:"findPid" json:"findPid"`
35 Threads []Process `bson:"threads"` 36 Threads []Process `bson:"threads" json:"threads"`
36 ChildTgid []int `bson:"child_tgid"` 37 ChildTgid []int `bson:"child_tgid" json:"child_tgid"`
37} 38}
38 39
39func (p Process) String() string { 40func (p Process) String() string {
@@ -80,13 +81,27 @@ func (node tgidNode) String() string {
80} 81}
81 82
82type File struct { 83type File struct {
83 OpenTimestamp time.Time `bson:"timestamp"` 84 OpenTimestamp time.Time `bson:"timestamp" json:"timestamp"`
84 FileName string `bson:"fileName"` 85 FileName string `bson:"fileName" json:"fileName"`
85 Pid int `bson:"pid"` 86 Pid int `bson:"pid" json:"pid"`
86 Fd int `bson:"fd"` 87 Fd int `bson:"fd" json:"fd"`
87 Flags [4]uint64 `bson:"flags"` 88 Flags [4]uint64 `bson:"flags" json:"flags"`
88 Written []time.Time `bson:"written"` 89 Written []time.Time `bson:"written" json:"written"`
89 CloseTimestamp time.Time `bson:"close_timestamp"` 90 CloseTimestamp time.Time `bson:"close_timestamp" json:"close_timestamp"`
91}
92
93func (f File) MarshalJSON() ([]byte, error) {
94 type Alias File // 使用别名避免递归调用
95
96 return json.Marshal(&struct {
97 Alias
98 Flags0 string `json:"FileNamePointer"`
99 Flags1 string `json:"FileFlags"`
100 }{
101 Alias: Alias(f),
102 Flags0: fmt.Sprintf("%#012x", f.Flags[0]), // flags[0] 转换为小写16进制
103 Flags1: parseFlags(f.Flags[1]), // flags[1] 解析为字符串
104 })
90} 105}
91 106
92// Queue 定义一个队列结构体 107// Queue 定义一个队列结构体
diff --git a/filter/logs/files.log b/filter/logs/files.log
new file mode 100644
index 0000000..a1cff08
--- /dev/null
+++ b/filter/logs/files.log
@@ -0,0 +1,202 @@
1{
2 "timestamp": "2024-08-31T08:14:08.325Z",
3 "fileName": "/proc/self/oom_score_adj",
4 "pid": 29662,
5 "fd": 7,
6 "flags": [
7 140727329818688,
8 2,
9 140727329818712,
10 140727329815648
11 ],
12 "written": [
13 "2024-08-31T08:14:08.325Z"
14 ],
15 "close_timestamp": "2024-08-31T08:14:08.325Z",
16 "FileNamePointer": "0x7ffda2810840",
17 "FileFlags": "O_RDONLY | O_RDWR"
18}
19
20{
21 "timestamp": "2024-08-31T08:14:10.789Z",
22 "fileName": "/proc/self/oom_score_adj",
23 "pid": 29705,
24 "fd": 6,
25 "flags": [
26 140737394046768,
27 2,
28 140737394046792,
29 140737394043680
30 ],
31 "written": [
32 "2024-08-31T08:14:10.789Z"
33 ],
34 "close_timestamp": "2024-08-31T08:14:10.789Z",
35 "FileNamePointer": "0x7ffffa60f730",
36 "FileFlags": "O_RDONLY | O_RDWR"
37}
38
39{
40 "timestamp": "2024-08-31T08:14:23.917Z",
41 "fileName": "/root/.bash_history",
42 "pid": 29709,
43 "fd": 3,
44 "flags": [
45 10822472,
46 1025,
47 384,
48 8
49 ],
50 "written": [
51 "2024-08-31T08:14:23.917Z"
52 ],
53 "close_timestamp": "2024-08-31T08:14:23.917Z",
54 "FileNamePointer": "0x000000a52348",
55 "FileFlags": "O_APPEND | O_RDONLY | O_WRONLY"
56}
57
58{
59 "timestamp": "2024-08-31T08:14:15.361Z",
60 "fileName": "/root/.hello.c.swp",
61 "pid": 29723,
62 "fd": 4,
63 "flags": [
64 93986886181648,
65 131266,
66 384,
67 140283278240632
68 ],
69 "written": [
70 "2024-08-31T08:14:15.361Z",
71 "2024-08-31T08:14:17.782Z",
72 "2024-08-31T08:14:21.953Z"
73 ],
74 "close_timestamp": "2024-08-31T08:14:21.953Z",
75 "FileNamePointer": "0x557b06f6e310",
76 "FileFlags": "O_CREAT | O_EXCL | O_NOFOLLOW | O_RDONLY | O_RDWR"
77}
78
79{
80 "timestamp": "2024-08-31T08:14:15.361Z",
81 "fileName": "/root/.hello.c.swp",
82 "pid": 29723,
83 "fd": 4,
84 "flags": [
85 93986886181648,
86 194,
87 384,
88 17
89 ],
90 "written": [],
91 "close_timestamp": "2024-08-31T08:14:15.361Z",
92 "FileNamePointer": "0x557b06f6e310",
93 "FileFlags": "O_CREAT | O_EXCL | O_RDONLY | O_RDWR"
94}
95
96{
97 "timestamp": "2024-08-31T08:14:15.361Z",
98 "fileName": "/root/.hello.c.swx",
99 "pid": 29723,
100 "fd": 5,
101 "flags": [
102 93986884210448,
103 194,
104 384,
105 17
106 ],
107 "written": [],
108 "close_timestamp": "2024-08-31T08:14:15.361Z",
109 "FileNamePointer": "0x557b06d8cf10",
110 "FileFlags": "O_CREAT | O_EXCL | O_RDONLY | O_RDWR"
111}
112
113{
114 "timestamp": "2024-08-31T08:14:21.953Z",
115 "fileName": "/root/.viminfo.tmp",
116 "pid": 29723,
117 "fd": 5,
118 "flags": [
119 93986886181872,
120 131265,
121 384,
122 0
123 ],
124 "written": [
125 "2024-08-31T08:14:21.953Z"
126 ],
127 "close_timestamp": "2024-08-31T08:14:21.953Z",
128 "FileNamePointer": "0x557b06f6e3f0",
129 "FileFlags": "O_CREAT | O_EXCL | O_NOFOLLOW | O_RDONLY | O_WRONLY"
130}
131
132{
133 "timestamp": "2024-08-31T08:14:21.95Z",
134 "fileName": "/root/4913",
135 "pid": 29723,
136 "fd": 3,
137 "flags": [
138 93986884186640,
139 131265,
140 33188,
141 0
142 ],
143 "written": [],
144 "close_timestamp": "2024-08-31T08:14:21.95Z",
145 "FileNamePointer": "0x557b06d87210",
146 "FileFlags": "O_CREAT | O_EXCL | O_NOFOLLOW | O_RDONLY | O_WRONLY"
147}
148
149{
150 "timestamp": "2024-08-31T08:14:21.95Z",
151 "fileName": "/root/hello.c",
152 "pid": 29723,
153 "fd": 3,
154 "flags": [
155 93986884214912,
156 577,
157 420,
158 0
159 ],
160 "written": [
161 "2024-08-31T08:14:21.95Z",
162 "2024-08-31T08:14:21.95Z"
163 ],
164 "close_timestamp": "2024-08-31T08:14:21.953Z",
165 "FileNamePointer": "0x557b06d8e080",
166 "FileFlags": "O_CREAT | O_RDONLY | O_TRUNC | O_WRONLY"
167}
168
169{
170 "timestamp": "2024-08-31T08:14:08.283Z",
171 "fileName": "/var/run/docker/runtime-runc/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/runc.Avdn7E",
172 "pid": 29662,
173 "fd": 7,
174 "flags": [
175 140730884269360,
176 194,
177 384,
178 1725092048
179 ],
180 "written": [],
181 "close_timestamp": "2024-08-31T08:14:08.283Z",
182 "FileNamePointer": "0x7ffe765da530",
183 "FileFlags": "O_CREAT | O_EXCL | O_RDONLY | O_RDWR"
184}
185
186{
187 "timestamp": "2024-08-31T08:14:10.776Z",
188 "fileName": "/var/run/docker/runtime-runc/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/runc.jV9mvl",
189 "pid": 29705,
190 "fd": 6,
191 "flags": [
192 140727845211728,
193 194,
194 384,
195 1725092050
196 ],
197 "written": [],
198 "close_timestamp": "2024-08-31T08:14:10.776Z",
199 "FileNamePointer": "0x7ffdc1394e50",
200 "FileFlags": "O_CREAT | O_EXCL | O_RDONLY | O_RDWR"
201}
202
diff --git a/filter/logs/pid.log b/filter/logs/pid.log
new file mode 100644
index 0000000..4486906
--- /dev/null
+++ b/filter/logs/pid.log
@@ -0,0 +1,3702 @@
1{
2 "tgid": 18009,
3 "findPid": {
4 "18009": 0,
5 "18011": 1,
6 "18012": 2,
7 "18013": 3,
8 "18014": 4,
9 "18015": 5,
10 "18016": 6,
11 "18017": 7,
12 "18018": 8,
13 "19408": 9
14 },
15 "threads": [
16 {
17 "star": true,
18 "start_timestamp": "0001-01-01T00:00:00Z",
19 "ppid": 1,
20 "parentTgid": 1,
21 "pid": 18009,
22 "tgid": 18009,
23 "args": [],
24 "comm": "",
25 "rootfs": "",
26 "cwd": "/",
27 "children": [],
28 "docker_id": "",
29 "execve": [],
30 "exit_code": 0,
31 "exit_signal": 0,
32 "exit_timestamp": "0001-01-01T00:00:00Z"
33 },
34 {
35 "star": false,
36 "start_timestamp": "0001-01-01T00:00:00Z",
37 "ppid": 1,
38 "parentTgid": 1,
39 "pid": 18011,
40 "tgid": 18009,
41 "args": [],
42 "comm": "",
43 "rootfs": "",
44 "cwd": "/",
45 "children": [],
46 "docker_id": "",
47 "execve": [],
48 "exit_code": 0,
49 "exit_signal": 0,
50 "exit_timestamp": "0001-01-01T00:00:00Z"
51 },
52 {
53 "star": false,
54 "start_timestamp": "0001-01-01T00:00:00Z",
55 "ppid": 1,
56 "parentTgid": 1,
57 "pid": 18012,
58 "tgid": 18009,
59 "args": [],
60 "comm": "",
61 "rootfs": "",
62 "cwd": "/",
63 "children": [],
64 "docker_id": "",
65 "execve": [],
66 "exit_code": 0,
67 "exit_signal": 0,
68 "exit_timestamp": "0001-01-01T00:00:00Z"
69 },
70 {
71 "star": false,
72 "start_timestamp": "0001-01-01T00:00:00Z",
73 "ppid": 1,
74 "parentTgid": 1,
75 "pid": 18013,
76 "tgid": 18009,
77 "args": [],
78 "comm": "",
79 "rootfs": "",
80 "cwd": "/",
81 "children": [],
82 "docker_id": "",
83 "execve": [],
84 "exit_code": 0,
85 "exit_signal": 0,
86 "exit_timestamp": "0001-01-01T00:00:00Z"
87 },
88 {
89 "star": false,
90 "start_timestamp": "0001-01-01T00:00:00Z",
91 "ppid": 1,
92 "parentTgid": 1,
93 "pid": 18014,
94 "tgid": 18009,
95 "args": [],
96 "comm": "",
97 "rootfs": "",
98 "cwd": "/",
99 "children": [],
100 "docker_id": "",
101 "execve": [],
102 "exit_code": 0,
103 "exit_signal": 0,
104 "exit_timestamp": "0001-01-01T00:00:00Z"
105 },
106 {
107 "star": false,
108 "start_timestamp": "0001-01-01T00:00:00Z",
109 "ppid": 1,
110 "parentTgid": 1,
111 "pid": 18015,
112 "tgid": 18009,
113 "args": [],
114 "comm": "",
115 "rootfs": "",
116 "cwd": "/",
117 "children": [],
118 "docker_id": "",
119 "execve": [],
120 "exit_code": 0,
121 "exit_signal": 0,
122 "exit_timestamp": "0001-01-01T00:00:00Z"
123 },
124 {
125 "star": false,
126 "start_timestamp": "0001-01-01T00:00:00Z",
127 "ppid": 1,
128 "parentTgid": 1,
129 "pid": 18016,
130 "tgid": 18009,
131 "args": [],
132 "comm": "",
133 "rootfs": "",
134 "cwd": "/",
135 "children": [],
136 "docker_id": "",
137 "execve": [],
138 "exit_code": 0,
139 "exit_signal": 0,
140 "exit_timestamp": "0001-01-01T00:00:00Z"
141 },
142 {
143 "star": false,
144 "start_timestamp": "0001-01-01T00:00:00Z",
145 "ppid": 1,
146 "parentTgid": 1,
147 "pid": 18017,
148 "tgid": 18009,
149 "args": [],
150 "comm": "",
151 "rootfs": "",
152 "cwd": "/",
153 "children": [
154 29634,
155 29636,
156 29637,
157 29638,
158 29639,
159 29640,
160 29641,
161 29642
162 ],
163 "docker_id": "",
164 "execve": [],
165 "exit_code": 0,
166 "exit_signal": 0,
167 "exit_timestamp": "0001-01-01T00:00:00Z"
168 },
169 {
170 "star": false,
171 "start_timestamp": "0001-01-01T00:00:00Z",
172 "ppid": 1,
173 "parentTgid": 1,
174 "pid": 18018,
175 "tgid": 18009,
176 "args": [],
177 "comm": "",
178 "rootfs": "",
179 "cwd": "/",
180 "children": [],
181 "docker_id": "",
182 "execve": [],
183 "exit_code": 0,
184 "exit_signal": 0,
185 "exit_timestamp": "0001-01-01T00:00:00Z"
186 },
187 {
188 "star": false,
189 "start_timestamp": "0001-01-01T00:00:00Z",
190 "ppid": 1,
191 "parentTgid": 1,
192 "pid": 19408,
193 "tgid": 18009,
194 "args": [],
195 "comm": "",
196 "rootfs": "",
197 "cwd": "/",
198 "children": [
199 29758,
200 29759,
201 29760,
202 29761,
203 29762,
204 29763,
205 29764
206 ],
207 "docker_id": "",
208 "execve": [],
209 "exit_code": 0,
210 "exit_signal": 0,
211 "exit_timestamp": "0001-01-01T00:00:00Z"
212 }
213 ],
214 "child_tgid": [
215 29634,
216 29758
217 ]
218}
219
220{
221 "tgid": 29634,
222 "findPid": {
223 "29634": 0,
224 "29636": 1,
225 "29637": 2,
226 "29638": 3,
227 "29639": 4,
228 "29640": 5,
229 "29641": 6,
230 "29642": 7
231 },
232 "threads": [
233 {
234 "star": false,
235 "start_timestamp": "2024-08-31T08:14:08.236Z",
236 "ppid": 18017,
237 "parentTgid": 18009,
238 "pid": 29634,
239 "tgid": 29634,
240 "args": [
241 "/usr/bin/containerd",
242 ""
243 ],
244 "comm": "containerd",
245 "rootfs": "",
246 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
247 "children": [],
248 "docker_id": "",
249 "execve": [
250 {
251 "timestamp": "2024-08-31T08:14:08.234Z",
252 "execArgs": [
253 "/usr/bin/containerd-shim-runc-v2",
254 "-namespace",
255 "moby",
256 "-address",
257 "/run/containerd/containerd.sock",
258 "-publish-binary",
259 "/usr/bin/containerd",
260 "-id",
261 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
262 "start"
263 ]
264 }
265 ],
266 "exit_code": 0,
267 "exit_signal": 17,
268 "exit_timestamp": "2024-08-31T08:14:08.264Z"
269 },
270 {
271 "star": false,
272 "start_timestamp": "2024-08-31T08:14:08.242Z",
273 "ppid": 18017,
274 "parentTgid": 18009,
275 "pid": 29636,
276 "tgid": 29634,
277 "args": [
278 "/usr/bin/containerd-shim-runc-v2",
279 "-namespace",
280 "moby",
281 "-address",
282 "/run/containerd/containerd.sock",
283 "-publish-binary",
284 "/usr/bin/containerd",
285 "-id",
286 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
287 "start",
288 ""
289 ],
290 "comm": "containerd-shim",
291 "rootfs": "",
292 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
293 "children": [],
294 "docker_id": "",
295 "execve": [],
296 "exit_code": 0,
297 "exit_signal": 4294967295,
298 "exit_timestamp": "2024-08-31T08:14:08.265Z"
299 },
300 {
301 "star": false,
302 "start_timestamp": "2024-08-31T08:14:08.242Z",
303 "ppid": 18017,
304 "parentTgid": 18009,
305 "pid": 29637,
306 "tgid": 29634,
307 "args": [
308 "/usr/bin/containerd-shim-runc-v2",
309 "-namespace",
310 "moby",
311 "-address",
312 "/run/containerd/containerd.sock",
313 "-publish-binary",
314 "/usr/bin/containerd",
315 "-id",
316 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
317 "start",
318 ""
319 ],
320 "comm": "containerd-shim",
321 "rootfs": "",
322 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
323 "children": [],
324 "docker_id": "",
325 "execve": [],
326 "exit_code": 0,
327 "exit_signal": 4294967295,
328 "exit_timestamp": "2024-08-31T08:14:08.265Z"
329 },
330 {
331 "star": false,
332 "start_timestamp": "2024-08-31T08:14:08.245Z",
333 "ppid": 18017,
334 "parentTgid": 18009,
335 "pid": 29638,
336 "tgid": 29634,
337 "args": [
338 "/usr/bin/containerd-shim-runc-v2",
339 "-namespace",
340 "moby",
341 "-address",
342 "/run/containerd/containerd.sock",
343 "-publish-binary",
344 "/usr/bin/containerd",
345 "-id",
346 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
347 "start",
348 ""
349 ],
350 "comm": "containerd-shim",
351 "rootfs": "",
352 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
353 "children": [
354 29643,
355 29645,
356 29646,
357 29647,
358 29648,
359 29649,
360 29650,
361 29651,
362 29652
363 ],
364 "docker_id": "",
365 "execve": [],
366 "exit_code": 0,
367 "exit_signal": 4294967295,
368 "exit_timestamp": "2024-08-31T08:14:08.262Z"
369 },
370 {
371 "star": false,
372 "start_timestamp": "2024-08-31T08:14:08.245Z",
373 "ppid": 18017,
374 "parentTgid": 18009,
