1 files changed, 44 insertions, 29 deletions
diff --git a/filter/global.go b/filter/global.go
index bade895..7ba3fc1 100644
--- a/filter/global.go
+++ b/filter/global.go
@@ -1,39 +1,40 @@
 package main
 import (
+        "encoding/json"
        "fmt"
        "time"
 )
 type Exec struct {
-        Timestamp time.Time `bson:"timestamp"`
+        Timestamp time.Time `bson:"timestamp" json:"timestamp"`
-        ExecArgs  []string  `bson:"execArgs"`
+        ExecArgs  []string  `bson:"execArgs" json:"execArgs"`
 }
 type Process struct {
-        Star           bool      `bson:"star"`
+        Star           bool      `bson:"star" json:"star"`
-        StartTimestamp time.Time `bson:"start_timestamp"`
+        StartTimestamp time.Time `bson:"start_timestamp" json:"start_timestamp"`
-        Ppid           int       `bson:"ppid"`
+        Ppid           int       `bson:"ppid" json:"ppid"`
-        ParentTgid     int       `bson:"parentTgid"`
+        ParentTgid     int       `bson:"parentTgid" json:"parentTgid"`
-        Pid            int       `bson:"pid"`
+        Pid            int       `bson:"pid" json:"pid"`
-        Tgid           int       `bson:"tgid"`
+        Tgid           int       `bson:"tgid" json:"tgid"`
-        Args           []string  `bson:"args"`
+        Args           []string  `bson:"args" json:"args"`
-        Comm           string    `bson:"comm"`
+        Comm           string    `bson:"comm" json:"comm"`
-        RootFS         string    `bson:"rootfs"`
+        RootFS         string    `bson:"rootfs" json:"rootfs"`
-        Cwd            string    `bson:"cwd"`
+        Cwd            string    `bson:"cwd" json:"cwd"`
-        Children       []int     `bson:"children"`
+        Children       []int     `bson:"children" json:"children"`
-        DockerId       string    `bson:"docker_id"`
+        DockerId       string    `bson:"docker_id" json:"docker_id"`
-        Execve         []Exec    `bson:"execve"`
+        Execve         []Exec    `bson:"execve" json:"execve"`
-        ExitCode       int       `bson:"exit_code"`
+        ExitCode       int       `bson:"exit_code" json:"exit_code"`
-        ExitSignal     int       `bson:"exit_signal"`
+        ExitSignal     int       `bson:"exit_signal" json:"exit_signal"`
-        ExitTimestamp  time.Time `bson:"exit_timestamp"`
+        ExitTimestamp  time.Time `bson:"exit_timestamp" json:"exit_timestamp"`
 }
 type tgidNode struct {
-        Tgid      int         `bson:"tgid"`
+        Tgid      int         `bson:"tgid" json:"tgid"`
-        FindPid   map[int]int `bson:"findPid"`
+        FindPid   map[int]int `bson:"findPid" json:"findPid"`
-        Threads   []Process   `bson:"threads"`
+        Threads   []Process   `bson:"threads" json:"threads"`
-        ChildTgid []int       `bson:"child_tgid"`
+        ChildTgid []int       `bson:"child_tgid" json:"child_tgid"`
 }
 func (p Process) String() string {
@@ -80,13 +81,27 @@ func (node tgidNode) String() string {
 }
 type File struct {
-        OpenTimestamp  time.Time   `bson:"timestamp"`
+        OpenTimestamp  time.Time   `bson:"timestamp" json:"timestamp"`
-        FileName       string      `bson:"fileName"`
+        FileName       string      `bson:"fileName" json:"fileName"`
-        Pid            int         `bson:"pid"`
+        Pid            int         `bson:"pid" json:"pid"`
-        Fd             int         `bson:"fd"`
+        Fd             int         `bson:"fd" json:"fd"`
-        Flags          [4]uint64   `bson:"flags"`
+        Flags          [4]uint64   `bson:"flags" json:"flags"`
-        Written        []time.Time `bson:"written"`
+        Written        []time.Time `bson:"written" json:"written"`
-        CloseTimestamp time.Time   `bson:"close_timestamp"`
+        CloseTimestamp time.Time   `bson:"close_timestamp" json:"close_timestamp"`
+}
+func (f File) MarshalJSON() ([]byte, error) {
+        type Alias File // 使用别名避免递归调用
+        return json.Marshal(&struct {
