checks

package
v0.0.0-...-3b2649b Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 18, 2024 License: Apache-2.0 Imports: 60 Imported by: 1

Documentation

Index

Constants

View Source
const (
	ProcessCheckName       = "process"
	RTProcessCheckName     = "rtprocess"
	ContainerCheckName     = "container"
	RTContainerCheckName   = "rtcontainer"
	ConnectionsCheckName   = "connections"
	DiscoveryCheckName     = "process_discovery"
	ProcessEventsCheckName = "process_events"
)

Name for check performed by process-agent or system-probe

View Source
const (
	//nolint:revive // TODO(PROC) Fix revive linter
	ProcessCheckDefaultInterval = 10 * time.Second
	//nolint:revive // TODO(PROC) Fix revive linter
	RTProcessCheckDefaultInterval = 2 * time.Second
	//nolint:revive // TODO(PROC) Fix revive linter
	ContainerCheckDefaultInterval = 10 * time.Second
	//nolint:revive // TODO(PROC) Fix revive linter
	RTContainerCheckDefaultInterval = 2 * time.Second
	//nolint:revive // TODO(PROC) Fix revive linter
	ConnectionsCheckDefaultInterval = 30 * time.Second
	//nolint:revive // TODO(PROC) Fix revive linter
	ProcessDiscoveryCheckDefaultInterval = 4 * time.Hour
)
View Source
const (
	//nolint:revive // TODO(PROC) Fix revive linter
	ProcessDiscoveryHint int32 = 1 << iota // 1
)

Variables

View Source
var (
	// ErrNoHumanFormat is thrown when a check without human-readable support is passed to the HumanFormat method
	ErrNoHumanFormat = errors.New("no implementation of human-readable output for this check")

	// ErrUnexpectedMessageType is thrown when message type is incompatible with check
	ErrUnexpectedMessageType = errors.New("unexpected message type")
)
View Source
var (
	// ProcessAgentClientID process-agent unique ID
	ProcessAgentClientID = "process-agent-unique-id"
)

Functions

func CollectSystemInfo

func CollectSystemInfo() (*model.SystemInfo, error)

CollectSystemInfo collects a set of system-level information that will not change until a restart. This bit of information should be passed along with the process messages.

func FmtProcessEvents

func FmtProcessEvents(events []*model.ProcessEvent) []*payload.ProcessEvent

FmtProcessEvents formats process lifecyle events to be sent in an agent payload

func GetCheckOutput

func GetCheckOutput(checkName string) (value []procmodel.MessageBody, ok bool)

GetCheckOutput retrieves the last output of a check. We use helpers instead of checkOutput directly to preserve type safety.

func GetDefaultInterval

func GetDefaultInterval(checkName string) time.Duration

GetDefaultInterval returns the default check interval value

func GetInterval

func GetInterval(cfg pkgconfigmodel.Reader, checkName string) time.Duration

GetInterval returns the configured check interval value

func HumanFormat

func HumanFormat(check string, msgs []model.MessageBody, w io.Writer) error

HumanFormat takes the messages produced by a check run and outputs them in a human-readable format

func HumanFormatProcessEvents

func HumanFormatProcessEvents(msgs []model.MessageBody, w io.Writer, checkOutput bool) error

HumanFormatProcessEvents takes the messages produced by a process_events run and outputs them in a human-readable format

func NewRunnerWithRealTime added in v0.9.0

func NewRunnerWithRealTime(config RunnerConfig) (func(), error)

NewRunnerWithRealTime creates a runner func for CheckWithRealTime

func RTName

func RTName(checkName string) string

RTName returns the name of the corresponding realtime check

func StoreCheckOutput

func StoreCheckOutput(checkName string, message []procmodel.MessageBody)

StoreCheckOutput stores the output of a check. We use helpers instead of checkOutputs directly to preserve type safety.

