1 files changed, 202 insertions, 0 deletions
diff --git a/filter/logs/files.log b/filter/logs/files.log
new file mode 100644
index 0000000..a1cff08
--- /dev/null
+++ b/filter/logs/files.log
@@ -0,0 +1,202 @@
+{
+    "timestamp": "2024-08-31T08:14:08.325Z",
+    "fileName": "/proc/self/oom_score_adj",
+    "pid": 29662,
+    "fd": 7,
+    "flags": [
+        140727329818688,
+        2,
+        140727329818712,
+        140727329815648
+    ],
+    "written": [
+        "2024-08-31T08:14:08.325Z"
+    ],
+    "close_timestamp": "2024-08-31T08:14:08.325Z",
+    "FileNamePointer": "0x7ffda2810840",
+    "FileFlags": "O_RDONLY | O_RDWR"
+}
+{
+    "timestamp": "2024-08-31T08:14:10.789Z",
+    "fileName": "/proc/self/oom_score_adj",
+    "pid": 29705,
+    "fd": 6,
+    "flags": [
+        140737394046768,
+        2,
+        140737394046792,
+        140737394043680
+    ],
+    "written": [
+        "2024-08-31T08:14:10.789Z"
+    ],
+    "close_timestamp": "2024-08-31T08:14:10.789Z",
+    "FileNamePointer": "0x7ffffa60f730",
+    "FileFlags": "O_RDONLY | O_RDWR"
+}
+{
+    "timestamp": "2024-08-31T08:14:23.917Z",
+    "fileName": "/root/.bash_history",
+    "pid": 29709,
+    "fd": 3,
+    "flags": [
+        10822472,
+        1025,
+        384,
+        8
+    ],
+    "written": [
+        "2024-08-31T08:14:23.917Z"
+    ],
+    "close_timestamp": "2024-08-31T08:14:23.917Z",
+    "FileNamePointer": "0x000000a52348",
+    "FileFlags": "O_APPEND | O_RDONLY | O_WRONLY"
+}
+{
+    "timestamp": "2024-08-31T08:14:15.361Z",
+    "fileName": "/root/.hello.c.swp",
+    "pid": 29723,
+    "fd": 4,
+    "flags": [
+        93986886181648,
+        131266,
+        384,
+        140283278240632
+    ],
+    "written": [
+        "2024-08-31T08:14:15.361Z",
+        "2024-08-31T08:14:17.782Z",
+        "2024-08-31T08:14:21.953Z"
+    ],
+    "close_timestamp": "2024-08-31T08:14:21.953Z",
+    "FileNamePointer": "0x557b06f6e310",
+    "FileFlags": "O_CREAT | O_EXCL | O_NOFOLLOW | O_RDONLY | O_RDWR"
+}
+{
+    "timestamp": "2024-08-31T08:14:15.361Z",
+    "fileName": "/root/.hello.c.swp",
+    "pid": 29723,
+    "fd": 4,
+    "flags": [
+        93986886181648,
+        194,
+        384,
+        17
+    ],
+    "written": [],
+    "close_timestamp": "2024-08-31T08:14:15.361Z",
+    "FileNamePointer": "0x557b06f6e310",
+    "FileFlags": "O_CREAT | O_EXCL | O_RDONLY | O_RDWR"
+}
+{
+    "timestamp": "2024-08-31T08:14:15.361Z",
+    "fileName": "/root/.hello.c.swx",
+    "pid": 29723,
+    "fd": 5,
+    "flags": [
+        93986884210448,
+        194,
+        384,
+        17
+    ],
+    "written": [],
+    "close_timestamp": "2024-08-31T08:14:15.361Z",
+    "FileNamePointer": "0x557b06d8cf10",
+    "FileFlags": "O_CREAT | O_EXCL | O_RDONLY | O_RDWR"
+}
+{
+    "timestamp": "2024-08-31T08:14:21.953Z",
+    "fileName": "/root/.viminfo.tmp",
+    "pid": 29723,
+    "fd": 5,
+    "flags": [
+        93986886181872,
+        131265,
+        384,
+        0
+    ],
+    "written": [
+        "2024-08-31T08:14:21.953Z"
+    ],
+    "close_timestamp": "2024-08-31T08:14:21.953Z",
+    "FileNamePointer": "0x557b06f6e3f0",
+    "FileFlags": "O_CREAT | O_EXCL | O_NOFOLLOW | O_RDONLY | O_WRONLY"
+}
+{
+    "timestamp": "2024-08-31T08:14:21.95Z",