375 "pid": 29639,
376 "tgid": 29634,
377 "args": [
378 "/usr/bin/containerd-shim-runc-v2",
379 "-namespace",
380 "moby",
381 "-address",
382 "/run/containerd/containerd.sock",
383 "-publish-binary",
384 "/usr/bin/containerd",
385 "-id",
386 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
387 "start",
388 ""
389 ],
390 "comm": "containerd-shim",
391 "rootfs": "",
392 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
393 "children": [],
394 "docker_id": "",
395 "execve": [],
396 "exit_code": 0,
397 "exit_signal": 4294967295,
398 "exit_timestamp": "2024-08-31T08:14:08.263Z"
399 },
400 {
401 "star": false,
402 "start_timestamp": "2024-08-31T08:14:08.246Z",
403 "ppid": 18017,
404 "parentTgid": 18009,
405 "pid": 29640,
406 "tgid": 29634,
407 "args": [
408 "/usr/bin/containerd-shim-runc-v2",
409 "-namespace",
410 "moby",
411 "-address",
412 "/run/containerd/containerd.sock",
413 "-publish-binary",
414 "/usr/bin/containerd",
415 "-id",
416 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
417 "start",
418 ""
419 ],
420 "comm": "containerd-shim",
421 "rootfs": "",
422 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
423 "children": [],
424 "docker_id": "",
425 "execve": [],
426 "exit_code": 0,
427 "exit_signal": 4294967295,
428 "exit_timestamp": "2024-08-31T08:14:08.263Z"
429 },
430 {
431 "star": false,
432 "start_timestamp": "2024-08-31T08:14:08.246Z",
433 "ppid": 18017,
434 "parentTgid": 18009,
435 "pid": 29641,
436 "tgid": 29634,
437 "args": [
438 "/usr/bin/containerd-shim-runc-v2",
439 "-namespace",
440 "moby",
441 "-address",
442 "/run/containerd/containerd.sock",
443 "-publish-binary",
444 "/usr/bin/containerd",
445 "-id",
446 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
447 "start",
448 ""
449 ],
450 "comm": "containerd-shim",
451 "rootfs": "",
452 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
453 "children": [],
454 "docker_id": "",
455 "execve": [],
456 "exit_code": 0,
457 "exit_signal": 4294967295,
458 "exit_timestamp": "2024-08-31T08:14:08.265Z"
459 },
460 {
461 "star": false,
462 "start_timestamp": "2024-08-31T08:14:08.246Z",
463 "ppid": 18017,
464 "parentTgid": 18009,
465 "pid": 29642,
466 "tgid": 29634,
467 "args": [
468 "/usr/bin/containerd-shim-runc-v2",
469 "-namespace",
470 "moby",
471 "-address",
472 "/run/containerd/containerd.sock",
473 "-publish-binary",
474 "/usr/bin/containerd",
475 "-id",
476 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
477 "start",
478 ""
479 ],
480 "comm": "containerd-shim",
481 "rootfs": "",
482 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
483 "children": [],
484 "docker_id": "",
485 "execve": [],
486 "exit_code": 0,
487 "exit_signal": 4294967295,
488 "exit_timestamp": "2024-08-31T08:14:08.265Z"
489 }
490 ],
491 "child_tgid": [
492 29643
493 ]
494}
495
496{
497 "tgid": 29643,
498 "findPid": {
499 "29643": 0,
500 "29645": 1,
501 "29646": 2,
502 "29647": 3,
503 "29648": 4,
504 "29649": 5,
505 "29650": 6,
506 "29651": 7,
507 "29652": 8,
508 "29653": 9,
509 "29654": 10
510 },
511 "threads": [
512 {
513 "star": false,
514 "start_timestamp": "2024-08-31T08:14:08.247Z",
515 "ppid": 29638,
516 "parentTgid": 29634,
517 "pid": 29643,
518 "tgid": 29643,
519 "args": [
520 "/usr/bin/containerd-shim-runc-v2",
521 "-namespace",
522 "moby",
523 "-id",
524 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
525 "-address",
526 "/run/containerd/containerd.sock",
527 ""
528 ],
529 "comm": "containerd-shim",
530 "rootfs": "",
531 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
532 "children": [],
533 "docker_id": "",
534 "execve": [
535 {
536 "timestamp": "2024-08-31T08:14:08.243Z",
537 "execArgs": [
538 "/usr/bin/containerd-shim-runc-v2",
539 "-namespace",
540 "moby",
541 "-id",
542 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
543 "-address",
544 "/run/containerd/containerd.sock"
545 ]
546 }
547 ],
548 "exit_code": 0,
549 "exit_signal": 17,
550 "exit_timestamp": "2024-08-31T08:14:26.683Z"
551 },
552 {
553 "star": false,
554 "start_timestamp": "2024-08-31T08:14:08.248Z",
555 "ppid": 29638,
556 "parentTgid": 29634,
557 "pid": 29645,
558 "tgid": 29643,
559 "args": [
560 "/usr/bin/containerd-shim-runc-v2",
561 "-namespace",
562 "moby",
563 "-id",
564 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
565 "-address",
566 "/run/containerd/containerd.sock",
567 ""
568 ],
569 "comm": "containerd-shim",
570 "rootfs": "",
571 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
572 "children": [],
573 "docker_id": "",
574 "execve": [],
575 "exit_code": 0,
576 "exit_signal": 4294967295,
577 "exit_timestamp": "2024-08-31T08:14:26.682Z"
578 },
579 {
580 "star": false,
581 "start_timestamp": "2024-08-31T08:14:08.248Z",
582 "ppid": 29638,
583 "parentTgid": 29634,
584 "pid": 29646,
585 "tgid": 29643,
586 "args": [
587 "/usr/bin/containerd-shim-runc-v2",
588 "-namespace",
589 "moby",
590 "-id",
591 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
592 "-address",
593 "/run/containerd/containerd.sock",
594 ""
595 ],
596 "comm": "containerd-shim",
597 "rootfs": "",
598 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
599 "children": [],
600 "docker_id": "",
601 "execve": [],
602 "exit_code": 0,
603 "exit_signal": 4294967295,
604 "exit_timestamp": "2024-08-31T08:14:26.683Z"
605 },
606 {
607 "star": false,
608 "start_timestamp": "2024-08-31T08:14:08.248Z",
609 "ppid": 29638,
610 "parentTgid": 29634,
611 "pid": 29647,
612 "tgid": 29643,
613 "args": [
614 "/usr/bin/containerd-shim-runc-v2",
615 "-namespace",
616 "moby",
617 "-id",
618 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
619 "-address",
620 "/run/containerd/containerd.sock",
621 ""
622 ],
623 "comm": "containerd-shim",
624 "rootfs": "",
625 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
626 "children": [
627 29680,
628 29681,
629 29682,
630 29683,
631 29684,
632 29685
633 ],
634 "docker_id": "",
635 "execve": [],
636 "exit_code": 0,
637 "exit_signal": 4294967295,
638 "exit_timestamp": "2024-08-31T08:14:26.684Z"
639 },
640 {
641 "star": false,
642 "start_timestamp": "2024-08-31T08:14:08.249Z",
643 "ppid": 29638,
644 "parentTgid": 29634,
645 "pid": 29648,
646 "tgid": 29643,
647 "args": [
648 "/usr/bin/containerd-shim-runc-v2",
649 "-namespace",
650 "moby",
651 "-id",
652 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
653 "-address",
654 "/run/containerd/containerd.sock",
655 ""
656 ],
657 "comm": "containerd-shim",
658 "rootfs": "",
659 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
660 "children": [],
661 "docker_id": "",
662 "execve": [],
663 "exit_code": 0,
664 "exit_signal": 4294967295,
665 "exit_timestamp": "2024-08-31T08:14:26.684Z"
666 },
667 {
668 "star": false,
669 "start_timestamp": "2024-08-31T08:14:08.25Z",
670 "ppid": 29638,
671 "parentTgid": 29634,
672 "pid": 29649,
673 "tgid": 29643,
674 "args": [
675 "/usr/bin/containerd-shim-runc-v2",
676 "-namespace",
677 "moby",
678 "-id",
679 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
680 "-address",
681 "/run/containerd/containerd.sock",
682 ""
683 ],
684 "comm": "containerd-shim",
685 "rootfs": "",
686 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
687 "children": [],
688 "docker_id": "",
689 "execve": [],
690 "exit_code": 0,
691 "exit_signal": 4294967295,
692 "exit_timestamp": "2024-08-31T08:14:26.682Z"
693 },
694 {
695 "star": false,
696 "start_timestamp": "2024-08-31T08:14:08.25Z",
697 "ppid": 29638,
698 "parentTgid": 29634,
699 "pid": 29650,
700 "tgid": 29643,
701 "args": [
702 "/usr/bin/containerd-shim-runc-v2",
703 "-namespace",
704 "moby",
705 "-id",
706 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
707 "-address",
708 "/run/containerd/containerd.sock",
709 ""
710 ],
711 "comm": "containerd-shim",
712 "rootfs": "",
713 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
714 "children": [],
715 "docker_id": "",
716 "execve": [],
717 "exit_code": 0,
718 "exit_signal": 4294967295,
719 "exit_timestamp": "2024-08-31T08:14:26.683Z"
720 },
721 {
722 "star": false,
723 "start_timestamp": "2024-08-31T08:14:08.25Z",
724 "ppid": 29638,
725 "parentTgid": 29634,
726 "pid": 29651,
727 "tgid": 29643,
728 "args": [
729 "/usr/bin/containerd-shim-runc-v2",
730 "-namespace",
731 "moby",
732 "-id",
733 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
734 "-address",
735 "/run/containerd/containerd.sock",
736 ""
737 ],
738 "comm": "containerd-shim",
739 "rootfs": "",
740 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
741 "children": [
742 29742,
743 29743,
744 29744,
745 29745,
746 29746,
747 29747
748 ],
749 "docker_id": "",
750 "execve": [],
751 "exit_code": 0,
752 "exit_signal": 4294967295,
753 "exit_timestamp": "2024-08-31T08:14:26.683Z"
754 },
755 {
756 "star": false,
757 "start_timestamp": "2024-08-31T08:14:08.251Z",
758 "ppid": 29638,
759 "parentTgid": 29634,
760 "pid": 29652,
761 "tgid": 29643,
762 "args": [
763 "/usr/bin/containerd-shim-runc-v2",
764 "-namespace",
765 "moby",
766 "-id",
767 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
768 "-address",
769 "/run/containerd/containerd.sock",
770 ""
771 ],
772 "comm": "containerd-shim",
773 "rootfs": "",
774 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
775 "children": [],
776 "docker_id": "",
777 "execve": [],
778 "exit_code": 0,
779 "exit_signal": 4294967295,
780 "exit_timestamp": "2024-08-31T08:14:26.683Z"
781 },
782 {
783 "star": false,
784 "start_timestamp": "2024-08-31T08:14:08.266Z",
785 "ppid": 1,
786 "parentTgid": 1,
787 "pid": 29653,
788 "tgid": 29643,
789 "args": [
790 "/usr/bin/containerd-shim-runc-v2",
791 "-namespace",
792 "moby",
793 "-id",
794 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
795 "-address",
796 "/run/containerd/containerd.sock",
797 ""
798 ],
799 "comm": "containerd-shim",
800 "rootfs": "",
801 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
802 "children": [
803 29655,
804 29656,
805 29657,
806 29658,
807 29659,
808 29660,
809 29661,
810 29671,
811 29672,
812 29698,
813 29699,
814 29700,
815 29701,
816 29702,
817 29703,
818 29704,
819 29706,
820 29708
821 ],
822 "docker_id": "",
823 "execve": [],
824 "exit_code": 0,
825 "exit_signal": 4294967295,
826 "exit_timestamp": "2024-08-31T08:14:26.684Z"
827 },
828 {
829 "star": false,
830 "start_timestamp": "2024-08-31T08:14:08.266Z",
831 "ppid": 1,
832 "parentTgid": 1,
833 "pid": 29654,
834 "tgid": 29643,
835 "args": [
836 "/usr/bin/containerd-shim-runc-v2",
837 "-namespace",
838 "moby",
839 "-id",
840 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
841 "-address",
842 "/run/containerd/containerd.sock",
843 ""
844 ],
845 "comm": "containerd-shim",
846 "rootfs": "",
847 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
848 "children": [
849 29749,
850 29750,
851 29751,
852 29752,
853 29753,
854 29754
855 ],
856 "docker_id": "",
857 "execve": [],
858 "exit_code": 0,
859 "exit_signal": 4294967295,
860 "exit_timestamp": "2024-08-31T08:14:26.682Z"
861 }
862 ],
863 "child_tgid": [
864 29680,
865 29742,
866 29655,
867 29698,
868 29749
869 ]
870}
871
872{
873 "tgid": 29680,
874 "findPid": {
875 "29680": 0,
876 "29681": 1,
877 "29682": 2,
878 "29683": 3,
879 "29684": 4,
880 "29685": 5
881 },
882 "threads": [
883 {
884 "star": false,
885 "start_timestamp": "2024-08-31T08:14:08.531Z",
886 "ppid": 29647,
887 "parentTgid": 29643,
888 "pid": 29680,
889 "tgid": 29680,
890 "args": [
891 "/usr/bin/containerd-shim-runc-v2",
892 "-namespace",
893 "moby",
894 "-id",
895 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
896 "-address",
897 "/run/containerd/containerd.sock",
898 ""
899 ],
900 "comm": "containerd-shim",
901 "rootfs": "",
902 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
903 "children": [],
904 "docker_id": "",
905 "execve": [
906 {
907 "timestamp": "2024-08-31T08:14:08.53Z",
908 "execArgs": [
909 "runc",
910 "--root",
911 "/var/run/docker/runtime-runc/moby",
912 "--log",
913 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
914 "--log-format",
915 "json",
916 "start",
917 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19"
918 ]
919 }
920 ],
921 "exit_code": 0,
922 "exit_signal": 17,
923 "exit_timestamp": "2024-08-31T08:14:08.54Z"
924 },
925 {
926 "star": false,
927 "start_timestamp": "2024-08-31T08:14:08.535Z",
928 "ppid": 29647,
929 "parentTgid": 29643,
930 "pid": 29681,
931 "tgid": 29680,
932 "args": [
933 "runc",
934 "--root",
935 "/var/run/docker/runtime-runc/moby",
936 "--log",
937 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
938 "--log-format",
939 "json",
940 "start",
941 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
942 ""
943 ],
944 "comm": "runc",
945 "rootfs": "",
946 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
947 "children": [],
948 "docker_id": "",
949 "execve": [],
950 "exit_code": 0,
951 "exit_signal": 4294967295,
952 "exit_timestamp": "2024-08-31T08:14:08.54Z"
953 },
954 {
955 "star": false,
956 "start_timestamp": "2024-08-31T08:14:08.536Z",
957 "ppid": 29647,
958 "parentTgid": 29643,
959 "pid": 29682,
960 "tgid": 29680,
961 "args": [
962 "runc",
963 "--root",
964 "/var/run/docker/runtime-runc/moby",
965 "--log",
966 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
967 "--log-format",
968 "json",
969 "start",
970 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
971 ""
972 ],
973 "comm": "runc",
974 "rootfs": "",
975 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
976 "children": [],
977 "docker_id": "",
978 "execve": [],
979 "exit_code": 0,
980 "exit_signal": 4294967295,
981 "exit_timestamp": "2024-08-31T08:14:08.54Z"
982 },
983 {
984 "star": false,
985 "start_timestamp": "2024-08-31T08:14:08.536Z",
