From 0deb0b10c28f72f08c330f183ef64d90405b1358 Mon Sep 17 00:00:00 2001
From: We-unite <3205135446@qq.com>
Date: Mon, 29 Jul 2024 14:25:06 +0800
Subject: Add write

---
 src/organize.go | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'src/organize.go')

diff --git a/src/organize.go b/src/organize.go
index 1b064c1..f5c9992 100644
--- a/src/organize.go
+++ b/src/organize.go
@@ -160,6 +160,20 @@ func syscallRaw(rawEvent libaudit.RawAuditMessage) {
 			syscallParam: a,
 			pathName:     "",
 		})
+	case "write":
+		eventTable.Store(eventId, &Event{
+			tag:          FILEWRITE,
+			timestamp:    event.timestamp,
+			syscall:      event.syscall,
+			exit_code:    uint64(exit),
+			ppid:         event.ppid,
+			pid:          event.pid,
+			argc:         0,
+			argv:         make([]string, 0),
+			cwd:          "",
+			syscallParam: a,
+			// pathName:     "",
+		})
 	case "close":
 		// 文件关闭
 		eventTable.Store(eventId, &Event{
-- 
cgit v1.2.3-70-g09d2