+    "fileName": "/root/4913",
+    "pid": 29723,
+    "fd": 3,
+    "flags": [
+        93986884186640,
+        131265,
+        33188,
+        0
+    ],
+    "written": [],
+    "close_timestamp": "2024-08-31T08:14:21.95Z",
+    "FileNamePointer": "0x557b06d87210",
+    "FileFlags": "O_CREAT | O_EXCL | O_NOFOLLOW | O_RDONLY | O_WRONLY"
+}
+{
+    "timestamp": "2024-08-31T08:14:21.95Z",
+    "fileName": "/root/hello.c",
+    "pid": 29723,
+    "fd": 3,
+    "flags": [
+        93986884214912,
+        577,
+        420,
+        0
+    ],
+    "written": [
+        "2024-08-31T08:14:21.95Z",
+        "2024-08-31T08:14:21.95Z"
+    ],
+    "close_timestamp": "2024-08-31T08:14:21.953Z",
+    "FileNamePointer": "0x557b06d8e080",
+    "FileFlags": "O_CREAT | O_RDONLY | O_TRUNC | O_WRONLY"
+}
+{
+    "timestamp": "2024-08-31T08:14:08.283Z",
+    "fileName": "/var/run/docker/runtime-runc/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/runc.Avdn7E",
+    "pid": 29662,
+    "fd": 7,
+    "flags": [
+        140730884269360,
+        194,
+        384,
+        1725092048
+    ],
+    "written": [],
+    "close_timestamp": "2024-08-31T08:14:08.283Z",
+    "FileNamePointer": "0x7ffe765da530",
+    "FileFlags": "O_CREAT | O_EXCL | O_RDONLY | O_RDWR"
+}
+{
+    "timestamp": "2024-08-31T08:14:10.776Z",
+    "fileName": "/var/run/docker/runtime-runc/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/runc.jV9mvl",
+    "pid": 29705,
+    "fd": 6,
+    "flags": [
+        140727845211728,
+        194,
+        384,
+        1725092050
+    ],
+    "written": [],
+    "close_timestamp": "2024-08-31T08:14:10.776Z",
+    "FileNamePointer": "0x7ffdc1394e50",
+    "FileFlags": "O_CREAT | O_EXCL | O_RDONLY | O_RDWR"
+}

diff --git a/filter/logs/files.log b/filter/logs/files.log new file mode 100644 index 0000000..a1cff08 --- /dev/null +++ b/filter/logs/files.log
@@ -0,0 +1,202 @@
	1	{
	2	"timestamp": "2024-08-31T08:14:08.325Z",
	3	"fileName": "/proc/self/oom_score_adj",
	4	"pid": 29662,
	5	"fd": 7,
	6	"flags": [
	7	140727329818688,
	8	2,
	9	140727329818712,
	10	140727329815648
	11	],
	12	"written": [
	13	"2024-08-31T08:14:08.325Z"
	14	],
	15	"close_timestamp": "2024-08-31T08:14:08.325Z",
	16	"FileNamePointer": "0x7ffda2810840",
	17	"FileFlags": "O_RDONLY \| O_RDWR"
	18	}
	19
	20	{
	21	"timestamp": "2024-08-31T08:14:10.789Z",
	22	"fileName": "/proc/self/oom_score_adj",
	23	"pid": 29705,
	24	"fd": 6,
	25	"flags": [
	26	140737394046768,
	27	2,
	28	140737394046792,
	29	140737394043680
	30	],
	31	"written": [
	32	"2024-08-31T08:14:10.789Z"
	33	],
	34	"close_timestamp": "2024-08-31T08:14:10.789Z",
	35	"FileNamePointer": "0x7ffffa60f730",
	36	"FileFlags": "O_RDONLY \| O_RDWR"
	37	}
	38
	39	{
	40	"timestamp": "2024-08-31T08:14:23.917Z",
	41	"fileName": "/root/.bash_history",
	42	"pid": 29709,
	43	"fd": 3,
	44	"flags": [
	45	10822472,
	46	1025,
	47	384,
	48	8
	49	],
	50	"written": [
	51	"2024-08-31T08:14:23.917Z"
	52	],
	53	"close_timestamp": "2024-08-31T08:14:23.917Z",
	54	"FileNamePointer": "0x000000a52348",
	55	"FileFlags": "O_APPEND \| O_RDONLY \| O_WRONLY"
	56	}
	57
	58	{
	59	"timestamp": "2024-08-31T08:14:15.361Z",
	60	"fileName": "/root/.hello.c.swp",
	61	"pid": 29723,
	62	"fd": 4,
	63	"flags": [
	64	93986886181648,
	65	131266,
	66	384,
	67	140283278240632