986 "ppid": 29647,
987 "parentTgid": 29643,
988 "pid": 29683,
989 "tgid": 29680,
990 "args": [
991 "runc",
992 "--root",
993 "/var/run/docker/runtime-runc/moby",
994 "--log",
995 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
996 "--log-format",
997 "json",
998 "start",
999 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1000 ""
1001 ],
1002 "comm": "runc",
1003 "rootfs": "",
1004 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1005 "children": [],
1006 "docker_id": "",
1007 "execve": [],
1008 "exit_code": 0,
1009 "exit_signal": 4294967295,
1010 "exit_timestamp": "2024-08-31T08:14:08.54Z"
1011 },
1012 {
1013 "star": false,
1014 "start_timestamp": "2024-08-31T08:14:08.536Z",
1015 "ppid": 29647,
1016 "parentTgid": 29643,
1017 "pid": 29684,
1018 "tgid": 29680,
1019 "args": [
1020 "runc",
1021 "--root",
1022 "/var/run/docker/runtime-runc/moby",
1023 "--log",
1024 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
1025 "--log-format",
1026 "json",
1027 "start",
1028 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1029 ""
1030 ],
1031 "comm": "runc",
1032 "rootfs": "",
1033 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1034 "children": [],
1035 "docker_id": "",
1036 "execve": [],
1037 "exit_code": 0,
1038 "exit_signal": 4294967295,
1039 "exit_timestamp": "2024-08-31T08:14:08.54Z"
1040 },
1041 {
1042 "star": false,
1043 "start_timestamp": "2024-08-31T08:14:08.537Z",
1044 "ppid": 29647,
1045 "parentTgid": 29643,
1046 "pid": 29685,
1047 "tgid": 29680,
1048 "args": [
1049 "runc",
1050 "--root",
1051 "/var/run/docker/runtime-runc/moby",
1052 "--log",
1053 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
1054 "--log-format",
1055 "json",
1056 "start",
1057 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1058 ""
1059 ],
1060 "comm": "runc",
1061 "rootfs": "",
1062 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1063 "children": [],
1064 "docker_id": "",
1065 "execve": [],
1066 "exit_code": 0,
1067 "exit_signal": 4294967295,
1068 "exit_timestamp": "2024-08-31T08:14:08.541Z"
1069 }
1070 ],
1071 "child_tgid": []
1072}
1073
1074{
1075 "tgid": 29742,
1076 "findPid": {
1077 "29742": 0,
1078 "29743": 1,
1079 "29744": 2,
1080 "29745": 3,
1081 "29746": 4,
1082 "29747": 5
1083 },
1084 "threads": [
1085 {
1086 "star": false,
1087 "start_timestamp": "2024-08-31T08:14:26.616Z",
1088 "ppid": 29651,
1089 "parentTgid": 29643,
1090 "pid": 29742,
1091 "tgid": 29742,
1092 "args": [
1093 "/usr/bin/containerd-shim-runc-v2",
1094 "-namespace",
1095 "moby",
1096 "-id",
1097 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1098 "-address",
1099 "/run/containerd/containerd.sock",
1100 ""
1101 ],
1102 "comm": "containerd-shim",
1103 "rootfs": "",
1104 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1105 "children": [],
1106 "docker_id": "",
1107 "execve": [
1108 {
1109 "timestamp": "2024-08-31T08:14:26.615Z",
1110 "execArgs": [
1111 "runc",
1112 "--root",
1113 "/var/run/docker/runtime-runc/moby",
1114 "--log",
1115 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
1116 "--log-format",
1117 "json",
1118 "kill",
1119 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1120 "15"
1121 ]
1122 }
1123 ],
1124 "exit_code": 0,
1125 "exit_signal": 17,
1126 "exit_timestamp": "2024-08-31T08:14:26.629Z"
1127 },
1128 {
1129 "star": false,
1130 "start_timestamp": "2024-08-31T08:14:26.621Z",
1131 "ppid": 29651,
1132 "parentTgid": 29643,
1133 "pid": 29743,
1134 "tgid": 29742,
1135 "args": [
1136 "runc",
1137 "--root",
1138 "/var/run/docker/runtime-runc/moby",
1139 "--log",
1140 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
1141 "--log-format",
1142 "json",
1143 "kill",
1144 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1145 "15",
1146 ""
1147 ],
1148 "comm": "runc",
1149 "rootfs": "",
1150 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1151 "children": [],
1152 "docker_id": "",
1153 "execve": [],
1154 "exit_code": 0,
1155 "exit_signal": 4294967295,
1156 "exit_timestamp": "2024-08-31T08:14:26.635Z"
1157 },
1158 {
1159 "star": false,
1160 "start_timestamp": "2024-08-31T08:14:26.622Z",
1161 "ppid": 29651,
1162 "parentTgid": 29643,
1163 "pid": 29744,
1164 "tgid": 29742,
1165 "args": [
1166 "runc",
1167 "--root",
1168 "/var/run/docker/runtime-runc/moby",
1169 "--log",
1170 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
1171 "--log-format",
1172 "json",
1173 "kill",
1174 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1175 "15",
1176 ""
1177 ],
1178 "comm": "runc",
1179 "rootfs": "",
1180 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1181 "children": [],
1182 "docker_id": "",
1183 "execve": [],
1184 "exit_code": 0,
1185 "exit_signal": 4294967295,
1186 "exit_timestamp": "2024-08-31T08:14:26.63Z"
1187 },
1188 {
1189 "star": false,
1190 "start_timestamp": "2024-08-31T08:14:26.623Z",
1191 "ppid": 29651,
1192 "parentTgid": 29643,
1193 "pid": 29745,
1194 "tgid": 29742,
1195 "args": [
1196 "runc",
1197 "--root",
1198 "/var/run/docker/runtime-runc/moby",
1199 "--log",
1200 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
1201 "--log-format",
1202 "json",
1203 "kill",
1204 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1205 "15",
1206 ""
1207 ],
1208 "comm": "runc",
1209 "rootfs": "",
1210 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1211 "children": [],
1212 "docker_id": "",
1213 "execve": [],
1214 "exit_code": 0,
1215 "exit_signal": 4294967295,
1216 "exit_timestamp": "2024-08-31T08:14:26.631Z"
1217 },
1218 {
1219 "star": false,
1220 "start_timestamp": "2024-08-31T08:14:26.623Z",
1221 "ppid": 29651,
1222 "parentTgid": 29643,
1223 "pid": 29746,
1224 "tgid": 29742,
1225 "args": [
1226 "runc",
1227 "--root",
1228 "/var/run/docker/runtime-runc/moby",
1229 "--log",
1230 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
1231 "--log-format",
1232 "json",
1233 "kill",
1234 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1235 "15",
1236 ""
1237 ],
1238 "comm": "runc",
1239 "rootfs": "",
1240 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1241 "children": [],
1242 "docker_id": "",
1243 "execve": [],
1244 "exit_code": 0,
1245 "exit_signal": 4294967295,
1246 "exit_timestamp": "2024-08-31T08:14:26.631Z"
1247 },
1248 {
1249 "star": false,
1250 "start_timestamp": "2024-08-31T08:14:26.626Z",
1251 "ppid": 29651,
1252 "parentTgid": 29643,
1253 "pid": 29747,
1254 "tgid": 29742,
1255 "args": [
1256 "runc",
1257 "--root",
1258 "/var/run/docker/runtime-runc/moby",
1259 "--log",
1260 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
1261 "--log-format",
1262 "json",
1263 "kill",
1264 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1265 "15",
1266 ""
1267 ],
1268 "comm": "runc",
1269 "rootfs": "",
1270 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1271 "children": [],
1272 "docker_id": "",
1273 "execve": [],
1274 "exit_code": 0,
1275 "exit_signal": 4294967295,
1276 "exit_timestamp": "2024-08-31T08:14:26.631Z"
1277 }
1278 ],
1279 "child_tgid": []
1280}
1281
1282{
1283 "tgid": 29655,
1284 "findPid": {
1285 "29655": 0,
1286 "29656": 1,
1287 "29657": 2,
1288 "29658": 3,
1289 "29659": 4,
1290 "29660": 5,
1291 "29661": 6,
1292 "29671": 7,
1293 "29672": 8
1294 },
1295 "threads": [
1296 {
1297 "star": false,
1298 "start_timestamp": "2024-08-31T08:14:08.267Z",
1299 "ppid": 29653,
1300 "parentTgid": 29643,
1301 "pid": 29655,
1302 "tgid": 29655,
1303 "args": [
1304 "/usr/bin/containerd-shim-runc-v2",
1305 "-namespace",
1306 "moby",
1307 "-id",
1308 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1309 "-address",
1310 "/run/containerd/containerd.sock",
1311 ""
1312 ],
1313 "comm": "containerd-shim",
1314 "rootfs": "",
1315 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1316 "children": [],
1317 "docker_id": "",
1318 "execve": [
1319 {
1320 "timestamp": "2024-08-31T08:14:08.266Z",
1321 "execArgs": [
1322 "runc",
1323 "--root",
1324 "/var/run/docker/runtime-runc/moby",
1325 "--log",
1326 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
1327 "--log-format",
1328 "json",
1329 "create",
1330 "--bundle",
1331 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1332 "--pid-file",
1333 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/init.pid",
1334 "--console-socket",
1335 "/tmp/pty347635701/pty.sock",
1336 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19"
1337 ]
1338 }
1339 ],
1340 "exit_code": 0,
1341 "exit_signal": 17,
1342 "exit_timestamp": "2024-08-31T08:14:08.525Z"
1343 },
1344 {
1345 "star": false,
1346 "start_timestamp": "2024-08-31T08:14:08.272Z",
1347 "ppid": 29653,
1348 "parentTgid": 29643,
1349 "pid": 29656,
1350 "tgid": 29655,
1351 "args": [
1352 "runc",
1353 "--root",
1354 "/var/run/docker/runtime-runc/moby",
1355 "--log",
1356 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
1357 "--log-format",
1358 "json",
1359 "create",
1360 "--bundle",
1361 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1362 "--pid-file",
1363 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/init.pid",
1364 "--console-socket",
1365 "/tmp/pty347635701/pty.sock",
1366 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1367 ""
1368 ],
1369 "comm": "runc",
1370 "rootfs": "",
1371 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1372 "children": [],
1373 "docker_id": "",
1374 "execve": [],
1375 "exit_code": 0,
1376 "exit_signal": 4294967295,
1377 "exit_timestamp": "2024-08-31T08:14:08.524Z"
1378 },
1379 {
1380 "star": false,
1381 "start_timestamp": "2024-08-31T08:14:08.273Z",
1382 "ppid": 29653,
1383 "parentTgid": 29643,
1384 "pid": 29657,
1385 "tgid": 29655,
1386 "args": [
1387 "runc",
1388 "--root",
1389 "/var/run/docker/runtime-runc/moby",
1390 "--log",
1391 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
1392 "--log-format",
1393 "json",
1394 "create",
1395 "--bundle",
1396 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1397 "--pid-file",
1398 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/init.pid",
1399 "--console-socket",
1400 "/tmp/pty347635701/pty.sock",
1401 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1402 ""
1403 ],
1404 "comm": "runc",
1405 "rootfs": "",
1406 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1407 "children": [],
1408 "docker_id": "",
1409 "execve": [],
1410 "exit_code": 0,
1411 "exit_signal": 4294967295,
1412 "exit_timestamp": "2024-08-31T08:14:08.525Z"
1413 },
1414 {
1415 "star": false,
1416 "start_timestamp": "2024-08-31T08:14:08.273Z",
1417 "ppid": 29653,
1418 "parentTgid": 29643,
1419 "pid": 29658,
1420 "tgid": 29655,
1421 "args": [
1422 "runc",
1423 "--root",
1424 "/var/run/docker/runtime-runc/moby",
1425 "--log",
1426 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
1427 "--log-format",
1428 "json",
1429 "create",
1430 "--bundle",
1431 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1432 "--pid-file",
1433 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/init.pid",
1434 "--console-socket",
1435 "/tmp/pty347635701/pty.sock",
1436 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1437 ""
1438 ],
1439 "comm": "runc",
1440 "rootfs": "",
1441 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1442 "children": [],
1443 "docker_id": "",
1444 "execve": [],
1445 "exit_code": 0,
1446 "exit_signal": 4294967295,
1447 "exit_timestamp": "2024-08-31T08:14:08.525Z"
1448 },
1449 {
1450 "star": false,
1451 "start_timestamp": "2024-08-31T08:14:08.274Z",
1452 "ppid": 29653,
1453 "parentTgid": 29643,
1454 "pid": 29659,
1455 "tgid": 29655,
1456 "args": [
1457 "runc",
1458 "--root",
1459 "/var/run/docker/runtime-runc/moby",
1460 "--log",
1461 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
1462 "--log-format",
1463 "json",
1464 "create",
1465 "--bundle",
1466 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1467 "--pid-file",
1468 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/init.pid",
1469 "--console-socket",
1470 "/tmp/pty347635701/pty.sock",
1471 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1472 ""
1473 ],
1474 "comm": "runc",
1475 "rootfs": "",
1476 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1477 "children": [
1478 29662,
1479 29663,
1480 29664,
1481 29665,
1482 29666,
1483 29667,
1484 29668,
1485 29669
1486 ],
1487 "docker_id": "",
1488 "execve": [],
1489 "exit_code": 0,
1490 "exit_signal": 4294967295,
1491 "exit_timestamp": "2024-08-31T08:14:08.524Z"
1492 },
1493 {
1494 "star": false,
1495 "start_timestamp": "2024-08-31T08:14:08.275Z",
1496 "ppid": 29653,
1497 "parentTgid": 29643,
1498 "pid": 29660,
1499 "tgid": 29655,
1500 "args": [
1501 "runc",
1502 "--root",
1503 "/var/run/docker/runtime-runc/moby",
1504 "--log",
1505 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
1506 "--log-format",
1507 "json",
1508 "create",
1509 "--bundle",
1510 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1511 "--pid-file",
1512 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/init.pid",
1513 "--console-socket",
1514 "/tmp/pty347635701/pty.sock",
1515 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1516 ""
1517 ],
1518 "comm": "runc",
1519 "rootfs": "",
1520 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1521 "children": [],
1522 "docker_id": "",
1523 "execve": [],
1524 "exit_code": 0,
1525 "exit_signal": 4294967295,
1526 "exit_timestamp": "2024-08-31T08:14:08.524Z"
1527 },
1528 {
1529 "star": false,
1530 "start_timestamp": "2024-08-31T08:14:08.28Z",
1531 "ppid": 29653,
1532 "parentTgid": 29643,
1533 "pid": 29661,
1534 "tgid": 29655,
1535 "args": [
1536 "runc",
1537 "--root",
1538 "/var/run/docker/runtime-runc/moby",
1539 "--log",
1540 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
1541 "--log-format",
1542 "json",
