From f9f8f35ccd8b505a827d40f95c52ed039512b79d Mon Sep 17 00:00:00 2001
From: We-unite <3205135446@qq.com>
Date: Mon, 19 Aug 2024 19:41:01 +0800
Subject: Write documents of the program.

Add README.md on the design of the whole program, and how its every
part(listener, filter) works, finally how to compile and use them.

Besides, notes.md records the things and technology learned in this
program, such as how to read kernel src, how the pthread_create/fork/
clone syscall works on processes and threads, the techs used to make
docker container works well, and books to be read. Good good study,
day day up.
---
 listener/organize.go | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

(limited to 'listener/organize.go')

diff --git a/listener/organize.go b/listener/organize.go
index 0c05eb4..cf6dad3 100644
--- a/listener/organize.go
+++ b/listener/organize.go
@@ -2,6 +2,7 @@ package main
 
 import (
 	"fmt"
+	"io"
 	"os"
 	"regexp"
 	"strconv"
@@ -41,13 +42,30 @@ func orgnaze() {
 	var raw interface{}
 	var rawEvent libaudit.RawAuditMessage
 
+	var diagWriter io.Writer
+	var f *os.File
+	var err error
+	var fileName string
+	if *diag != "" {
+		fileName = *diag
+	} else {
+		fileName = "godo.log"
+	}
+
+	f, err = os.OpenFile(fileName, os.O_CREATE|os.O_RDWR|os.O_TRUNC, 0o664)
+	if err != nil {
+		f = nil
+	}
+	defer f.Close()
+	diagWriter = f
+
 	for {
 		raw, ok = <-rawChan
 		if !ok {
 			break
 		}
 		rawEvent = raw.(libaudit.RawAuditMessage)
-		// fmt.Printf("type=%v msg=%s\n", rawEvent.Type, rawEvent.Data)
+		fmt.Fprintf(diagWriter, "type=%v msg=%s\n", rawEvent.Type, rawEvent.Data)
 
 		switch rawEvent.Type {
 		case auparse.AUDIT_SYSCALL:
-- 
cgit v1.2.3-70-g09d2