1 files changed, 12 insertions, 47 deletions
diff --git a/src/global.go b/src/global.go
index a266b1b..b6635c9 100644
--- a/src/global.go
+++ b/src/global.go
@@ -1,11 +1,8 @@
 package main
 import (
-        "fmt"
        "sync"
        "time"
-        "go.mongodb.org/mongo-driver/bson/primitive"
 )
 type eventType int
@@ -29,50 +26,18 @@ func (et eventType) String() string {
 }
 type Event struct {
-        tag          eventType
+        tag              eventType
-        timestamp    time.Time
+        timestamp        time.Time
-        pid, ppid    int
+        pid, tgid        int
-        syscall      int
+        ppid, parentTgid int
-        syscallParam [4]uint64
+        syscall          int
-        pathName     string
+        syscallParam     [4]uint64
-        argc         int
+        pathName         string
-        argv         []string
+        argc             int
-        cwd          string
+        argv             []string
-        exit_code    uint64
+        cwd              string
-        exit_signal  int
+        exit_code        uint64
-}
+        exit_signal      int
-func (event Event) String() string {
-        var res string
-        res = fmt.Sprintf("tag: %v\ntimestamp: %v\nppid: %d\npid: %d\n", event.tag, event.timestamp.Local(), event.ppid, event.pid)
-        res += fmt.Sprintf("syscall: %s\nexit_code: %d\nargs: \n", syscallTable[event.syscall], event.exit_code)
-        for i := 0; i < len(event.argv); i++ {
-                res += fmt.Sprintf("\t\"%s\"\n", event.argv[i])
-        }
-        res += "syscallParam: "
-        for i := 0; i < len(event.syscallParam); i++ {
-                res += fmt.Sprintf("\t\"%d\"\n", event.syscallParam[i])
-        }
-        res += "pathName: \"" + event.pathName + "\"\n------\n"
-        return res
-}
-type pidExec struct {
-        timestamp time.Time `bson:"timestamp"`
-        execArgs  []string  `bson:"execArgs"`
-}
-type pid struct {
-        ID              primitive.ObjectID `bson:"_id,ometempty"`
-        start_timestamp time.Time          `bson:"start_timestamp"`
-        ppid            int                `bson:"ppid"`
-        pid             int                `bson:"pid"`
-        cwd             string             `bson:"cwd"`
-        args            []string           `bson:"args"`
-        execve          []pidExec          `bson:"execve"`
-        children        []int              `bson:"children"`
-        exit_timestamp  time.Time          `bson:"exit_timestamp"`
-        exit_code       uint64             `bson:"exit_code"`
 }
 var wg sync.WaitGroup        // 掌管协程

diff --git a/src/global.go b/src/global.go index a266b1b..b6635c9 100644 --- a/src/global.go +++ b/src/global.go
@@ -1,11 +1,8 @@
1	package main	1	package main
2		2
3	import (	3	import (
4	"fmt"
5	"sync"	4	"sync"
6	"time"	5	"time"
7
8	"go.mongodb.org/mongo-driver/bson/primitive"
9	)	6	)
10		7
11	type eventType int	8	type eventType int
@@ -29,50 +26,18 @@ func (et eventType) String() string {
29	}	26	}
30		27
31	type Event struct {	28	type Event struct {
32	tag eventType	29	tag eventType
33	timestamp time.Time	30	timestamp time.Time
34	pid, ppid int	31	pid, tgid int
35	syscall int	32	ppid, parentTgid int
36	syscallParam [4]uint64	33	syscall int
37	pathName string	34	syscallParam [4]uint64
38	argc int	35	pathName string
39	argv []string	36	argc int
40	cwd string	37	argv []string
41	exit_code uint64	38	cwd string
42	exit_signal int	39	exit_code uint64
43	}	40	exit_signal int
44
45	func (event Event) String() string {
46	var res string
47	res = fmt.Sprintf("tag: %v\ntimestamp: %v\nppid: %d\npid: %d\n", event.tag, event.timestamp.Local(), event.ppid, event.pid)
48	res += fmt.Sprintf("syscall: %s\nexit_code: %d\nargs: \n", syscallTable[event.syscall], event.exit_code)
49	for i := 0; i < len(event.argv); i++ {
50	res += fmt.Sprintf("\t\"%s\"\n", event.argv[i])
51	}
52	res += "syscallParam: "
53	for i := 0; i < len(event.syscallParam); i++ {
54	res += fmt.Sprintf("\t\"%d\"\n", event.syscallParam[i])
55	}
56	res += "pathName: \"" + event.pathName + "\"\n------\n"
57	return res
58	}
59
60	type pidExec struct {
61	timestamp time.Time `bson:"timestamp"`
62	execArgs []string `bson:"execArgs"`
63	}
64
65	type pid struct {
66	ID primitive.ObjectID `bson:"_id,ometempty"`
67	start_timestamp time.Time `bson:"start_timestamp"`
68	ppid int `bson:"ppid"`
69	pid int `bson:"pid"`
70	cwd string `bson:"cwd"`
71	args []string `bson:"args"`
72	execve []pidExec `bson:"execve"`
73	children []int `bson:"children"`
74	exit_timestamp time.Time `bson:"exit_timestamp"`
75	exit_code uint64 `bson:"exit_code"`
76	}	41	}
77		42
78	var wg sync.WaitGroup // 掌管协程	43	var wg sync.WaitGroup // 掌管协程