	68	],
	69	"written": [
	70	"2024-08-31T08:14:15.361Z",
	71	"2024-08-31T08:14:17.782Z",
	72	"2024-08-31T08:14:21.953Z"
	73	],
	74	"close_timestamp": "2024-08-31T08:14:21.953Z",
	75	"FileNamePointer": "0x557b06f6e310",
	76	"FileFlags": "O_CREAT \| O_EXCL \| O_NOFOLLOW \| O_RDONLY \| O_RDWR"
	77	}
	78
	79	{
	80	"timestamp": "2024-08-31T08:14:15.361Z",
	81	"fileName": "/root/.hello.c.swp",
	82	"pid": 29723,
	83	"fd": 4,
	84	"flags": [
	85	93986886181648,
	86	194,
	87	384,
	88	17
	89	],
	90	"written": [],
	91	"close_timestamp": "2024-08-31T08:14:15.361Z",
	92	"FileNamePointer": "0x557b06f6e310",
	93	"FileFlags": "O_CREAT \| O_EXCL \| O_RDONLY \| O_RDWR"
	94	}
	95
	96	{
	97	"timestamp": "2024-08-31T08:14:15.361Z",
	98	"fileName": "/root/.hello.c.swx",
	99	"pid": 29723,
	100	"fd": 5,
	101	"flags": [
	102	93986884210448,
	103	194,
	104	384,
	105	17
	106	],
	107	"written": [],
	108	"close_timestamp": "2024-08-31T08:14:15.361Z",
	109	"FileNamePointer": "0x557b06d8cf10",
	110	"FileFlags": "O_CREAT \| O_EXCL \| O_RDONLY \| O_RDWR"
	111	}
	112
	113	{
	114	"timestamp": "2024-08-31T08:14:21.953Z",
	115	"fileName": "/root/.viminfo.tmp",
	116	"pid": 29723,
	117	"fd": 5,
	118	"flags": [
	119	93986886181872,
	120	131265,
	121	384,
	122	0
	123	],
	124	"written": [
	125	"2024-08-31T08:14:21.953Z"
	126	],
	127	"close_timestamp": "2024-08-31T08:14:21.953Z",
	128	"FileNamePointer": "0x557b06f6e3f0",
	129	"FileFlags": "O_CREAT \| O_EXCL \| O_NOFOLLOW \| O_RDONLY \| O_WRONLY"
	130	}
	131
	132	{
	133	"timestamp": "2024-08-31T08:14:21.95Z",
	134	"fileName": "/root/4913",
	135	"pid": 29723,
	136	"fd": 3,
	137	"flags": [
	138	93986884186640,
	139	131265,
	140	33188,
	141	0
	142	],
	143	"written": [],
	144	"close_timestamp": "2024-08-31T08:14:21.95Z",
	145	"FileNamePointer": "0x557b06d87210",
	146	"FileFlags": "O_CREAT \| O_EXCL \| O_NOFOLLOW \| O_RDONLY \| O_WRONLY"
	147	}
	148
	149	{
	150	"timestamp": "2024-08-31T08:14:21.95Z",
	151	"fileName": "/root/hello.c",
	152	"pid": 29723,
	153	"fd": 3,
	154	"flags": [
	155	93986884214912,
	156	577,
	157	420,
	158	0
	159	],
	160	"written": [
	161	"2024-08-31T08:14:21.95Z",
	162	"2024-08-31T08:14:21.95Z"
	163	],
	164	"close_timestamp": "2024-08-31T08:14:21.953Z",
	165	"FileNamePointer": "0x557b06d8e080",
	166	"FileFlags": "O_CREAT \| O_RDONLY \| O_TRUNC \| O_WRONLY"
	167	}
	168
	169	{
	170	"timestamp": "2024-08-31T08:14:08.283Z",
	171	"fileName": "/var/run/docker/runtime-runc/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/runc.Avdn7E",
	172	"pid": 29662,
	173	"fd": 7,
	174	"flags": [
	175	140730884269360,
	176	194,
	177	384,
	178	1725092048
	179	],
	180	"written": [],
	181	"close_timestamp": "2024-08-31T08:14:08.283Z",
	182	"FileNamePointer": "0x7ffe765da530",
	183	"FileFlags": "O_CREAT \| O_EXCL \| O_RDONLY \| O_RDWR"
	184	}
	185
	186	{
	187	"timestamp": "2024-08-31T08:14:10.776Z",
	188	"fileName": "/var/run/docker/runtime-runc/moby/15dbc96260a73fe3b7cae2ccefb70f6982f291429a9664fb95f44a6833468f19/runc.jV9mvl",
	189	"pid": 29705,
	190	"fd": 6,
	191	"flags": [
	192	140727845211728,
	193	194,
	194	384,
	195	1725092050
	196	],
	197	"written": [],
	198	"close_timestamp": "2024-08-31T08:14:10.776Z",
	199	"FileNamePointer": "0x7ffdc1394e50",
	200	"FileFlags": "O_CREAT \| O_EXCL \| O_RDONLY \| O_RDWR"
	201	}
	202