+                Alias
+                Flags0 string `json:"FileNamePointer"`
+                Flags1 string `json:"FileFlags"`
+        }{
+                Alias:  Alias(f),
+                Flags0: fmt.Sprintf("%#012x", f.Flags[0]), // flags[0] 转换为小写16进制
+                Flags1: parseFlags(f.Flags[1]),            // flags[1] 解析为字符串
+        })
 }
 // Queue 定义一个队列结构体

diff --git a/filter/global.go b/filter/global.go index bade895..7ba3fc1 100644 --- a/filter/global.go +++ b/filter/global.go
@@ -1,39 +1,40 @@
1	package main	1	package main
2		2
3	import (	3	import (
		4	"encoding/json"
4	"fmt"	5	"fmt"
5	"time"	6	"time"
6	)	7	)
7		8
8	type Exec struct {	9	type Exec struct {
9	Timestamp time.Time `bson:"timestamp"`	10	Timestamp time.Time `bson:"timestamp" json:"timestamp"`
10	ExecArgs []string `bson:"execArgs"`	11	ExecArgs []string `bson:"execArgs" json:"execArgs"`
11	}	12	}
12		13
13	type Process struct {	14	type Process struct {
14	Star bool `bson:"star"`	15	Star bool `bson:"star" json:"star"`
15	StartTimestamp time.Time `bson:"start_timestamp"`	16	StartTimestamp time.Time `bson:"start_timestamp" json:"start_timestamp"`
16	Ppid int `bson:"ppid"`	17	Ppid int `bson:"ppid" json:"ppid"`
17	ParentTgid int `bson:"parentTgid"`	18	ParentTgid int `bson:"parentTgid" json:"parentTgid"`
18	Pid int `bson:"pid"`	19	Pid int `bson:"pid" json:"pid"`
19	Tgid int `bson:"tgid"`	20	Tgid int `bson:"tgid" json:"tgid"`
20	Args []string `bson:"args"`	21	Args []string `bson:"args" json:"args"`
21	Comm string `bson:"comm"`	22	Comm string `bson:"comm" json:"comm"`
22	RootFS string `bson:"rootfs"`	23	RootFS string `bson:"rootfs" json:"rootfs"`
23	Cwd string `bson:"cwd"`	24	Cwd string `bson:"cwd" json:"cwd"`
24	Children []int `bson:"children"`	25	Children []int `bson:"children" json:"children"`
25	DockerId string `bson:"docker_id"`	26	DockerId string `bson:"docker_id" json:"docker_id"`
26	Execve []Exec `bson:"execve"`	27	Execve []Exec `bson:"execve" json:"execve"`
27	ExitCode int `bson:"exit_code"`	28	ExitCode int `bson:"exit_code" json:"exit_code"`
28	ExitSignal int `bson:"exit_signal"`	29	ExitSignal int `bson:"exit_signal" json:"exit_signal"`
29	ExitTimestamp time.Time `bson:"exit_timestamp"`	30	ExitTimestamp time.Time `bson:"exit_timestamp" json:"exit_timestamp"`
30	}	31	}
31		32
32	type tgidNode struct {	33	type tgidNode struct {
33	Tgid int `bson:"tgid"`	34	Tgid int `bson:"tgid" json:"tgid"`
34	FindPid map[int]int `bson:"findPid"`	35	FindPid map[int]int `bson:"findPid" json:"findPid"`
35	Threads []Process `bson:"threads"`	36	Threads []Process `bson:"threads" json:"threads"`
36	ChildTgid []int `bson:"child_tgid"`	37	ChildTgid []int `bson:"child_tgid" json:"child_tgid"`
37	}	38	}
38		39
39	func (p Process) String() string {	40	func (p Process) String() string {
@@ -80,13 +81,27 @@ func (node tgidNode) String() string {
80	}	81	}
81		82
82	type File struct {	83	type File struct {
83	OpenTimestamp time.Time `bson:"timestamp"`	84	OpenTimestamp time.Time `bson:"timestamp" json:"timestamp"`
84	FileName string `bson:"fileName"`	85	FileName string `bson:"fileName" json:"fileName"`
85	Pid int `bson:"pid"`	86	Pid int `bson:"pid" json:"pid"`
86	Fd int `bson:"fd"`	87	Fd int `bson:"fd" json:"fd"`
87	Flags [4]uint64 `bson:"flags"`	88	Flags [4]uint64 `bson:"flags" json:"flags"`
88	Written []time.Time `bson:"written"`	89	Written []time.Time `bson:"written" json:"written"`
89	CloseTimestamp time.Time `bson:"close_timestamp"`	90	CloseTimestamp time.Time `bson:"close_timestamp" json:"close_timestamp"`
		91	}
		92
		93	func (f File) MarshalJSON() ([]byte, error) {
		94	type Alias File // 使用别名避免递归调用
		95
		96	return json.Marshal(&struct {
		97	Alias
		98	Flags0 string `json:"FileNamePointer"`
		99	Flags1 string `json:"FileFlags"`
		100	}{
		101	Alias: Alias(f),
		102	Flags0: fmt.Sprintf("%#012x", f.Flags[0]), // flags[0] 转换为小写16进制
		103	Flags1: parseFlags(f.Flags[1]), // flags[1] 解析为字符串
		104	})
90	}	105	}
91		106
92	// Queue 定义一个队列结构体	107	// Queue 定义一个队列结构体