diff options
Diffstat (limited to '')
-rw-r--r-- | src/deal.go | 30 |
1 files changed, 17 insertions, 13 deletions
diff --git a/src/deal.go b/src/deal.go index 717344c..3119fff 100644 --- a/src/deal.go +++ b/src/deal.go | |||
@@ -98,12 +98,15 @@ func deletePid(cooked Event) { | |||
98 | "$set": bson.M{ | 98 | "$set": bson.M{ |
99 | "exit_timestamp": cooked.timestamp, | 99 | "exit_timestamp": cooked.timestamp, |
100 | "exit_code": cooked.exit_code, | 100 | "exit_code": cooked.exit_code, |
101 | "exit_signal": cooked.exit_signal, | ||
101 | }, | 102 | }, |
102 | }) | 103 | }) |
103 | mongoMutex.Unlock() | 104 | mongoMutex.Unlock() |
105 | fmt.Printf("Exit: %v\t%6d\t%6d\n", cooked.timestamp, cooked.pid, cooked.exit_code) | ||
104 | } | 106 | } |
105 | 107 | ||
106 | func dealNewPid(cooked Event) { | 108 | func dealNewPid(cooked Event) { |
109 | fmt.Printf("Fork: %v\t%6d\t%6d\n", cooked.timestamp, cooked.ppid, cooked.pid) | ||
107 | // 有无父进程在观察中 | 110 | // 有无父进程在观察中 |
108 | docRes, err = pidCol.Finddoc(bson.M{"pid": cooked.ppid}) | 111 | docRes, err = pidCol.Finddoc(bson.M{"pid": cooked.ppid}) |
109 | if err != nil || len(docRes) != 1 { | 112 | if err != nil || len(docRes) != 1 { |
@@ -153,6 +156,7 @@ func dealNewPid(cooked Event) { | |||
153 | } | 156 | } |
154 | 157 | ||
155 | func dealExecve(cooked Event) { | 158 | func dealExecve(cooked Event) { |
159 | fmt.Printf("EXEC: %6d\t%6d\n", cooked.ppid, cooked.pid) | ||
156 | // 父进程在不在?不在扔 | 160 | // 父进程在不在?不在扔 |
157 | docRes, err = pidCol.Finddoc(bson.M{"pid": cooked.ppid}) | 161 | docRes, err = pidCol.Finddoc(bson.M{"pid": cooked.ppid}) |
158 | if err != nil || len(docRes) != 1 { | 162 | if err != nil || len(docRes) != 1 { |
@@ -175,19 +179,19 @@ func dealExecve(cooked Event) { | |||
175 | }, | 179 | }, |
176 | }, | 180 | }, |
177 | }) | 181 | }) |
178 | // } else { | 182 | } else { |
179 | // // 先fork抵达,插入 | 183 | // 先fork抵达,插入 |
180 | // pidCol.InsertOne(bson.M{ | 184 | pidCol.InsertOne(bson.M{ |
181 | // "ppid": cooked.ppid, | 185 | "ppid": cooked.ppid, |
182 | // "pid": cooked.pid, | 186 | "pid": cooked.pid, |
183 | // "children": []bson.M{}, | 187 | "children": []bson.M{}, |
184 | // "execve": []bson.M{ | 188 | "execve": []bson.M{ |
185 | // { | 189 | { |
186 | // "timestamp": cooked.timestamp, | 190 | "timestamp": cooked.timestamp, |
187 | // "execArgs": cooked.argv, | 191 | "execArgs": cooked.argv, |
188 | // }, | 192 | }, |
189 | // }, | 193 | }, |
190 | // }) | 194 | }) |
191 | } | 195 | } |
192 | mongoMutex.Unlock() | 196 | mongoMutex.Unlock() |
193 | } | 197 | } |