1 files changed, 42 insertions, 6 deletions
diff --git a/src/global.go b/src/global.go
index d1c5c0f..f0f909c 100644
--- a/src/global.go
+++ b/src/global.go
@@ -1,8 +1,11 @@
 package main
 import (
+        "fmt"
        "sync"
        "time"
+        "go.mongodb.org/mongo-driver/bson/primitive"
 )
 type eventType int
@@ -12,11 +15,19 @@ const (
        PIDEXIT
        EXECVE
        FILEOPEN
-        FILEWRITE
        FILECLOSE
+        FILEWRITE
        TYPENUM
 )
+func (et eventType) String() string {
+        names := []string{"NEWPID", "PIDEXIT", "EXECVE", "FILEOPEN", "FILECLOSE", "FILEWRITE", "TYPENUM"}
+        if et < NEWPID || et > TYPENUM {
+                return "Unknown"
+        }
+        return names[et]
+}
 type Event struct {
        tag          eventType
        timestamp    time.Time
@@ -30,12 +41,37 @@ type Event struct {
        pathName     string
 }
-func (et eventType) String() string {
+func (event Event) String() string {
-        names := []string{"NEWPID", "PIDEXIT", "EXECVE", "FILEOPEN", "FILEWRITE", "TYPENUM"}
+        var res string
-        if et < NEWPID || et > TYPENUM {
+        res = fmt.Sprintf("tag: %v\ntimestamp: %v\nppid: %d\npid: %d\n", event.tag, event.timestamp.Local(), event.ppid, event.pid)
-                return "Unknown"
+        res += fmt.Sprintf("syscall: %s\nexit_code: %d\nargs: \n", syscallTable[event.syscall], event.exit_code)
+        for i := 0; i < len(event.argv); i++ {
+                res += fmt.Sprintf("\t\"%s\"\n", event.argv[i])
        }
-        return names[et]
+        res += "syscallParam: "
+        for i := 0; i < len(event.syscallParam); i++ {
+                res += fmt.Sprintf("\t\"%d\"\n", event.syscallParam[i])
+        }
+        res += "pathName: \"" + event.pathName + "\"\n------\n"
+        return res
+}
+type pidExec struct {
+        timestamp time.Time `bson:"timestamp"`
+        execArgs  []string  `bson:"execArgs"`
+}
+type pid struct {
+        ID              primitive.ObjectID `bson:"_id,ometempty"`
+        start_timestamp time.Time          `bson:"start_timestamp"`
+        ppid            int                `bson:"ppid"`
+        pid             int                `bson:"pid"`
+        cwd             string             `bson:"cwd"`
+        args            []string           `bson:"args"`
+        execve          []pidExec          `bson:"execve"`
+        children        []int              `bson:"children"`
+        exit_timestamp  time.Time          `bson:"exit_timestamp"`
+        exit_code       uint64             `bson:"exit_code"`
 }
 var wg sync.WaitGroup        // 掌管协程

diff --git a/src/global.go b/src/global.go index d1c5c0f..f0f909c 100644 --- a/src/global.go +++ b/src/global.go
@@ -1,8 +1,11 @@
1	package main	1	package main
2		2
3	import (	3	import (
		4	"fmt"
4	"sync"	5	"sync"
5	"time"	6	"time"
		7
		8	"go.mongodb.org/mongo-driver/bson/primitive"
6	)	9	)
7		10
8	type eventType int	11	type eventType int
@@ -12,11 +15,19 @@ const (
12	PIDEXIT	15	PIDEXIT
13	EXECVE	16	EXECVE
14	FILEOPEN	17	FILEOPEN
15	FILEWRITE
16	FILECLOSE	18	FILECLOSE
		19	FILEWRITE
17	TYPENUM	20	TYPENUM
18	)	21	)
19		22
		23	func (et eventType) String() string {
		24	names := []string{"NEWPID", "PIDEXIT", "EXECVE", "FILEOPEN", "FILECLOSE", "FILEWRITE", "TYPENUM"}
		25	if et < NEWPID \|\| et > TYPENUM {
		26	return "Unknown"
		27	}
		28	return names[et]
		29	}
		30
20	type Event struct {	31	type Event struct {
21	tag eventType	32	tag eventType
22	timestamp time.Time	33	timestamp time.Time
@@ -30,12 +41,37 @@ type Event struct {
30	pathName string	41	pathName string
31	}	42	}
32		43
33	func (et eventType) String() string {	44	func (event Event) String() string {
34	names := []string{"NEWPID", "PIDEXIT", "EXECVE", "FILEOPEN", "FILEWRITE", "TYPENUM"}	45	var res string
35	if et < NEWPID \|\| et > TYPENUM {	46	res = fmt.Sprintf("tag: %v\ntimestamp: %v\nppid: %d\npid: %d\n", event.tag, event.timestamp.Local(), event.ppid, event.pid)
36	return "Unknown"	47	res += fmt.Sprintf("syscall: %s\nexit_code: %d\nargs: \n", syscallTable[event.syscall], event.exit_code)
		48	for i := 0; i < len(event.argv); i++ {
		49	res += fmt.Sprintf("\t\"%s\"\n", event.argv[i])
37	}	50	}
38	return names[et]	51	res += "syscallParam: "
		52	for i := 0; i < len(event.syscallParam); i++ {
		53	res += fmt.Sprintf("\t\"%d\"\n", event.syscallParam[i])
		54	}
		55	res += "pathName: \"" + event.pathName + "\"\n------\n"
		56	return res
		57	}
		58
		59	type pidExec struct {
		60	timestamp time.Time `bson:"timestamp"`
		61	execArgs []string `bson:"execArgs"`
		62	}
		63
		64	type pid struct {
		65	ID primitive.ObjectID `bson:"_id,ometempty"`
		66	start_timestamp time.Time `bson:"start_timestamp"`
		67	ppid int `bson:"ppid"`
		68	pid int `bson:"pid"`
		69	cwd string `bson:"cwd"`
		70	args []string `bson:"args"`
		71	execve []pidExec `bson:"execve"`
		72	children []int `bson:"children"`
		73	exit_timestamp time.Time `bson:"exit_timestamp"`
		74	exit_code uint64 `bson:"exit_code"`
39	}	75	}
40		76
41	var wg sync.WaitGroup // 掌管协程	77	var wg sync.WaitGroup // 掌管协程