1543 "create",
1544 "--bundle",
1545 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1546 "--pid-file",
1547 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/init.pid",
1548 "--console-socket",
1549 "/tmp/pty347635701/pty.sock",
1550 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1551 ""
1552 ],
1553 "comm": "runc",
1554 "rootfs": "",
1555 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1556 "children": [
1557 29670,
1558 29673,
1559 29674,
1560 29675,
1561 29676,
1562 29677,
1563 29678,
1564 29679
1565 ],
1566 "docker_id": "",
1567 "execve": [],
1568 "exit_code": 0,
1569 "exit_signal": 4294967295,
1570 "exit_timestamp": "2024-08-31T08:14:08.523Z"
1571 },
1572 {
1573 "star": false,
1574 "start_timestamp": "2024-08-31T08:14:08.366Z",
1575 "ppid": 29653,
1576 "parentTgid": 29643,
1577 "pid": 29671,
1578 "tgid": 29655,
1579 "args": [
1580 "runc",
1581 "--root",
1582 "/var/run/docker/runtime-runc/moby",
1583 "--log",
1584 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
1585 "--log-format",
1586 "json",
1587 "create",
1588 "--bundle",
1589 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1590 "--pid-file",
1591 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/init.pid",
1592 "--console-socket",
1593 "/tmp/pty347635701/pty.sock",
1594 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1595 ""
1596 ],
1597 "comm": "runc",
1598 "rootfs": "",
1599 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1600 "children": [],
1601 "docker_id": "",
1602 "execve": [],
1603 "exit_code": 0,
1604 "exit_signal": 4294967295,
1605 "exit_timestamp": "2024-08-31T08:14:08.525Z"
1606 },
1607 {
1608 "star": false,
1609 "start_timestamp": "2024-08-31T08:14:08.367Z",
1610 "ppid": 29653,
1611 "parentTgid": 29643,
1612 "pid": 29672,
1613 "tgid": 29655,
1614 "args": [
1615 "runc",
1616 "--root",
1617 "/var/run/docker/runtime-runc/moby",
1618 "--log",
1619 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
1620 "--log-format",
1621 "json",
1622 "create",
1623 "--bundle",
1624 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1625 "--pid-file",
1626 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/init.pid",
1627 "--console-socket",
1628 "/tmp/pty347635701/pty.sock",
1629 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1630 ""
1631 ],
1632 "comm": "runc",
1633 "rootfs": "",
1634 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1635 "children": [],
1636 "docker_id": "",
1637 "execve": [],
1638 "exit_code": 0,
1639 "exit_signal": 4294967295,
1640 "exit_timestamp": "2024-08-31T08:14:08.524Z"
1641 }
1642 ],
1643 "child_tgid": [
1644 29662,
1645 29663,
1646 29664,
1647 29670
1648 ]
1649}
1650
1651{
1652 "tgid": 29662,
1653 "findPid": {
1654 "29662": 0
1655 },
1656 "threads": [
1657 {
1658 "star": false,
1659 "start_timestamp": "2024-08-31T08:14:08.28Z",
1660 "ppid": 29659,
1661 "parentTgid": 29655,
1662 "pid": 29662,
1663 "tgid": 29662,
1664 "args": [
1665 "runc",
1666 "--root",
1667 "/var/run/docker/runtime-runc/moby",
1668 "--log",
1669 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
1670 "--log-format",
1671 "json",
1672 "create",
1673 "--bundle",
1674 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1675 "--pid-file",
1676 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/init.pid",
1677 "--console-socket",
1678 "/tmp/pty347635701/pty.sock",
1679 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1680 ""
1681 ],
1682 "comm": "runc",
1683 "rootfs": "",
1684 "cwd": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
1685 "children": [],
1686 "docker_id": "",
1687 "execve": [
1688 {
1689 "timestamp": "2024-08-31T08:14:08.279Z",
1690 "execArgs": [
1691 "runc",
1692 "init"
1693 ]
1694 },
1695 {
1696 "timestamp": "2024-08-31T08:14:08.322Z",
1697 "execArgs": [
1698 "runc",
1699 "init"
1700 ]
1701 }
1702 ],
1703 "exit_code": 0,
1704 "exit_signal": 17,
1705 "exit_timestamp": "2024-08-31T08:14:08.34Z"
1706 }
1707 ],
1708 "child_tgid": []
1709}
1710
1711{
1712 "tgid": 29663,
1713 "findPid": {
1714 "29663": 0
1715 },
1716 "threads": [
1717 {
1718 "star": false,
1719 "start_timestamp": "2024-08-31T08:14:08.326Z",
1720 "ppid": 29659,
1721 "parentTgid": 29655,
1722 "pid": 29663,
1723 "tgid": 29663,
1724 "args": [
1725 "runc",
1726 "init",
1727 ""
1728 ],
1729 "comm": "runc:[0:PARENT]",
1730 "rootfs": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
1731 "cwd": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
1732 "children": [],
1733 "docker_id": "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1734 "execve": [],
1735 "exit_code": 0,
1736 "exit_signal": 17,
1737 "exit_timestamp": "2024-08-31T08:14:08.335Z"
1738 }
1739 ],
1740 "child_tgid": []
1741}
1742
1743{
1744 "tgid": 29664,
1745 "findPid": {
1746 "29664": 0,
1747 "29665": 1,
1748 "29666": 2,
1749 "29667": 3,
1750 "29668": 4,
1751 "29669": 5
1752 },
1753 "threads": [
1754 {
1755 "star": false,
1756 "start_timestamp": "2024-08-31T08:14:08.335Z",
1757 "ppid": 29659,
1758 "parentTgid": 29655,
1759 "pid": 29664,
1760 "tgid": 29664,
1761 "args": [
1762 "runc",
1763 "init",
1764 ""
1765 ],
1766 "comm": "runc:[1:CHILD]",
1767 "rootfs": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
1768 "cwd": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
1769 "children": [
1770 29686,
1771 29688
1772 ],
1773 "docker_id": "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1774 "execve": [
1775 {
1776 "timestamp": "2024-08-31T08:14:08.539Z",
1777 "execArgs": [
1778 "/bin/bash"
1779 ]
1780 }
1781 ],
1782 "exit_code": 0,
1783 "exit_signal": 17,
1784 "exit_timestamp": "2024-08-31T08:14:26.655Z"
1785 },
1786 {
1787 "star": false,
1788 "start_timestamp": "2024-08-31T08:14:08.339Z",
1789 "ppid": 29659,
1790 "parentTgid": 29655,
1791 "pid": 29665,
1792 "tgid": 29664,
1793 "args": [
1794 "runc",
1795 "init",
1796 ""
1797 ],
1798 "comm": "runc:[2:INIT]",
1799 "rootfs": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
1800 "cwd": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
1801 "children": [],
1802 "docker_id": "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1803 "execve": [],
1804 "exit_code": 0,
1805 "exit_signal": 4294967295,
1806 "exit_timestamp": "2024-08-31T08:14:08.541Z"
1807 },
1808 {
1809 "star": false,
1810 "start_timestamp": "2024-08-31T08:14:08.339Z",
1811 "ppid": 29659,
1812 "parentTgid": 29655,
1813 "pid": 29666,
1814 "tgid": 29664,
1815 "args": [
1816 "runc",
1817 "init",
1818 ""
1819 ],
1820 "comm": "runc:[2:INIT]",
1821 "rootfs": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
1822 "cwd": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
1823 "children": [],
1824 "docker_id": "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1825 "execve": [],
1826 "exit_code": 0,
1827 "exit_signal": 4294967295,
1828 "exit_timestamp": "2024-08-31T08:14:08.542Z"
1829 },
1830 {
1831 "star": false,
1832 "start_timestamp": "2024-08-31T08:14:08.339Z",
1833 "ppid": 29659,
1834 "parentTgid": 29655,
1835 "pid": 29667,
1836 "tgid": 29664,
1837 "args": [
1838 "runc",
1839 "init",
1840 ""
1841 ],
1842 "comm": "runc:[2:INIT]",
1843 "rootfs": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
1844 "cwd": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
1845 "children": [],
1846 "docker_id": "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1847 "execve": [],
1848 "exit_code": 0,
1849 "exit_signal": 4294967295,
1850 "exit_timestamp": "2024-08-31T08:14:08.541Z"
1851 },
1852 {
1853 "star": false,
1854 "start_timestamp": "2024-08-31T08:14:08.34Z",
1855 "ppid": 29659,
1856 "parentTgid": 29655,
1857 "pid": 29668,
1858 "tgid": 29664,
1859 "args": [
1860 "runc",
1861 "init",
1862 ""
1863 ],
1864 "comm": "runc:[2:INIT]",
1865 "rootfs": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
1866 "cwd": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
1867 "children": [],
1868 "docker_id": "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1869 "execve": [],
1870 "exit_code": 0,
1871 "exit_signal": 4294967295,
1872 "exit_timestamp": "2024-08-31T08:14:08.541Z"
1873 },
1874 {
1875 "star": false,
1876 "start_timestamp": "2024-08-31T08:14:08.347Z",
1877 "ppid": 29659,
1878 "parentTgid": 29655,
1879 "pid": 29669,
1880 "tgid": 29664,
1881 "args": [
1882 "runc",
1883 "init",
1884 ""
1885 ],
1886 "comm": "runc:[2:INIT]",
1887 "rootfs": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
1888 "cwd": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
1889 "children": [],
1890 "docker_id": "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1891 "execve": [],
1892 "exit_code": 0,
1893 "exit_signal": 4294967295,
1894 "exit_timestamp": "2024-08-31T08:14:08.541Z"
1895 }
1896 ],
1897 "child_tgid": [
1898 29686,
1899 29688
1900 ]
1901}
1902
1903{
1904 "tgid": 29686,
1905 "findPid": {
1906 "29686": 0
1907 },
1908 "threads": [
1909 {
1910 "star": false,
1911 "start_timestamp": "2024-08-31T08:14:08.546Z",
1912 "ppid": 29664,
1913 "parentTgid": 29664,
1914 "pid": 29686,
1915 "tgid": 29686,
1916 "args": [
1917 "/bin/bash",
1918 ""
1919 ],
1920 "comm": "bash",
1921 "rootfs": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
1922 "cwd": "/",
1923 "children": [
1924 29687
1925 ],
1926 "docker_id": "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1927 "execve": [],
1928 "exit_code": 0,
1929 "exit_signal": 17,
1930 "exit_timestamp": "2024-08-31T08:14:08.549Z"
1931 }
1932 ],
1933 "child_tgid": [
1934 29687
1935 ]
1936}
1937
1938{
1939 "tgid": 29687,
1940 "findPid": {
1941 "29687": 0
1942 },
1943 "threads": [
1944 {
1945 "star": false,
1946 "start_timestamp": "2024-08-31T08:14:08.548Z",
1947 "ppid": 29686,
1948 "parentTgid": 29686,
1949 "pid": 29687,
1950 "tgid": 29687,
1951 "args": null,
1952 "comm": "groups",
1953 "rootfs": "",
1954 "cwd": "",
1955 "children": [],
1956 "docker_id": "",
1957 "execve": [
1958 {
1959 "timestamp": "2024-08-31T08:14:08.546Z",
1960 "execArgs": [
1961 "groups"
1962 ]
1963 }
1964 ],
1965 "exit_code": 0,
1966 "exit_signal": 17,
1967 "exit_timestamp": "2024-08-31T08:14:08.549Z"
1968 }
1969 ],
1970 "child_tgid": []
1971}
1972
1973{
1974 "tgid": 29688,
1975 "findPid": {
1976 "29688": 0
1977 },
1978 "threads": [
1979 {
1980 "star": false,
1981 "start_timestamp": "2024-08-31T08:14:08.551Z",
1982 "ppid": 29664,
1983 "parentTgid": 29664,
1984 "pid": 29688,
1985 "tgid": 29688,
1986 "args": [
1987 "/bin/bash",
1988 ""
1989 ],
1990 "comm": "bash",
1991 "rootfs": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
1992 "cwd": "/",
1993 "children": [
1994 29689
1995 ],
1996 "docker_id": "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
1997 "execve": [],
1998 "exit_code": 0,
1999 "exit_signal": 17,
2000 "exit_timestamp": "2024-08-31T08:14:08.552Z"
2001 }
2002 ],
2003 "child_tgid": [
2004 29689
2005 ]
2006}
2007
2008{
2009 "tgid": 29689,
2010 "findPid": {
2011 "29689": 0
2012 },
2013 "threads": [
2014 {
2015 "star": false,
2016 "start_timestamp": "2024-08-31T08:14:08.551Z",
2017 "ppid": 29688,
2018 "parentTgid": 29688,
2019 "pid": 29689,
2020 "tgid": 29689,
2021 "args": [
2022 "dircolors",
2023 "-b",
2024 ""
2025 ],
2026 "comm": "dircolors",
2027 "rootfs": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
2028 "cwd": "/",
2029 "children": [],
2030 "docker_id": "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
2031 "execve": [
2032 {
2033 "timestamp": "2024-08-31T08:14:08.549Z",
2034 "execArgs": [
2035 "dircolors",
2036 "-b"
2037 ]
2038 }
2039 ],
2040 "exit_code": 0,
2041 "exit_signal": 17,
2042 "exit_timestamp": "2024-08-31T08:14:08.552Z"
2043 }
2044 ],
2045 "child_tgid": []
2046}
2047
2048{
2049 "tgid": 29670,
2050 "findPid": {
2051 "29670": 0,
2052 "29673": 1,
2053 "29674": 2,
2054 "29675": 3,
2055 "29676": 4,
2056 "29677": 5,
2057 "29678": 6,
2058 "29679": 7
2059 },
2060 "threads": [
2061 {
2062 "star": false,
2063 "start_timestamp": "2024-08-31T08:14:08.36Z",
2064 "ppid": 29661,
2065 "parentTgid": 29655,
2066 "pid": 29670,
2067 "tgid": 29670,
2068 "args": [
2069 "runc",
2070 "--root",
2071 "/var/run/docker/runtime-runc/moby",
2072 "--log",
2073 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
2074 "--log-format",
2075 "json",
2076 "create",
2077 "--bundle",
2078 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
2079 "--pid-file",
2080 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/init.pid",
2081 "--console-socket",
2082 "/tmp/pty347635701/pty.sock",
2083 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
2084 ""
2085 ],
2086 "comm": "runc",
2087 "rootfs": "",
2088 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
2089 "children": [],
2090 "docker_id": "",
2091 "execve": [
2092 {
2093 "timestamp": "2024-08-31T08:14:08.361Z",
2094 "execArgs": [
2095 "libnetwork-setkey",
2096 "-exec-root=/var/run/docker",
2097 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
2098 "bfa4cdf55fe4"
2099 ]
2100 }
2101 ],
2102 "exit_code": 0,
2103 "exit_signal": 17,
2104 "exit_timestamp": "2024-08-31T08:14:08.447Z"
2105 },
2106 {
2107 "star": false,
2108 "start_timestamp": "2024-08-31T08:14:08.376Z",
2109 "ppid": 29661,
2110 "parentTgid": 29655,
2111 "pid": 29673,
2112 "tgid": 29670,
2113 "args": [
2114 "libnetwork-setkey",
2115 "-exec-root=/var/run/docker",
2116 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
2117 "bfa4cdf55fe4",
2118 ""
2119 ],
2120 "comm": "exe",
2121 "rootfs": "",
2122 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
2123 "children": [],
2124 "docker_id": "",
2125 "execve": [],
2126 "exit_code": 0,
2127 "exit_signal": 4294967295,
2128 "exit_timestamp": "2024-08-31T08:14:08.457Z"
2129 },
2130 {
2131 "star": false,
2132 "start_timestamp": "2024-08-31T08:14:08.376Z",
