1 files changed, 118 insertions, 0 deletions
diff --git a/filter/filter.go b/filter/filter.go
new file mode 100644
index 0000000..c83fb13
--- /dev/null
+++ b/filter/filter.go
@@ -0,0 +1,118 @@
+package main
+import (
+        "context"
+        "fmt"
+        "log"
+        "os"
+        "time"
+        "go.mongodb.org/mongo-driver/bson"
+        "go.mongodb.org/mongo-driver/mongo"
+        "go.mongodb.org/mongo-driver/mongo/options"
+        "go.mongodb.org/mongo-driver/mongo/readpref"
+)
+type Exec struct {
+        timestamp time.Time `bson:"timestamp"`
+        execArgs  []string  `bson:"execArgs"`
+}
+type Process struct {
+        timestamp      time.Time `bson:"start_timestamp"`
+        ppid           int       `bson:"ppid"`
+        parentTgid     int       `bson:"parentTgid"`
+        pid            int       `bson:"pid"`
+        tgid           int       `bson:"tgid"`
+        args           []string  `bson:"args"`
+        comm           string    `bson:"comm"`
+        cwd            string    `bson:"cwd"`
+        execve         []Exec    `bson:"execve"`
+        exit_code      int       `bson:"exit_code"`
+        exit_signal    int       `bson:"exit_signal"`
+        exit_timestamp time.Time `bson:"exit_timestamp"`
+}
+func (p Process) String() string {
+        var res string
+        res = ""
+        res += fmt.Sprintf("timestamp\t%v\n", p.timestamp)
+        res += fmt.Sprintf("ppid\t%d\nparentTgid\t%d\n", p.ppid, p.parentTgid)
+        res += fmt.Sprintf("pid\t%d\ntgid\t%d\nargs: ", p.pid, p.tgid)
+        for i := 0; i < len(p.args); i++ {
+                res += fmt.Sprintf("%s ", p.args[i])
+        }
+        res += fmt.Sprintf("\ncomm\t%s\ncwd\t%s\n", p.comm, p.cwd)
+        return res
+}
+// type Process struct {
+//      StartTimestamp time.Time  `bson:"start_timestamp"`
+//      Ppid           *int       `bson:"ppid"`
+//      ParentTgid     *int       `bson:"parentTgid"`
+//      Pid            int        `bson:"pid"`
+//      Tgid           int        `bson:"tgid"`
+//      Args           []string   `bson:"args"`
+//      Comm           *string    `bson:"comm"`
+//      Cwd            *string    `bson:"cwd"`
+//      Execve         []Exec     `bson:"execve"`
+//      ExitCode       *int       `bson:"exit_code"`
+//      ExitSignal     *int       `bson:"exit_signal"`
+//      ExitTimestamp  *time.Time `bson:"exit_timestamp"`
+// }
+// func (p Process) String() string {
+//      var res string
+//      res = ""
+//      res += fmt.Sprintf("timestamp\t%v\n", p.StartTimestamp)
+//      if p.Ppid != nil && p.ParentTgid != nil {
+//              res += fmt.Sprintf("ppid\t%d\nparentTgid\t%d\n", *(p.Ppid), *(p.ParentTgid))
+//      }
+//      res += fmt.Sprintf("pid\t%d\ntgid\t%d\nargs: ", p.Pid, p.Tgid)
+//      for i := 0; i < len(p.Args); i++ {
+//              res += fmt.Sprintf("%s ", p.Args[i])
+//      }
+//      if p.Comm != nil && p.Cwd != nil {
+//              res += fmt.Sprintf("\ncomm\t%s\ncwd\t%s\n", *(p.Comm), *(p.Cwd))
+//      }
+//      return res
+// }
+func main() {
+        client, err := mongo.Connect(context.TODO(), options.Client().ApplyURI("mongodb://localhost:27017"))
+        if err != nil {
+                fmt.Fprintf(os.Stderr, "Err connecting mongodb: %v\n", err)
+        }
+        defer client.Disconnect(context.TODO())
+        // 检查连接
+        err = client.Ping(context.TODO(), readpref.Primary())
+        if err != nil {
+                log.Fatal(err)
+        }
+        pidCol := client.Database("test").Collection("pids")
+        cur, err := pidCol.Find(context.TODO(), bson.M{}) // 查询所有文档
+        if err != nil {
+                log.Fatal(err)
+        }
+        defer cur.Close(context.TODO()) // 确保游标被关闭
+        var res []Process
+        for cur.Next(context.TODO()) {
+                var tmp Process
+                // 解码到Process结构体
