aboutsummaryrefslogtreecommitdiffstats
path: root/listener
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--listener/deal.go16
-rw-r--r--listener/global.go2
-rw-r--r--listener/godo.go21
3 files changed, 32 insertions, 7 deletions
diff --git a/listener/deal.go b/listener/deal.go
index 8225224..70c2827 100644
--- a/listener/deal.go
+++ b/listener/deal.go
@@ -79,19 +79,19 @@ func deal() {
79 79
80 switch cooked.tag { 80 switch cooked.tag {
81 case NEWPID: 81 case NEWPID:
82 go dealNewPid(cooked) 82 dealNewPid(cooked)
83 case EXECVE: 83 case EXECVE:
84 go dealExecve(cooked) 84 dealExecve(cooked)
85 case PIDEXIT: 85 case PIDEXIT:
86 go deletePid(cooked) 86 deletePid(cooked)
87 case FILEOPEN: 87 case FILEOPEN:
88 go fileOpen(cooked) 88 fileOpen(cooked)
89 case FILEWRITE: 89 case FILEWRITE:
90 go fileWrite(cooked) 90 fileWrite(cooked)
91 case FILECLOSE: 91 case FILECLOSE:
92 go fileClose(cooked) 92 fileClose(cooked)
93 case PIVOTROOT: 93 case PIVOTROOT:
94 go pivotRoot(cooked) 94 pivotRoot(cooked)
95 } 95 }
96 } 96 }
97} 97}
@@ -131,6 +131,7 @@ func dealNewPid(cooked Event) {
131 docRes[0].Cwd = cooked.cwd 131 docRes[0].Cwd = cooked.cwd
132 docRes[0].Comm = cooked.comm 132 docRes[0].Comm = cooked.comm
133 docRes[0].Args = cooked.argv 133 docRes[0].Args = cooked.argv
134 docRes[0].DockerId = cooked.cgroup
134 135
135 err := pidCol.ReplaceOne(bson.M{"pid": cooked.pid}, docRes[0]) 136 err := pidCol.ReplaceOne(bson.M{"pid": cooked.pid}, docRes[0])
136 if err != nil { 137 if err != nil {
@@ -149,6 +150,7 @@ func dealNewPid(cooked Event) {
149 Cwd: cooked.cwd, 150 Cwd: cooked.cwd,
150 Execve: make([]Exec, 0), 151 Execve: make([]Exec, 0),
151 Children: make([]int, 0), 152 Children: make([]int, 0),
153 DockerId: cooked.cgroup,
152 }) 154 })
153 if err != nil { 155 if err != nil {
154 fmt.Fprintf(os.Stderr, "Err inserting: %v\n", err) 156 fmt.Fprintf(os.Stderr, "Err inserting: %v\n", err)
diff --git a/listener/global.go b/listener/global.go
index 11b18bf..b782284 100644
--- a/listener/global.go
+++ b/listener/global.go
@@ -37,6 +37,7 @@ type Event struct {
37 argv []string 37 argv []string
38 comm string 38 comm string
39 cwd string 39 cwd string
40 cgroup string
40 exit_code int 41 exit_code int
41 exit_signal int 42 exit_signal int
42 srcPath string 43 srcPath string
@@ -67,6 +68,7 @@ type Process struct {
67 RootFS string `bson:"rootfs"` 68 RootFS string `bson:"rootfs"`
68 Cwd string `bson:"cwd"` 69 Cwd string `bson:"cwd"`
69 Children []int `bson:"children"` 70 Children []int `bson:"children"`
71 DockerId string `bson:"docker_id"`
70 Execve []Exec `bson:"execve"` 72 Execve []Exec `bson:"execve"`
71 ExitCode int `bson:"exit_code"` 73 ExitCode int `bson:"exit_code"`
72 ExitSignal int `bson:"exit_signal"` 74 ExitSignal int `bson:"exit_signal"`
diff --git a/listener/godo.go b/listener/godo.go
index 87e9446..8d82231 100644
--- a/listener/godo.go
+++ b/listener/godo.go
@@ -8,6 +8,7 @@ import (
8 "netlink" 8 "netlink"
9 "os" 9 "os"
10 "os/exec" 10 "os/exec"
11 "regexp"
11 "strings" 12 "strings"
12 "syscall" 13 "syscall"
13 "time" 14 "time"
@@ -176,4 +177,24 @@ func checkProc(pCooked *Event) {
176 fmt.Fprintf(os.Stderr, "Err: %v\n", err) 177 fmt.Fprintf(os.Stderr, "Err: %v\n", err)
177 pCooked.cwd = "" 178 pCooked.cwd = ""
178 } 179 }
180
181 fd, err = os.Open(fileName + "cgroup")
182 if err != nil {
183 fmt.Fprintf(os.Stderr, "Err: %v\n", err)
184 // cgroup记空,即没赶上
185 return
186 }
187 scanner = bufio.NewScanner(fd)
188 cgroupRegex := regexp.MustCompile(`/docker/([0-9a-f]+)$`)
189 scanner.Split(bufio.ScanLines)
190 for scanner.Scan() {
191 line := scanner.Text()
192 if cgroupRegex.MatchString(line) {
193 match := cgroupRegex.FindStringSubmatch(line)
194 pCooked.cgroup = match[1]
195 return
196 }
197 }
198 fd.Close()
199 pCooked.cgroup = ""
179} 200}
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2025-01-10 10:08:15 +0800