2133 "ppid": 29661,
2134 "parentTgid": 29655,
2135 "pid": 29674,
2136 "tgid": 29670,
2137 "args": [
2138 "libnetwork-setkey",
2139 "-exec-root=/var/run/docker",
2140 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
2141 "bfa4cdf55fe4",
2142 ""
2143 ],
2144 "comm": "exe",
2145 "rootfs": "",
2146 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
2147 "children": [],
2148 "docker_id": "",
2149 "execve": [],
2150 "exit_code": 0,
2151 "exit_signal": 4294967295,
2152 "exit_timestamp": "2024-08-31T08:14:08.447Z"
2153 },
2154 {
2155 "star": false,
2156 "start_timestamp": "2024-08-31T08:14:08.377Z",
2157 "ppid": 29661,
2158 "parentTgid": 29655,
2159 "pid": 29675,
2160 "tgid": 29670,
2161 "args": [
2162 "libnetwork-setkey",
2163 "-exec-root=/var/run/docker",
2164 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
2165 "bfa4cdf55fe4",
2166 ""
2167 ],
2168 "comm": "exe",
2169 "rootfs": "",
2170 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
2171 "children": [],
2172 "docker_id": "",
2173 "execve": [],
2174 "exit_code": 0,
2175 "exit_signal": 4294967295,
2176 "exit_timestamp": "2024-08-31T08:14:08.447Z"
2177 },
2178 {
2179 "star": false,
2180 "start_timestamp": "2024-08-31T08:14:08.377Z",
2181 "ppid": 29661,
2182 "parentTgid": 29655,
2183 "pid": 29676,
2184 "tgid": 29670,
2185 "args": [
2186 "libnetwork-setkey",
2187 "-exec-root=/var/run/docker",
2188 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
2189 "bfa4cdf55fe4",
2190 ""
2191 ],
2192 "comm": "exe",
2193 "rootfs": "",
2194 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
2195 "children": [],
2196 "docker_id": "",
2197 "execve": [],
2198 "exit_code": 0,
2199 "exit_signal": 4294967295,
2200 "exit_timestamp": "2024-08-31T08:14:08.447Z"
2201 },
2202 {
2203 "star": false,
2204 "start_timestamp": "2024-08-31T08:14:08.377Z",
2205 "ppid": 29661,
2206 "parentTgid": 29655,
2207 "pid": 29677,
2208 "tgid": 29670,
2209 "args": [
2210 "libnetwork-setkey",
2211 "-exec-root=/var/run/docker",
2212 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
2213 "bfa4cdf55fe4",
2214 ""
2215 ],
2216 "comm": "exe",
2217 "rootfs": "",
2218 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
2219 "children": [],
2220 "docker_id": "",
2221 "execve": [],
2222 "exit_code": 0,
2223 "exit_signal": 4294967295,
2224 "exit_timestamp": "2024-08-31T08:14:08.446Z"
2225 },
2226 {
2227 "star": false,
2228 "start_timestamp": "2024-08-31T08:14:08.409Z",
2229 "ppid": 29661,
2230 "parentTgid": 29655,
2231 "pid": 29678,
2232 "tgid": 29670,
2233 "args": [
2234 "libnetwork-setkey",
2235 "-exec-root=/var/run/docker",
2236 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
2237 "bfa4cdf55fe4",
2238 ""
2239 ],
2240 "comm": "exe",
2241 "rootfs": "",
2242 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
2243 "children": [],
2244 "docker_id": "",
2245 "execve": [],
2246 "exit_code": 0,
2247 "exit_signal": 4294967295,
2248 "exit_timestamp": "2024-08-31T08:14:08.447Z"
2249 },
2250 {
2251 "star": false,
2252 "start_timestamp": "2024-08-31T08:14:08.411Z",
2253 "ppid": 29661,
2254 "parentTgid": 29655,
2255 "pid": 29679,
2256 "tgid": 29670,
2257 "args": [
2258 "libnetwork-setkey",
2259 "-exec-root=/var/run/docker",
2260 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
2261 "bfa4cdf55fe4",
2262 ""
2263 ],
2264 "comm": "exe",
2265 "rootfs": "",
2266 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
2267 "children": [],
2268 "docker_id": "",
2269 "execve": [],
2270 "exit_code": 0,
2271 "exit_signal": 4294967295,
2272 "exit_timestamp": "2024-08-31T08:14:08.447Z"
2273 }
2274 ],
2275 "child_tgid": []
2276}
2277
2278{
2279 "tgid": 29698,
2280 "findPid": {
2281 "29698": 0,
2282 "29699": 1,
2283 "29700": 2,
2284 "29701": 3,
2285 "29702": 4,
2286 "29703": 5,
2287 "29704": 6,
2288 "29706": 7,
2289 "29708": 8
2290 },
2291 "threads": [
2292 {
2293 "star": false,
2294 "start_timestamp": "2024-08-31T08:14:10.761Z",
2295 "ppid": 29653,
2296 "parentTgid": 29643,
2297 "pid": 29698,
2298 "tgid": 29698,
2299 "args": null,
2300 "comm": "runc",
2301 "rootfs": "",
2302 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
2303 "children": [],
2304 "docker_id": "",
2305 "execve": [
2306 {
2307 "timestamp": "2024-08-31T08:14:10.759Z",
2308 "execArgs": [
2309 "runc",
2310 "--root",
2311 "/var/run/docker/runtime-runc/moby",
2312 "--log",
2313 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
2314 "--log-format",
2315 "json",
2316 "exec",
2317 "--process",
2318 "/tmp/runc-process1902905867",
2319 "--console-socket",
2320 "/tmp/pty1898144877/pty.sock",
2321 "--detach",
2322 "--pid-file",
2323 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/c6e050f2c678e1cb32384153c653278d955248edb07ceb8a7cc6a0f3785f764a.pid",
2324 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19"
2325 ]
2326 }
2327 ],
2328 "exit_code": 0,
2329 "exit_signal": 17,
2330 "exit_timestamp": "2024-08-31T08:14:10.814Z"
2331 },
2332 {
2333 "star": false,
2334 "start_timestamp": "2024-08-31T08:14:10.765Z",
2335 "ppid": 29653,
2336 "parentTgid": 29643,
2337 "pid": 29699,
2338 "tgid": 29698,
2339 "args": [
2340 "runc",
2341 "--root",
2342 "/var/run/docker/runtime-runc/moby",
2343 "--log",
2344 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
2345 "--log-format",
2346 "json",
2347 "exec",
2348 "--process",
2349 "/tmp/runc-process1902905867",
2350 "--console-socket",
2351 "/tmp/pty1898144877/pty.sock",
2352 "--detach",
2353 "--pid-file",
2354 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/c6e050f2c678e1cb32384153c653278d955248edb07ceb8a7cc6a0f3785f764a.pid",
2355 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
2356 ""
2357 ],
2358 "comm": "runc",
2359 "rootfs": "",
2360 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
2361 "children": [],
2362 "docker_id": "",
2363 "execve": [],
2364 "exit_code": 0,
2365 "exit_signal": 4294967295,
2366 "exit_timestamp": "2024-08-31T08:14:10.815Z"
2367 },
2368 {
2369 "star": false,
2370 "start_timestamp": "2024-08-31T08:14:10.765Z",
2371 "ppid": 29653,
2372 "parentTgid": 29643,
2373 "pid": 29700,
2374 "tgid": 29698,
2375 "args": [
2376 "runc",
2377 "--root",
2378 "/var/run/docker/runtime-runc/moby",
2379 "--log",
2380 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
2381 "--log-format",
2382 "json",
2383 "exec",
2384 "--process",
2385 "/tmp/runc-process1902905867",
2386 "--console-socket",
2387 "/tmp/pty1898144877/pty.sock",
2388 "--detach",
2389 "--pid-file",
2390 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/c6e050f2c678e1cb32384153c653278d955248edb07ceb8a7cc6a0f3785f764a.pid",
2391 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
2392 ""
2393 ],
2394 "comm": "runc",
2395 "rootfs": "",
2396 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
2397 "children": [],
2398 "docker_id": "",
2399 "execve": [],
2400 "exit_code": 0,
2401 "exit_signal": 4294967295,
2402 "exit_timestamp": "2024-08-31T08:14:10.815Z"
2403 },
2404 {
2405 "star": false,
2406 "start_timestamp": "2024-08-31T08:14:10.766Z",
2407 "ppid": 29653,
2408 "parentTgid": 29643,
2409 "pid": 29701,
2410 "tgid": 29698,
2411 "args": [
2412 "runc",
2413 "--root",
2414 "/var/run/docker/runtime-runc/moby",
2415 "--log",
2416 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
2417 "--log-format",
2418 "json",
2419 "exec",
2420 "--process",
2421 "/tmp/runc-process1902905867",
2422 "--console-socket",
2423 "/tmp/pty1898144877/pty.sock",
2424 "--detach",
2425 "--pid-file",
2426 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/c6e050f2c678e1cb32384153c653278d955248edb07ceb8a7cc6a0f3785f764a.pid",
2427 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
2428 ""
2429 ],
2430 "comm": "runc",
2431 "rootfs": "",
2432 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
2433 "children": [],
2434 "docker_id": "",
2435 "execve": [],
2436 "exit_code": 0,
2437 "exit_signal": 4294967295,
2438 "exit_timestamp": "2024-08-31T08:14:10.814Z"
2439 },
2440 {
2441 "star": false,
2442 "start_timestamp": "2024-08-31T08:14:10.766Z",
2443 "ppid": 29653,
2444 "parentTgid": 29643,
2445 "pid": 29702,
2446 "tgid": 29698,
2447 "args": [
2448 "runc",
2449 "--root",
2450 "/var/run/docker/runtime-runc/moby",
2451 "--log",
2452 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
2453 "--log-format",
2454 "json",
2455 "exec",
2456 "--process",
2457 "/tmp/runc-process1902905867",
2458 "--console-socket",
2459 "/tmp/pty1898144877/pty.sock",
2460 "--detach",
2461 "--pid-file",
2462 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/c6e050f2c678e1cb32384153c653278d955248edb07ceb8a7cc6a0f3785f764a.pid",
2463 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
2464 ""
2465 ],
2466 "comm": "runc",
2467 "rootfs": "",
2468 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
2469 "children": [],
2470 "docker_id": "",
2471 "execve": [],
2472 "exit_code": 0,
2473 "exit_signal": 4294967295,
2474 "exit_timestamp": "2024-08-31T08:14:10.814Z"
2475 },
2476 {
2477 "star": false,
2478 "start_timestamp": "2024-08-31T08:14:10.771Z",
2479 "ppid": 29653,
2480 "parentTgid": 29643,
2481 "pid": 29703,
2482 "tgid": 29698,
2483 "args": [
2484 "runc",
2485 "--root",
2486 "/var/run/docker/runtime-runc/moby",
2487 "--log",
2488 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
2489 "--log-format",
2490 "json",
2491 "exec",
2492 "--process",
2493 "/tmp/runc-process1902905867",
2494 "--console-socket",
2495 "/tmp/pty1898144877/pty.sock",
2496 "--detach",
2497 "--pid-file",
2498 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/c6e050f2c678e1cb32384153c653278d955248edb07ceb8a7cc6a0f3785f764a.pid",
2499 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
2500 ""
2501 ],
2502 "comm": "runc",
2503 "rootfs": "",
2504 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
2505 "children": [
2506 29705,
2507 29707,
2508 29709,
2509 29710,
2510 29711,
2511 29712,
2512 29713,
2513 29714
2514 ],
2515 "docker_id": "",
2516 "execve": [],
2517 "exit_code": 0,
2518 "exit_signal": 4294967295,
2519 "exit_timestamp": "2024-08-31T08:14:10.813Z"
2520 },
2521 {
2522 "star": false,
2523 "start_timestamp": "2024-08-31T08:14:10.773Z",
2524 "ppid": 29653,
2525 "parentTgid": 29643,
2526 "pid": 29704,
2527 "tgid": 29698,
2528 "args": [
2529 "runc",
2530 "--root",
2531 "/var/run/docker/runtime-runc/moby",
2532 "--log",
2533 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
2534 "--log-format",
2535 "json",
2536 "exec",
2537 "--process",
2538 "/tmp/runc-process1902905867",
2539 "--console-socket",
2540 "/tmp/pty1898144877/pty.sock",
2541 "--detach",
2542 "--pid-file",
2543 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/c6e050f2c678e1cb32384153c653278d955248edb07ceb8a7cc6a0f3785f764a.pid",
2544 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
2545 ""
2546 ],
2547 "comm": "runc",
2548 "rootfs": "",
2549 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
2550 "children": [],
2551 "docker_id": "",
2552 "execve": [],
2553 "exit_code": 0,
2554 "exit_signal": 4294967295,
2555 "exit_timestamp": "2024-08-31T08:14:10.814Z"
2556 },
2557 {
2558 "star": false,
2559 "start_timestamp": "2024-08-31T08:14:10.791Z",
2560 "ppid": 29653,
2561 "parentTgid": 29643,
2562 "pid": 29706,
2563 "tgid": 29698,
2564 "args": [
2565 "runc",
2566 "--root",
2567 "/var/run/docker/runtime-runc/moby",
2568 "--log",
2569 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
2570 "--log-format",
2571 "json",
2572 "exec",
2573 "--process",
2574 "/tmp/runc-process1902905867",
2575 "--console-socket",
2576 "/tmp/pty1898144877/pty.sock",
2577 "--detach",
2578 "--pid-file",
2579 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/c6e050f2c678e1cb32384153c653278d955248edb07ceb8a7cc6a0f3785f764a.pid",
2580 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
2581 ""
2582 ],
2583 "comm": "runc",
2584 "rootfs": "",
2585 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
2586 "children": [],
2587 "docker_id": "",
2588 "execve": [],
2589 "exit_code": 0,
2590 "exit_signal": 4294967295,
2591 "exit_timestamp": "2024-08-31T08:14:10.815Z"
2592 },
2593 {
2594 "star": false,
2595 "start_timestamp": "2024-08-31T08:14:10.792Z",
2596 "ppid": 29653,
2597 "parentTgid": 29643,
2598 "pid": 29708,
2599 "tgid": 29698,
2600 "args": [
2601 "runc",
2602 "--root",
2603 "/var/run/docker/runtime-runc/moby",
2604 "--log",
2605 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
2606 "--log-format",
2607 "json",
2608 "exec",
2609 "--process",
2610 "/tmp/runc-process1902905867",
2611 "--console-socket",
2612 "/tmp/pty1898144877/pty.sock",
2613 "--detach",
2614 "--pid-file",
2615 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/c6e050f2c678e1cb32384153c653278d955248edb07ceb8a7cc6a0f3785f764a.pid",
2616 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
2617 ""
2618 ],
2619 "comm": "runc",
2620 "rootfs": "",
2621 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
2622 "children": [],
2623 "docker_id": "",
2624 "execve": [],
2625 "exit_code": 0,
2626 "exit_signal": 4294967295,
2627 "exit_timestamp": "2024-08-31T08:14:10.816Z"
2628 }
2629 ],
2630 "child_tgid": [
2631 29705,
2632 29707,
2633 29709
2634 ]
2635}
2636
2637{
2638 "tgid": 29705,
2639 "findPid": {
2640 "29705": 0
2641 },
2642 "threads": [
2643 {
2644 "star": false,
2645 "start_timestamp": "0001-01-01T00:00:00Z",
2646 "ppid": 29703,
2647 "parentTgid": 29698,
2648 "pid": 29705,
2649 "tgid": 29705,
2650 "args": [
2651 "runc",
2652 "init",
2653 ""
2654 ],
2655 "comm": "exe",
2656 "rootfs": "",
2657 "cwd": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
2658 "children": [],
2659 "docker_id": "",
2660 "execve": [
2661 {
