summaryrefslogtreecommitdiffstats
path: root/src/deal.go
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/deal.go30
1 files changed, 17 insertions, 13 deletions
diff --git a/src/deal.go b/src/deal.go
index 717344c..3119fff 100644
--- a/src/deal.go
+++ b/src/deal.go
@@ -98,12 +98,15 @@ func deletePid(cooked Event) {
98 "$set": bson.M{ 98 "$set": bson.M{
99 "exit_timestamp": cooked.timestamp, 99 "exit_timestamp": cooked.timestamp,
100 "exit_code": cooked.exit_code, 100 "exit_code": cooked.exit_code,
101 "exit_signal": cooked.exit_signal,
101 }, 102 },
102 }) 103 })
103 mongoMutex.Unlock() 104 mongoMutex.Unlock()
105 fmt.Printf("Exit: %v\t%6d\t%6d\n", cooked.timestamp, cooked.pid, cooked.exit_code)
104} 106}
105 107
106func dealNewPid(cooked Event) { 108func dealNewPid(cooked Event) {
109 fmt.Printf("Fork: %v\t%6d\t%6d\n", cooked.timestamp, cooked.ppid, cooked.pid)
107 // 有无父进程在观察中 110 // 有无父进程在观察中
108 docRes, err = pidCol.Finddoc(bson.M{"pid": cooked.ppid}) 111 docRes, err = pidCol.Finddoc(bson.M{"pid": cooked.ppid})
109 if err != nil || len(docRes) != 1 { 112 if err != nil || len(docRes) != 1 {
@@ -153,6 +156,7 @@ func dealNewPid(cooked Event) {
153} 156}
154 157
155func dealExecve(cooked Event) { 158func dealExecve(cooked Event) {
159 fmt.Printf("EXEC: %6d\t%6d\n", cooked.ppid, cooked.pid)
156 // 父进程在不在?不在扔 160 // 父进程在不在?不在扔
157 docRes, err = pidCol.Finddoc(bson.M{"pid": cooked.ppid}) 161 docRes, err = pidCol.Finddoc(bson.M{"pid": cooked.ppid})
158 if err != nil || len(docRes) != 1 { 162 if err != nil || len(docRes) != 1 {
@@ -175,19 +179,19 @@ func dealExecve(cooked Event) {
175 }, 179 },
176 }, 180 },
177 }) 181 })
178 // } else { 182 } else {
179 // // 先fork抵达,插入 183 // 先fork抵达,插入
180 // pidCol.InsertOne(bson.M{ 184 pidCol.InsertOne(bson.M{
181 // "ppid": cooked.ppid, 185 "ppid": cooked.ppid,
182 // "pid": cooked.pid, 186 "pid": cooked.pid,
183 // "children": []bson.M{}, 187 "children": []bson.M{},
184 // "execve": []bson.M{ 188 "execve": []bson.M{
185 // { 189 {
186 // "timestamp": cooked.timestamp, 190 "timestamp": cooked.timestamp,
187 // "execArgs": cooked.argv, 191 "execArgs": cooked.argv,
188 // }, 192 },
189 // }, 193 },
190 // }) 194 })
191 } 195 }
192 mongoMutex.Unlock() 196 mongoMutex.Unlock()
193} 197}