package main import ( "sync" "time" ) type eventType int const ( NEWPID eventType = iota PIDEXIT EXECVE FILEOPEN FILECLOSE FILEWRITE TYPENUM ) func (et eventType) String() string { names := []string{"NEWPID", "PIDEXIT", "EXECVE", "FILEOPEN", "FILECLOSE", "FILEWRITE", "TYPENUM"} if et < NEWPID || et > TYPENUM { return "Unknown" } return names[et] } type Event struct { tag eventType timestamp time.Time pid, tgid int ppid, parentTgid int syscall int syscallParam [4]uint64 pathName string argc int argv []string cwd string exit_code uint64 exit_signal int } var wg sync.WaitGroup // 掌管协程 var rawChan chan interface{} // 从接收到整理的管道 var cookedChan chan Event // 整理好的信息的管道 var syscallTable [500]string //记录一下系统调用 var containerdPid int