2662 "timestamp": "2024-08-31T08:14:10.773Z",
2663 "execArgs": [
2664 "runc",
2665 "init"
2666 ]
2667 },
2668 {
2669 "timestamp": "2024-08-31T08:14:10.788Z",
2670 "execArgs": [
2671 "runc",
2672 "init"
2673 ]
2674 }
2675 ],
2676 "exit_code": 0,
2677 "exit_signal": 17,
2678 "exit_timestamp": "2024-08-31T08:14:10.795Z"
2679 }
2680 ],
2681 "child_tgid": []
2682}
2683
2684{
2685 "tgid": 29707,
2686 "findPid": {
2687 "29707": 0
2688 },
2689 "threads": [
2690 {
2691 "star": false,
2692 "start_timestamp": "2024-08-31T08:14:10.792Z",
2693 "ppid": 29703,
2694 "parentTgid": 29698,
2695 "pid": 29707,
2696 "tgid": 29707,
2697 "args": [
2698 "runc",
2699 "init",
2700 ""
2701 ],
2702 "comm": "runc:[1:CHILD]",
2703 "rootfs": "",
2704 "cwd": "/",
2705 "children": [],
2706 "docker_id": "",
2707 "execve": [],
2708 "exit_code": 0,
2709 "exit_signal": 17,
2710 "exit_timestamp": "2024-08-31T08:14:10.793Z"
2711 }
2712 ],
2713 "child_tgid": []
2714}
2715
2716{
2717 "tgid": 29709,
2718 "findPid": {
2719 "29709": 0,
2720 "29710": 1,
2721 "29711": 2,
2722 "29712": 3,
2723 "29713": 4,
2724 "29714": 5
2725 },
2726 "threads": [
2727 {
2728 "star": false,
2729 "start_timestamp": "2024-08-31T08:14:10.793Z",
2730 "ppid": 29703,
2731 "parentTgid": 29698,
2732 "pid": 29709,
2733 "tgid": 29709,
2734 "args": [
2735 "runc",
2736 "init",
2737 ""
2738 ],
2739 "comm": "runc:[2:INIT]",
2740 "rootfs": "",
2741 "cwd": "/",
2742 "children": [
2743 29715,
2744 29717,
2745 29723
2746 ],
2747 "docker_id": "",
2748 "execve": [
2749 {
2750 "timestamp": "2024-08-31T08:14:10.812Z",
2751 "execArgs": [
2752 "bash"
2753 ]
2754 }
2755 ],
2756 "exit_code": 0,
2757 "exit_signal": 17,
2758 "exit_timestamp": "2024-08-31T08:14:23.918Z"
2759 },
2760 {
2761 "star": false,
2762 "start_timestamp": "2024-08-31T08:14:10.795Z",
2763 "ppid": 29703,
2764 "parentTgid": 29698,
2765 "pid": 29710,
2766 "tgid": 29709,
2767 "args": [
2768 "runc",
2769 "init",
2770 ""
2771 ],
2772 "comm": "runc:[2:INIT]",
2773 "rootfs": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
2774 "cwd": "/",
2775 "children": [],
2776 "docker_id": "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
2777 "execve": [],
2778 "exit_code": 0,
2779 "exit_signal": 4294967295,
2780 "exit_timestamp": "2024-08-31T08:14:10.816Z"
2781 },
2782 {
2783 "star": false,
2784 "start_timestamp": "2024-08-31T08:14:10.795Z",
2785 "ppid": 29703,
2786 "parentTgid": 29698,
2787 "pid": 29711,
2788 "tgid": 29709,
2789 "args": [
2790 "runc",
2791 "init",
2792 ""
2793 ],
2794 "comm": "runc:[2:INIT]",
2795 "rootfs": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
2796 "cwd": "/",
2797 "children": [],
2798 "docker_id": "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
2799 "execve": [],
2800 "exit_code": 0,
2801 "exit_signal": 4294967295,
2802 "exit_timestamp": "2024-08-31T08:14:10.813Z"
2803 },
2804 {
2805 "star": false,
2806 "start_timestamp": "2024-08-31T08:14:10.796Z",
2807 "ppid": 29703,
2808 "parentTgid": 29698,
2809 "pid": 29712,
2810 "tgid": 29709,
2811 "args": [
2812 "runc",
2813 "init",
2814 ""
2815 ],
2816 "comm": "runc:[2:INIT]",
2817 "rootfs": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
2818 "cwd": "/",
2819 "children": [],
2820 "docker_id": "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
2821 "execve": [],
2822 "exit_code": 0,
2823 "exit_signal": 4294967295,
2824 "exit_timestamp": "2024-08-31T08:14:10.813Z"
2825 },
2826 {
2827 "star": false,
2828 "start_timestamp": "2024-08-31T08:14:10.796Z",
2829 "ppid": 29703,
2830 "parentTgid": 29698,
2831 "pid": 29713,
2832 "tgid": 29709,
2833 "args": [
2834 "runc",
2835 "init",
2836 ""
2837 ],
2838 "comm": "runc:[2:INIT]",
2839 "rootfs": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
2840 "cwd": "/",
2841 "children": [],
2842 "docker_id": "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
2843 "execve": [],
2844 "exit_code": 0,
2845 "exit_signal": 4294967295,
2846 "exit_timestamp": "2024-08-31T08:14:10.816Z"
2847 },
2848 {
2849 "star": false,
2850 "start_timestamp": "2024-08-31T08:14:10.797Z",
2851 "ppid": 29703,
2852 "parentTgid": 29698,
2853 "pid": 29714,
2854 "tgid": 29709,
2855 "args": [
2856 "runc",
2857 "init",
2858 ""
2859 ],
2860 "comm": "runc:[2:INIT]",
2861 "rootfs": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
2862 "cwd": "/",
2863 "children": [],
2864 "docker_id": "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
2865 "execve": [],
2866 "exit_code": 0,
2867 "exit_signal": 4294967295,
2868 "exit_timestamp": "2024-08-31T08:14:10.816Z"
2869 }
2870 ],
2871 "child_tgid": [
2872 29715,
2873 29717,
2874 29723
2875 ]
2876}
2877
2878{
2879 "tgid": 29715,
2880 "findPid": {
2881 "29715": 0
2882 },
2883 "threads": [
2884 {
2885 "star": false,
2886 "start_timestamp": "2024-08-31T08:14:10.817Z",
2887 "ppid": 29709,
2888 "parentTgid": 29709,
2889 "pid": 29715,
2890 "tgid": 29715,
2891 "args": [
2892 "bash",
2893 ""
2894 ],
2895 "comm": "bash",
2896 "rootfs": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
2897 "cwd": "/",
2898 "children": [
2899 29716
2900 ],
2901 "docker_id": "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
2902 "execve": [],
2903 "exit_code": 0,
2904 "exit_signal": 17,
2905 "exit_timestamp": "2024-08-31T08:14:10.82Z"
2906 }
2907 ],
2908 "child_tgid": [
2909 29716
2910 ]
2911}
2912
2913{
2914 "tgid": 29716,
2915 "findPid": {
2916 "29716": 0
2917 },
2918 "threads": [
2919 {
2920 "star": false,
2921 "start_timestamp": "2024-08-31T08:14:10.817Z",
2922 "ppid": 29715,
2923 "parentTgid": 29715,
2924 "pid": 29716,
2925 "tgid": 29716,
2926 "args": [
2927 "bash",
2928 ""
2929 ],
2930 "comm": "bash",
2931 "rootfs": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
2932 "cwd": "/",
2933 "children": [],
2934 "docker_id": "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
2935 "execve": [
2936 {
2937 "timestamp": "2024-08-31T08:14:10.816Z",
2938 "execArgs": [
2939 "groups"
2940 ]
2941 }
2942 ],
2943 "exit_code": 0,
2944 "exit_signal": 17,
2945 "exit_timestamp": "2024-08-31T08:14:10.82Z"
2946 }
2947 ],
2948 "child_tgid": []
2949}
2950
2951{
2952 "tgid": 29717,
2953 "findPid": {
2954 "29717": 0
2955 },
2956 "threads": [
2957 {
2958 "star": false,
2959 "start_timestamp": "2024-08-31T08:14:10.821Z",
2960 "ppid": 29709,
2961 "parentTgid": 29709,
2962 "pid": 29717,
2963 "tgid": 29717,
2964 "args": [
2965 "bash",
2966 ""
2967 ],
2968 "comm": "bash",
2969 "rootfs": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
2970 "cwd": "/",
2971 "children": [
2972 29718
2973 ],
2974 "docker_id": "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
2975 "execve": [],
2976 "exit_code": 0,
2977 "exit_signal": 17,
2978 "exit_timestamp": "2024-08-31T08:14:10.825Z"
2979 }
2980 ],
2981 "child_tgid": [
2982 29718
2983 ]
2984}
2985
2986{
2987 "tgid": 29718,
2988 "findPid": {
2989 "29718": 0
2990 },
2991 "threads": [
2992 {
2993 "star": false,
2994 "start_timestamp": "2024-08-31T08:14:10.822Z",
2995 "ppid": 29717,
2996 "parentTgid": 29717,
2997 "pid": 29718,
2998 "tgid": 29718,
2999 "args": [
3000 "bash",
3001 ""
3002 ],
3003 "comm": "bash",
3004 "rootfs": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
3005 "cwd": "/",
3006 "children": [],
3007 "docker_id": "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
3008 "execve": [
3009 {
3010 "timestamp": "2024-08-31T08:14:10.822Z",
3011 "execArgs": [
3012 "dircolors",
3013 "-b"
3014 ]
3015 }
3016 ],
3017 "exit_code": 0,
3018 "exit_signal": 17,
3019 "exit_timestamp": "2024-08-31T08:14:10.823Z"
3020 }
3021 ],
3022 "child_tgid": []
3023}
3024
3025{
3026 "tgid": 29723,
3027 "findPid": {
3028 "29723": 0
3029 },
3030 "threads": [
3031 {
3032 "star": false,
3033 "start_timestamp": "2024-08-31T08:14:15.335Z",
3034 "ppid": 29709,
3035 "parentTgid": 29709,
3036 "pid": 29723,
3037 "tgid": 29723,
3038 "args": [
3039 "bash",
3040 ""
3041 ],
3042 "comm": "bash",
3043 "rootfs": "/var/lib/docker/overlay2/05388c9b3058bda549ac94c934466cbeb0ff774128bbb3dd52d2019fd7d08c3b/merged",
3044 "cwd": "/",
3045 "children": [],
3046 "docker_id": "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
3047 "execve": [
3048 {
3049 "timestamp": "2024-08-31T08:14:15.334Z",
3050 "execArgs": [
3051 "vim",
3052 "/root/hello.c"
3053 ]
3054 }
3055 ],
3056 "exit_code": 0,
3057 "exit_signal": 17,
3058 "exit_timestamp": "2024-08-31T08:14:21.954Z"
3059 }
3060 ],
3061 "child_tgid": []
3062}
3063
3064{
3065 "tgid": 29749,
3066 "findPid": {
3067 "29749": 0,
3068 "29750": 1,
3069 "29751": 2,
3070 "29752": 3,
3071 "29753": 4,
3072 "29754": 5
3073 },
3074 "threads": [
3075 {
3076 "star": false,
3077 "start_timestamp": "2024-08-31T08:14:26.658Z",
3078 "ppid": 29654,
3079 "parentTgid": 29643,
3080 "pid": 29749,
3081 "tgid": 29749,
3082 "args": [
3083 "/usr/bin/containerd-shim-runc-v2",
3084 "-namespace",
3085 "moby",
3086 "-id",
3087 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
3088 "-address",
3089 "/run/containerd/containerd.sock",
3090 ""
3091 ],
3092 "comm": "containerd-shim",
3093 "rootfs": "",
3094 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
3095 "children": [],
3096 "docker_id": "",
3097 "execve": [
3098 {
3099 "timestamp": "2024-08-31T08:14:26.66Z",
3100 "execArgs": [
3101 "runc",
3102 "--root",
3103 "/var/run/docker/runtime-runc/moby",
3104 "--log",
3105 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
3106 "--log-format",
3107 "json",
3108 "delete",
3109 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19"
3110 ]
3111 }
3112 ],
3113 "exit_code": 0,
3114 "exit_signal": 17,
3115 "exit_timestamp": "2024-08-31T08:14:26.675Z"
3116 },
3117 {
3118 "star": false,
3119 "start_timestamp": "2024-08-31T08:14:26.665Z",
3120 "ppid": 29654,
3121 "parentTgid": 29643,
3122 "pid": 29750,
3123 "tgid": 29749,
3124 "args": [
3125 "runc",
3126 "--root",
3127 "/var/run/docker/runtime-runc/moby",
3128 "--log",
3129 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
3130 "--log-format",
3131 "json",
3132 "delete",
3133 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
3134 ""
3135 ],
3136 "comm": "runc",
3137 "rootfs": "",
3138 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
3139 "children": [],
3140 "docker_id": "",
3141 "execve": [],
3142 "exit_code": 0,
3143 "exit_signal": 4294967295,
3144 "exit_timestamp": "2024-08-31T08:14:26.675Z"
3145 },
3146 {
3147 "star": false,
3148 "start_timestamp": "2024-08-31T08:14:26.665Z",
3149 "ppid": 29654,
3150 "parentTgid": 29643,
3151 "pid": 29751,
3152 "tgid": 29749,
3153 "args": [
3154 "runc",
3155 "--root",
3156 "/var/run/docker/runtime-runc/moby",
3157 "--log",
3158 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
3159 "--log-format",
3160 "json",
3161 "delete",
3162 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
3163 ""
3164 ],
3165 "comm": "runc",
3166 "rootfs": "",
3167 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
3168 "children": [],
3169 "docker_id": "",
3170 "execve": [],
3171 "exit_code": 0,
3172 "exit_signal": 4294967295,
3173 "exit_timestamp": "2024-08-31T08:14:26.675Z"
3174 },
3175 {
3176 "star": false,
3177 "start_timestamp": "2024-08-31T08:14:26.666Z",
3178 "ppid": 29654,
3179 "parentTgid": 29643,
3180 "pid": 29752,
3181 "tgid": 29749,
3182 "args": [
3183 "runc",
3184 "--root",
3185 "/var/run/docker/runtime-runc/moby",
3186 "--log",
3187 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
3188 "--log-format",
3189 "json",
3190 "delete",
3191 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
3192 ""
3193 ],
3194 "comm": "runc",
3195 "rootfs": "",
3196 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
3197 "children": [],
3198 "docker_id": "",
3199 "execve": [],
3200 "exit_code": 0,
3201 "exit_signal": 4294967295,
3202 "exit_timestamp": "2024-08-31T08:14:26.676Z"
3203 },
3204 {
3205 "star": false,
3206 "start_timestamp": "2024-08-31T08:14:26.666Z",
3207 "ppid": 29654,
3208 "parentTgid": 29643,
3209 "pid": 29753,
3210 "tgid": 29749,
3211 "args": [
3212 "runc",
3213 "--root",
3214 "/var/run/docker/runtime-runc/moby",
3215 "--log",
3216 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
3217 "--log-format",
3218 "json",
3219 "delete",
3220 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
3221 ""
3222 ],
3223 "comm": "runc",
3224 "rootfs": "",
3225 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
3226 "children": [],
3227 "docker_id": "",
3228 "execve": [],
3229 "exit_code": 0,
3230 "exit_signal": 4294967295,
3231 "exit_timestamp": "2024-08-31T08:14:26.675Z"
3232 },
3233 {
3234 "star": false,
3235 "start_timestamp": "2024-08-31T08:14:26.666Z",
3236 "ppid": 29654,
3237 "parentTgid": 29643,
3238 "pid": 29754,
3239 "tgid": 29749,
3240 "args": [
3241 "runc",
3242 "--root",
3243 "/var/run/docker/runtime-runc/moby",
3244 "--log",
3245 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
3246 "--log-format",
3247 "json",
3248 "delete",
3249 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
3250 ""
3251 ],
3252 "comm": "runc",
3253 "rootfs": "",
3254 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
3255 "children": [],
3256 "docker_id": "",
3257 "execve": [],
3258 "exit_code": 0,
3259 "exit_signal": 4294967295,
3260 "exit_timestamp": "2024-08-31T08:14:26.676Z"
3261 }
3262 ],
3263 "child_tgid": []
3264}
3265
3266{
3267 "tgid": 29758,
3268 "findPid": {
3269 "29758": 0,
3270 "29759": 1,
3271 "29760": 2,
3272 "29761": 3,
3273 "29762": 4,
3274 "29763": 5,
3275 "29764": 6
3276 },
3277 "threads": [
3278 {
3279 "star": false,
3280 "start_timestamp": "2024-08-31T08:14:26.679Z",
3281 "ppid": 19408,
3282 "parentTgid": 18009,
3283 "pid": 29758,
3284 "tgid": 29758,
3285 "args": [
3286 "/usr/bin/containerd",
3287 ""
3288 ],