+                if err := cur.Decode(&tmp); err != nil {
+                        log.Fatal(err)
+                }
+                res = append(res, tmp)
+        }
+        if err := cur.Err(); err != nil {
+                log.Fatal(err)
+        }
+        for i := 0; i < len(res); i++ {
+                fmt.Printf("------\n%v\n", res[i])
+        }
+}

diff --git a/filter/filter.go b/filter/filter.go new file mode 100644 index 0000000..c83fb13 --- /dev/null +++ b/filter/filter.go
@@ -0,0 +1,118 @@
	1	package main
	2
	3	import (
	4	"context"
	5	"fmt"
	6	"log"
	7	"os"
	8	"time"
	9
	10	"go.mongodb.org/mongo-driver/bson"
	11	"go.mongodb.org/mongo-driver/mongo"
	12	"go.mongodb.org/mongo-driver/mongo/options"
	13	"go.mongodb.org/mongo-driver/mongo/readpref"
	14	)
	15
	16	type Exec struct {
	17	timestamp time.Time `bson:"timestamp"`
	18	execArgs []string `bson:"execArgs"`
	19	}
	20
	21	type Process struct {
	22	timestamp time.Time `bson:"start_timestamp"`
	23	ppid int `bson:"ppid"`
	24	parentTgid int `bson:"parentTgid"`
	25	pid int `bson:"pid"`
	26	tgid int `bson:"tgid"`
	27	args []string `bson:"args"`
	28	comm string `bson:"comm"`
	29	cwd string `bson:"cwd"`
	30	execve []Exec `bson:"execve"`
	31	exit_code int `bson:"exit_code"`
	32	exit_signal int `bson:"exit_signal"`
	33	exit_timestamp time.Time `bson:"exit_timestamp"`
	34	}
	35
	36	func (p Process) String() string {
	37	var res string
	38	res = ""
	39	res += fmt.Sprintf("timestamp\t%v\n", p.timestamp)
	40	res += fmt.Sprintf("ppid\t%d\nparentTgid\t%d\n", p.ppid, p.parentTgid)
	41	res += fmt.Sprintf("pid\t%d\ntgid\t%d\nargs: ", p.pid, p.tgid)
	42	for i := 0; i < len(p.args); i++ {
	43	res += fmt.Sprintf("%s ", p.args[i])
	44	}
	45	res += fmt.Sprintf("\ncomm\t%s\ncwd\t%s\n", p.comm, p.cwd)
	46	return res
	47	}
	48
	49	// type Process struct {
	50	// StartTimestamp time.Time `bson:"start_timestamp"`
	51	// Ppid *int `bson:"ppid"`
	52	// ParentTgid *int `bson:"parentTgid"`
	53	// Pid int `bson:"pid"`
	54	// Tgid int `bson:"tgid"`
	55	// Args []string `bson:"args"`
	56	// Comm *string `bson:"comm"`
	57	// Cwd *string `bson:"cwd"`
	58	// Execve []Exec `bson:"execve"`
	59	// ExitCode *int `bson:"exit_code"`
	60	// ExitSignal *int `bson:"exit_signal"`
	61	// ExitTimestamp *time.Time `bson:"exit_timestamp"`
	62	// }
	63
	64	// func (p Process) String() string {
	65	// var res string
	66	// res = ""
	67	// res += fmt.Sprintf("timestamp\t%v\n", p.StartTimestamp)
	68	// if p.Ppid != nil && p.ParentTgid != nil {
	69	// res += fmt.Sprintf("ppid\t%d\nparentTgid\t%d\n", (p.Ppid), (p.ParentTgid))
	70	// }
	71	// res += fmt.Sprintf("pid\t%d\ntgid\t%d\nargs: ", p.Pid, p.Tgid)
	72	// for i := 0; i < len(p.Args); i++ {
	73	// res += fmt.Sprintf("%s ", p.Args[i])
	74	// }
	75	// if p.Comm != nil && p.Cwd != nil {
	76	// res += fmt.Sprintf("\ncomm\t%s\ncwd\t%s\n", (p.Comm), (p.Cwd))
	77	// }
	78	// return res
	79	// }
	80
	81	func main() {
	82	client, err := mongo.Connect(context.TODO(), options.Client().ApplyURI("mongodb://localhost:27017"))
	83	if err != nil {
	84	fmt.Fprintf(os.Stderr, "Err connecting mongodb: %v\n", err)
	85	}
	86	defer client.Disconnect(context.TODO())
	87
	88	// 检查连接
	89	err = client.Ping(context.TODO(), readpref.Primary())
	90	if err != nil {
	91	log.Fatal(err)
	92	}
	93
	94	pidCol := client.Database("test").Collection("pids")
	95	cur, err := pidCol.Find(context.TODO(), bson.M{}) // 查询所有文档
	96	if err != nil {
	97	log.Fatal(err)
	98	}
	99	defer cur.Close(context.TODO()) // 确保游标被关闭
	100
	101	var res []Process
	102	for cur.Next(context.TODO()) {
	103	var tmp Process
	104	// 解码到Process结构体
	105	if err := cur.Decode(&tmp); err != nil {
	106	log.Fatal(err)
	107	}
	108	res = append(res, tmp)
	109	}
	110
	111	if err := cur.Err(); err != nil {
	112	log.Fatal(err)
	113	}
	114
	115	for i := 0; i < len(res); i++ {
	116	fmt.Printf("------\n%v\n", res[i])
	117	}
	118	}