3289 "comm": "containerd",
3290 "rootfs": "",
3291 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
3292 "children": [],
3293 "docker_id": "",
3294 "execve": [
3295 {
3296 "timestamp": "2024-08-31T08:14:26.678Z",
3297 "execArgs": [
3298 "/usr/bin/containerd-shim-runc-v2",
3299 "-namespace",
3300 "moby",
3301 "-address",
3302 "/run/containerd/containerd.sock",
3303 "-publish-binary",
3304 "/usr/bin/containerd",
3305 "-id",
3306 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
3307 "-bundle",
3308 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
3309 "delete"
3310 ]
3311 }
3312 ],
3313 "exit_code": 0,
3314 "exit_signal": 17,
3315 "exit_timestamp": "2024-08-31T08:14:26.71Z"
3316 },
3317 {
3318 "star": false,
3319 "start_timestamp": "2024-08-31T08:14:26.681Z",
3320 "ppid": 19408,
3321 "parentTgid": 18009,
3322 "pid": 29759,
3323 "tgid": 29758,
3324 "args": [
3325 "/usr/bin/containerd-shim-runc-v2",
3326 "-namespace",
3327 "moby",
3328 "-address",
3329 "/run/containerd/containerd.sock",
3330 "-publish-binary",
3331 "/usr/bin/containerd",
3332 "-id",
3333 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
3334 "-bundle",
3335 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
3336 "delete",
3337 ""
3338 ],
3339 "comm": "containerd-shim",
3340 "rootfs": "",
3341 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
3342 "children": [],
3343 "docker_id": "",
3344 "execve": [],
3345 "exit_code": 0,
3346 "exit_signal": 4294967295,
3347 "exit_timestamp": "2024-08-31T08:14:26.719Z"
3348 },
3349 {
3350 "star": false,
3351 "start_timestamp": "2024-08-31T08:14:26.682Z",
3352 "ppid": 19408,
3353 "parentTgid": 18009,
3354 "pid": 29760,
3355 "tgid": 29758,
3356 "args": [
3357 "/usr/bin/containerd-shim-runc-v2",
3358 "-namespace",
3359 "moby",
3360 "-address",
3361 "/run/containerd/containerd.sock",
3362 "-publish-binary",
3363 "/usr/bin/containerd",
3364 "-id",
3365 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
3366 "-bundle",
3367 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
3368 "delete",
3369 ""
3370 ],
3371 "comm": "containerd-shim",
3372 "rootfs": "",
3373 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
3374 "children": [],
3375 "docker_id": "",
3376 "execve": [],
3377 "exit_code": 0,
3378 "exit_signal": 4294967295,
3379 "exit_timestamp": "2024-08-31T08:14:26.71Z"
3380 },
3381 {
3382 "star": false,
3383 "start_timestamp": "2024-08-31T08:14:26.682Z",
3384 "ppid": 19408,
3385 "parentTgid": 18009,
3386 "pid": 29761,
3387 "tgid": 29758,
3388 "args": [
3389 "/usr/bin/containerd-shim-runc-v2",
3390 "-namespace",
3391 "moby",
3392 "-address",
3393 "/run/containerd/containerd.sock",
3394 "-publish-binary",
3395 "/usr/bin/containerd",
3396 "-id",
3397 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
3398 "-bundle",
3399 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
3400 "delete",
3401 ""
3402 ],
3403 "comm": "containerd-shim",
3404 "rootfs": "",
3405 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
3406 "children": [],
3407 "docker_id": "",
3408 "execve": [],
3409 "exit_code": 0,
3410 "exit_signal": 4294967295,
3411 "exit_timestamp": "2024-08-31T08:14:26.709Z"
3412 },
3413 {
3414 "star": false,
3415 "start_timestamp": "2024-08-31T08:14:26.694Z",
3416 "ppid": 19408,
3417 "parentTgid": 18009,
3418 "pid": 29762,
3419 "tgid": 29758,
3420 "args": [
3421 "/usr/bin/containerd-shim-runc-v2",
3422 "-namespace",
3423 "moby",
3424 "-address",
3425 "/run/containerd/containerd.sock",
3426 "-publish-binary",
3427 "/usr/bin/containerd",
3428 "-id",
3429 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
3430 "-bundle",
3431 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
3432 "delete",
3433 ""
3434 ],
3435 "comm": "containerd-shim",
3436 "rootfs": "",
3437 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
3438 "children": [],
3439 "docker_id": "",
3440 "execve": [],
3441 "exit_code": 0,
3442 "exit_signal": 4294967295,
3443 "exit_timestamp": "2024-08-31T08:14:26.71Z"
3444 },
3445 {
3446 "star": false,
3447 "start_timestamp": "2024-08-31T08:14:26.694Z",
3448 "ppid": 19408,
3449 "parentTgid": 18009,
3450 "pid": 29763,
3451 "tgid": 29758,
3452 "args": [
3453 "/usr/bin/containerd-shim-runc-v2",
3454 "-namespace",
3455 "moby",
3456 "-address",
3457 "/run/containerd/containerd.sock",
3458 "-publish-binary",
3459 "/usr/bin/containerd",
3460 "-id",
3461 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
3462 "-bundle",
3463 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
3464 "delete",
3465 ""
3466 ],
3467 "comm": "containerd-shim",
3468 "rootfs": "",
3469 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
3470 "children": [],
3471 "docker_id": "",
3472 "execve": [],
3473 "exit_code": 0,
3474 "exit_signal": 4294967295,
3475 "exit_timestamp": "2024-08-31T08:14:26.709Z"
3476 },
3477 {
3478 "star": false,
3479 "start_timestamp": "2024-08-31T08:14:26.694Z",
3480 "ppid": 19408,
3481 "parentTgid": 18009,
3482 "pid": 29764,
3483 "tgid": 29758,
3484 "args": [
3485 "/usr/bin/containerd-shim-runc-v2",
3486 "-namespace",
3487 "moby",
3488 "-address",
3489 "/run/containerd/containerd.sock",
3490 "-publish-binary",
3491 "/usr/bin/containerd",
3492 "-id",
3493 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
3494 "-bundle",
3495 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
3496 "delete",
3497 ""
3498 ],
3499 "comm": "containerd-shim",
3500 "rootfs": "",
3501 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
3502 "children": [
3503 29765,
3504 29766,
3505 29767,
3506 29768,
3507 29769
3508 ],
3509 "docker_id": "",
3510 "execve": [],
3511 "exit_code": 0,
3512 "exit_signal": 4294967295,
3513 "exit_timestamp": "2024-08-31T08:14:26.709Z"
3514 }
3515 ],
3516 "child_tgid": [
3517 29765
3518 ]
3519}
3520
3521{
3522 "tgid": 29765,
3523 "findPid": {
3524 "29765": 0,
3525 "29766": 1,
3526 "29767": 2,
3527 "29768": 3,
3528 "29769": 4
3529 },
3530 "threads": [
3531 {
3532 "star": false,
3533 "start_timestamp": "2024-08-31T08:14:26.695Z",
3534 "ppid": 29764,
3535 "parentTgid": 29758,
3536 "pid": 29765,
3537 "tgid": 29765,
3538 "args": [
3539 "/usr/bin/containerd-shim-runc-v2",
3540 "-namespace",
3541 "moby",
3542 "-address",
3543 "/run/containerd/containerd.sock",
3544 "-publish-binary",
3545 "/usr/bin/containerd",
3546 "-id",
3547 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
3548 "-bundle",
3549 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
3550 "delete",
3551 ""
3552 ],
3553 "comm": "containerd-shim",
3554 "rootfs": "",
3555 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
3556 "children": [],
3557 "docker_id": "",
3558 "execve": [
3559 {
3560 "timestamp": "2024-08-31T08:14:26.694Z",
3561 "execArgs": [
3562 "runc",
3563 "--root",
3564 "/var/run/docker/runtime-runc/moby",
3565 "--log",
3566 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
3567 "--log-format",
3568 "json",
3569 "delete",
3570 "--force",
3571 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19"
3572 ]
3573 }
3574 ],
3575 "exit_code": 0,
3576 "exit_signal": 17,
3577 "exit_timestamp": "2024-08-31T08:14:26.706Z"
3578 },
3579 {
3580 "star": false,
3581 "start_timestamp": "2024-08-31T08:14:26.7Z",
3582 "ppid": 29764,
3583 "parentTgid": 29758,
3584 "pid": 29766,
3585 "tgid": 29765,
3586 "args": [
3587 "runc",
3588 "--root",
3589 "/var/run/docker/runtime-runc/moby",
3590 "--log",
3591 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
3592 "--log-format",
3593 "json",
3594 "delete",
3595 "--force",
3596 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
3597 ""
3598 ],
3599 "comm": "runc",
3600 "rootfs": "",
3601 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
3602 "children": [],
3603 "docker_id": "",
3604 "execve": [],
3605 "exit_code": 0,
3606 "exit_signal": 4294967295,
3607 "exit_timestamp": "2024-08-31T08:14:26.707Z"
3608 },
3609 {
3610 "star": false,
3611 "start_timestamp": "2024-08-31T08:14:26.701Z",
3612 "ppid": 29764,
3613 "parentTgid": 29758,
3614 "pid": 29767,
3615 "tgid": 29765,
3616 "args": [
3617 "runc",
3618 "--root",
3619 "/var/run/docker/runtime-runc/moby",
3620 "--log",
3621 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
3622 "--log-format",
3623 "json",
3624 "delete",
3625 "--force",
3626 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
3627 ""
3628 ],
3629 "comm": "runc",
3630 "rootfs": "",
3631 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
3632 "children": [],
3633 "docker_id": "",
3634 "execve": [],
3635 "exit_code": 0,
3636 "exit_signal": 4294967295,
3637 "exit_timestamp": "2024-08-31T08:14:26.706Z"
3638 },
3639 {
3640 "star": false,
3641 "start_timestamp": "2024-08-31T08:14:26.701Z",
3642 "ppid": 29764,
3643 "parentTgid": 29758,
3644 "pid": 29768,
3645 "tgid": 29765,
3646 "args": [
3647 "runc",
3648 "--root",
3649 "/var/run/docker/runtime-runc/moby",
3650 "--log",
3651 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
3652 "--log-format",
3653 "json",
3654 "delete",
3655 "--force",
3656 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
3657 ""
3658 ],
3659 "comm": "runc",
3660 "rootfs": "",
3661 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
3662 "children": [],
3663 "docker_id": "",
3664 "execve": [],
3665 "exit_code": 0,
3666 "exit_signal": 4294967295,
3667 "exit_timestamp": "2024-08-31T08:14:26.707Z"
3668 },
3669 {
3670 "star": false,
3671 "start_timestamp": "2024-08-31T08:14:26.703Z",
3672 "ppid": 29764,
3673 "parentTgid": 29758,
3674 "pid": 29769,
3675 "tgid": 29765,
3676 "args": [
3677 "runc",
3678 "--root",
3679 "/var/run/docker/runtime-runc/moby",
3680 "--log",
3681 "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json",
3682 "--log-format",
3683 "json",
3684 "delete",
3685 "--force",
3686 "15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
3687 ""
3688 ],
3689 "comm": "runc",
3690 "rootfs": "",
3691 "cwd": "/run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19",
3692 "children": [],
3693 "docker_id": "",
3694 "execve": [],
3695 "exit_code": 0,
3696 "exit_signal": 4294967295,
3697 "exit_timestamp": "2024-08-31T08:14:26.708Z"
3698 }
3699 ],
3700 "child_tgid": []
3701}
3702
diff --git a/filter/logs/tree.log b/filter/logs/tree.log
new file mode 100644
index 0000000..c9d7e34
--- /dev/null
+++ b/filter/logs/tree.log
@@ -0,0 +1,26 @@
1└── 18009:
2 ├── 29634: /usr/bin/containerd
3 │ └── 29643: /usr/bin/containerd-shim-runc-v2 -namespace moby -id 15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19 -address /run/containerd/containerd.sock
4 │ ├── 29680: /usr/bin/containerd-shim-runc-v2 -namespace moby -id 15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19 -address /run/containerd/containerd.sock
5 │ ├── 29742: /usr/bin/containerd-shim-runc-v2 -namespace moby -id 15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19 -address /run/containerd/containerd.sock
6 │ ├── 29655: /usr/bin/containerd-shim-runc-v2 -namespace moby -id 15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19 -address /run/containerd/containerd.sock
7 │ │ ├── 29662: runc --root /var/run/docker/runtime-runc/moby --log /run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json --log-format json create --bundle /run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19 --pid-file /run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/init.pid --console-socket /tmp/pty347635701/pty.sock 15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19
8 │ │ ├── 29663: runc init
9 │ │ ├── 29664: runc init
10 │ │ │ ├── 29686: /bin/bash
11 │ │ │ │ └── 29687:
12 │ │ │ └── 29688: /bin/bash
13 │ │ │ └── 29689: dircolors -b
14 │ │ └── 29670: runc --root /var/run/docker/runtime-runc/moby --log /run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/log.json --log-format json create --bundle /run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19 --pid-file /run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/init.pid --console-socket /tmp/pty347635701/pty.sock 15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19
15 │ ├── 29698:
16 │ │ ├── 29705: runc init
17 │ │ ├── 29707: runc init
18 │ │ └── 29709: runc init
19 │ │ ├── 29715: bash
20 │ │ │ └── 29716: bash
21 │ │ ├── 29717: bash
22 │ │ │ └── 29718: bash
23 │ │ └── 29723: bash
24 │ └── 29749: /usr/bin/containerd-shim-runc-v2 -namespace moby -id 15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19 -address /run/containerd/containerd.sock
25 └── 29758: /usr/bin/containerd
26 └── 29765: /usr/bin/containerd-shim-runc-v2 -namespace moby -address /run/containerd/containerd.sock -publish-binary /usr/bin/containerd -id 15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19 -bundle /run/containerd/io.containerd.runtime.v2.task/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19 delete
diff --git a/filter/pids.go b/filter/pids.go
new file mode 100644
index 0000000..bd4b095
--- /dev/null
+++ b/filter/pids.go
@@ -0,0 +1,301 @@
1package main
2
3import (
4 "encoding/json"
5 "fmt"
6 "os"
7 "sort"
8)
9
10var count int
11var starTgid int
12
13func filtPids(pRawPidData *[]Process) {
14 /* ATTENTION: 把map/slice直接传参是危险的
15 * 传递的是指针,不会引起大的复制开销,
16 * 但是map/slice在callee func内被修改**可能**导致内存更改
17 * 而这样的内存更改对caller function来说是不可见的,看到的还是原来的东西
18 * 这里由于参数几乎都是只读不写,因而用一下
19 */
20
21 // 合并由多线程导致的重复记录,顺便按照pid升序
22 // 多线程已经取消了,但保险起见还是留着
23 merged := mergeProcess(pRawPidData)
24 // 将Process按照tgid合并
25 var tgidMap map[int]*tgidNode
26 var rootfsPids []int
27 tgidMap, starTgid, rootfsPids = getTgidNodes(merged)
28 // 建树,helloTree
29 buildTree(tgidMap, starTgid)
30 // 对树上的进程做一些优化处理
31 optimazePid(starTgid, rootfsPids)
32}
33
34func ProMerge(a, b Process) (res Process) {
35 // 合并过程中会遇到什么问题?
36 res.Star = false
37
38 if a.StartTimestamp.IsZero() {
39 res.StartTimestamp = b.StartTimestamp
40 } else if b.StartTimestamp.IsZero() {
41 res.StartTimestamp = a.StartTimestamp
42 } else if a.StartTimestamp.Before(b.StartTimestamp) {
43 res.StartTimestamp = a.StartTimestamp
44 } else {
45 res.StartTimestamp = b.StartTimestamp
46 }
47
48 res.Ppid = a.Ppid
49 if a.ParentTgid == 0 {
50 res.ParentTgid = b.ParentTgid
51 } else {
52 res.ParentTgid = a.ParentTgid
53 }
54
55 res.Pid = a.Pid
56 if a.Tgid == 0 {
57 res.Tgid = b.Tgid
58 } else {
59 res.Tgid = a.Tgid
60 }
61
62 if len(a.Args) == 0 {
63 res.Args = b.Args
64 } else {
65 res.Args = a.Args
66 }
67
68 if a.Comm == "" {
69 res.Comm = b.Comm
70 } else {
71 res.Comm = a.Comm
72 }
73
74 if a.RootFS == "" {
75 res.RootFS = b.RootFS
76 } else {
77 res.RootFS = a.RootFS
78 }
79
80 if a.Cwd == "" {
81 res.Cwd = b.Cwd
82 } else {
83 res.Cwd = a.Cwd
84 }
85
86 res.Execve = append(a.Execve, b.Execve...)
87 res.Children = append(a.Children, b.Children...)
88
89 var flag bool // 真a假b
90 if a.ExitTimestamp.IsZero() {
91 flag = false
92 } else if b.ExitTimestamp.IsZero() {
93 flag = true
94 } else if a.ExitTimestamp.Before(b.ExitTimestamp) {
95 flag = true
96 } else {
97 flag = false
98 }
99
100 if flag {
101 res.ExitCode = a.ExitCode
102 res.ExitSignal = a.ExitSignal
103 res.ExitTimestamp = a.ExitTimestamp
104 } else {
105 res.ExitCode = b.ExitCode
106 res.ExitSignal = b.ExitSignal
107 res.ExitTimestamp = b.ExitTimestamp
108 }
109
110 return res
111}
112
113func mergeProcess(pRawPidData *[]Process) (merged []Process) {
114 rawPidData := *pRawPidData
115 // 合并由多线程导致的重复记录,顺便按照pid升序
116 index := make(map[int]int)
117 for _, process := range rawPidData {
118 i, exists := index[process.Pid]
119 if exists {
120 // 已存在,合并
121 merged[i] = ProMerge(merged[i], process)
122 } else {
123 // 不存在,直接添加
124 merged = append(merged, process)
125 index[process.Pid] = len(merged) - 1
126 }
127 }
128 sort.Slice(merged, func(i, j int) bool {
129 return merged[i].Pid < merged[j].Pid
130 })
131 return merged
132}
133
134func getTgidNodes(merged []Process) (tgidMap map[int]*tgidNode, starTgid int, rootfsPids []int) {
135 // 合并出来的进程整理为tgidNode
136 tgidMap = make(map[int]*tgidNode)
137 findTgid = make(map[int]int) // pid --> tgid
138 // var starTgid, rootFsPid int
139 starTgid = -1
140 // rootfsPid = -1
141 rootfsPids = make([]int, 0)
142 for _, val := range merged {
143 if val.Star {
144 starTgid = val.Tgid
145 } else if val.RootFS != "" {
146 rootfsPids = append(rootfsPids, val.Pid)
147 }
148 // 登记tgid
149 findTgid[val.Pid] = val.Tgid
150 nodeval, exists := tgidMap[val.Tgid]
151 if exists {
152 // 直接记录
153 nodeval.Threads = append(nodeval.Threads, val)
154 nodeval.FindPid[val.Pid] = len(nodeval.Threads) - 1
155 } else {
156 node := tgidNode{
157 Tgid: val.Tgid,
158 FindPid: make(map[int]int),
159 Threads: make([]Process, 0),
160 ChildTgid: make([]int, 0),
161 }
162 node.Threads = append(node.Threads, val)
163 node.FindPid[val.Pid] = 0
164 tgidMap[val.Tgid] = &node
165 }
166 }
167 return tgidMap, starTgid, rootfsPids
168}
169
170func buildTree(tgidMap map[int]*tgidNode, starTgid int) {
171 // 从tgid==starTgid开始,构建树
172 helloTree = make(map[int]*tgidNode) // 在树上的tgid节点,tgid --> *tgidNode
173 var q Queue // 记录每一个整理好的结构体,bfs
174 visited := make(map[int]bool) // 哪些tgid已经访问过
175
176 tmp, exists := tgidMap[starTgid]
177 if !exists {
178 return
179 }
180
181 // helloTree负责在遍历到该节点时记录
182 // 队列仅负责搞明白哪些节点在树上
183 // 因而所有添加子代tgid的行为只针对helloTree
184 // q不添加,直接把新的tgid对应的tgidNode入队就是了
185 q.Enqueue(tmp)
186 visited[starTgid] = true
187 for !q.IsEmpty() {
188 tmp, ok := q.Dequeue()
189 if !ok {
190 continue
191 }
192 node := tmp.(*tgidNode) // 队列里的一个节点,这里必须重新申请node
193 helloTree[node.Tgid] = node
194 for i := 0; i < len(node.Threads); i++ {
195 for j := 0; j < len(node.Threads[i].Children); j++ {
196 tgid := findTgid[node.Threads[i].Children[j]]
197 _, exists := visited[tgid]
198 if !exists {
199 // 子代里有没见过的tgid
200 tgidNode, exists := tgidMap[tgid]
201 if !exists {
202 continue
203 }
204 helloTree[node.Tgid].ChildTgid = append(helloTree[node.Tgid].ChildTgid, tgid)
205 q.Enqueue(tgidNode)
206 visited[tgid] = true
207 }
208 }
209 }
210 }
211}
212
213func optimazePid(starTgid int, rootfsPids []int) {
214 getDockerRootFs := make(map[string]string) // dockerId --> rootfs
215 // 首先处理一下记录有pivot_root信息的进程,防止pivot先于fork
216 for _, rootfsPid := range rootfsPids {
217 rootfsTgid := findTgid[rootfsPid]
218 i := helloTree[rootfsTgid].FindPid[rootfsPid]
219 rootfsProcess := &(helloTree[rootfsTgid].Threads[i])
220 if rootfsProcess.RootFS == "cwd" {
221 rootfsProcess.RootFS = rootfsProcess.Cwd
222 }
223 getDockerRootFs[rootfsProcess.DockerId] = rootfsProcess.RootFS
224 }
225
226 count = 0
227 for _, val := range helloTree {
228 // 处理一下pid结束时间,顺便找找爹
229 // 结束时间是因为很多线程结束时间没获取到,默认按照进程退出时间处理
230 // Ppid是因为进程产生之初收到的信息写的爹一定是亲爹
231 // 但是产生线程时候该进程很可能已作为孤儿被收养,导致线程里关于爹的记录是继父
232 for i := 0; i < len(val.Threads); i++ {
233 if i != 0 {
234 if val.Threads[i].Tgid < val.Threads[0].Tgid {
235 val.Threads[i].ParentTgid = val.Threads[0].ParentTgid
236 val.Threads[i].Ppid = val.Threads[0].Ppid
237 }
238 if val.Threads[i].ExitTimestamp.IsZero() {
239 val.Threads[i].ExitCode = val.Threads[0].ExitCode
240 val.Threads[i].ExitTimestamp = val.Threads[0].ExitTimestamp
241 val.Threads[i].ExitSignal = val.Threads[0].ExitSignal
242 }
243 }
244
245 dockerId := val.Threads[i].DockerId
246 if dockerId != "" {
247 rootfs, exists := getDockerRootFs[dockerId]
248 if !exists {
249 fmt.Fprintf(os.Stderr, "Err: the docker rootfs of pid %d is not known!\n", val.Threads[i].Pid)
250 continue
251 }
252 val.Threads[i].RootFS = rootfs
253 }
254 }
255
256 count++
257 }
258}
259
260// 绘制进程树
261func drawTree(treeFile *os.File, pidFile *os.File, node *tgidNode, prefix string, isLast bool) {
262 if node == nil {
263 return
264 }
265
266 fmt.Fprintf(treeFile, "%s", prefix)
267 if isLast {
268 fmt.Fprintf(treeFile, "└── ")
269 prefix += " "
270 } else {
271 fmt.Fprintf(treeFile, "├── ")
272 prefix += "│ "
273 }
274 // 将当前进程的参数整理为一行命令
275 argv := ""
276 for i, arg := range node.Threads[0].Args {
277 if i == 0 {
278 argv = arg
279 } else {
280 argv += " " + arg
281 }
282 }
283 fmt.Fprintf(treeFile, "%d: %s\n", node.Tgid, argv)
284
285 // 当前节点信息以json格式写入pidFile
286 jsonData, err := json.MarshalIndent(node, "", " ")
287 if err != nil {
288 fmt.Fprintf(os.Stderr, "Err: %v\n", err)
289 return
290 }
291 pidFile.Write(jsonData)
292 pidFile.WriteString("\n\n")
293
294 // 递归打印子节点
295 for i, childTgid := range node.ChildTgid {
296 childNode, exists := helloTree[childTgid]
297 if exists {
298 drawTree(treeFile, pidFile, childNode, prefix, i == len(node.ChildTgid)-1)
299 }
300 }
301}
diff --git a/listener/basefunc.go b/listener/basefunc.go
index 2f39507..dcaf68a 100644
--- a/listener/basefunc.go
+++ b/listener/basefunc.go
@@ -4,46 +4,52 @@ import (
4 "bufio" 4 "bufio"
5 "fmt" 5 "fmt"
6 "os" 6 "os"
7 "os/exec"
8 "path/filepath" 7 "path/filepath"
8 "regexp"
9 "strconv" 9 "strconv"
10 "strings" 10 "strings"
11 "time" 11 "time"
12) 12)
13 13
14func figureOutSyscalls() error { 14func figureOutSyscalls() error {
15 cmd := exec.Command("ausyscall", "--dump") 15 var targetFile string
16 stdout, err := cmd.StdoutPipe() 16 err := filepath.Walk("/usr/include", func(path string, info os.FileInfo, err error) error {
17 if err != nil {
18 return err
19 }
20 if strings.HasSuffix(path, "asm/unistd_64.h") {
21 targetFile = path
22 return filepath.SkipDir // 找到后提前退出遍历
23 }
24 return nil
25 })
17 if err != nil { 26 if err != nil {
18 return err 27 return err
19 } 28 }
20 29
21 if err := cmd.Start(); err != nil { 30 // 如果没有找到目标文件
31 if targetFile == "" {
32 return fmt.Errorf("file asm/unistd_64.h not found in /usr/include")
33 }
34
35 NRRegex := regexp.MustCompile(`#define __NR_(.*?) (\d+)$`)
36 file, err := os.Open("/usr/include/asm/unistd_64.h")
37 if err != nil {
22 return err 38 return err
23 } 39 }
40 defer file.Close()
24 41
25 scanner := bufio.NewScanner(stdout) 42 scanner := bufio.NewScanner(file)
26 for i := 0; scanner.Scan(); i++ { 43 for scanner.Scan() {
27 if i == 0 {
28 continue
29 }
30 line := scanner.Text() 44 line := scanner.Text()
31 parts := strings.Split(line, "\t") 45 if NRRegex.MatchString(line) {
32 if len(parts) != 2 { 46 match := NRRegex.FindStringSubmatch(line)
33 return fmt.Errorf("invalid ausyscall format") 47 num, err := strconv.Atoi(match[2])
48 if err != nil {
49 return err
50 }
51 syscallTable[num] = match[1]
34 } 52 }
35 num, err := strconv.Atoi(parts[0])
36 if err != nil {
37 return err
38 }
39 syscallTable[num] = parts[1]
40 }
41
42 if err := scanner.Err(); err != nil {
43 return err
44 }
45 if err := cmd.Wait(); err != nil {
46 return err
47 } 53 }
48 return nil 54 return nil
49} 55}
diff --git a/listener/godo.go b/listener/godo.go
index 0e1dc73..4f09b67 100644
--- a/listener/godo.go
+++ b/listener/godo.go
@@ -108,11 +108,11 @@ func coroutine(client *libaudit.AuditClient) error {
108 wg.Add(1) 108 wg.Add(1)
109 go deal() 109 go deal()
110 wg.Add(1) 110 wg.Add(1)
111 go procWatch()
112 wg.Add(1)
113 go receive(client) 111 go receive(client)
114 wg.Add(1) 112 wg.Add(1)
115 go orgnaze() 113 go orgnaze()
114 wg.Add(1)
115 go procWatch()
116 116
117 wg.Wait() 117 wg.Wait()
118 time.Sleep(2 * time.Second) 118 time.Sleep(2 * time.Second)
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2025-01-06 02:13:08 +0800