Types

type Check

type Check interface {
	// Name returns the name of the check
	Name() string
	// IsEnabled returns true if the check is enabled by configuration
	IsEnabled() bool
	// Realtime indicates if this check only runs in real-time mode
	Realtime() bool
	// Init initializes the check
	Init(syscfg *SysProbeConfig, info *HostInfo, oneShot bool) error
	// SupportsRunOptions returns true if the check supports RunOptions
	SupportsRunOptions() bool
	// Run runs the check
	Run(nextGroupID func() int32, options *RunOptions) (RunResult, error)
	// Cleanup performs resource cleanup after check is no longer running
	Cleanup()
	// ShouldSaveLastRun saves results of the last run
	ShouldSaveLastRun() bool
}

Check is an interface for Agent checks that collect data. Each check returns a specific MessageBody type that will be published to the intake endpoint or processed in another way (e.g. printed for debugging). Before checks are used you must called Init.

func All

func All(config, sysprobeYamlCfg pkgconfigmodel.ReaderWriter, syscfg *sysconfigtypes.Config, wmeta workloadmeta.Component, npCollector npcollector.Component) []Check

All is a list of all runnable checks. Putting a check in here does not guarantee it will be run, it just guarantees that the collector will be able to find the check. If you want to add a check you MUST register it here.

type CombinedRunResult

type CombinedRunResult struct {
	Standard []model.MessageBody
	Realtime []model.MessageBody
}

CombinedRunResult is a run result containing payloads for standard and realtime runs

func (CombinedRunResult) Payloads

func (p CombinedRunResult) Payloads() []model.MessageBody

func (CombinedRunResult) RealtimePayloads

func (p CombinedRunResult) RealtimePayloads() []model.MessageBody

type ConnectionsCheck

type ConnectionsCheck struct {
	// contains filtered or unexported fields
}

ConnectionsCheck collects statistics about live TCP and UDP connections.

func NewConnectionsCheck

func NewConnectionsCheck(config, sysprobeYamlConfig pkgconfigmodel.Reader, syscfg *sysconfigtypes.Config, wmeta workloadmeta.Component, npCollector npcollector.Component) *ConnectionsCheck

NewConnectionsCheck returns an instance of the ConnectionsCheck.

func (*ConnectionsCheck) Cleanup

func (c *ConnectionsCheck) Cleanup()

Cleanup frees any resource held by the ConnectionsCheck before the agent exits

func (*ConnectionsCheck) Init

func (c *ConnectionsCheck) Init(syscfg *SysProbeConfig, hostInfo *HostInfo, _ bool) error

Init initializes a ConnectionsCheck instance.

func (*ConnectionsCheck) IsEnabled

func (c *ConnectionsCheck) IsEnabled() bool

IsEnabled returns true if the check is enabled by configuration

func (*ConnectionsCheck) Name

func (c *ConnectionsCheck) Name() string

Name returns the name of the ConnectionsCheck.

func (*ConnectionsCheck) Realtime

func (c *ConnectionsCheck) Realtime() bool

Realtime indicates if this check only runs in real-time mode.

func (*ConnectionsCheck) Run

func (c *ConnectionsCheck) Run(nextGroupID func() int32, _ *RunOptions) (RunResult, error)

Run runs the ConnectionsCheck to collect the active network connections and any closed network connections since the last Run. For each connection we'll return a `model.Connection` that will be bundled up into a `CollectorConnections`. See agent.proto for the schema of the message and models.

func (*ConnectionsCheck) ShouldSaveLastRun

func (c *ConnectionsCheck) ShouldSaveLastRun() bool

ShouldSaveLastRun indicates if the output from the last run should be saved for use in flares

func (*ConnectionsCheck) SupportsRunOptions

func (c *ConnectionsCheck) SupportsRunOptions() bool

SupportsRunOptions returns true if the check supports RunOptions

type ContainerCheck

type ContainerCheck struct {
	sync.Mutex
	// contains filtered or unexported fields
}

ContainerCheck is a check that returns container metadata and stats.

func NewContainerCheck

func NewContainerCheck(config pkgconfigmodel.Reader, wmeta workloadmeta.Component) *ContainerCheck

NewContainerCheck returns an instance of the ContainerCheck.

func (*ContainerCheck) Cleanup

func (c *ContainerCheck) Cleanup()

Cleanup frees any resource held by the ContainerCheck before the agent exits

func (*ContainerCheck) Init

func (c *ContainerCheck) Init(syscfg *SysProbeConfig, info *HostInfo, _ bool) error

Init initializes a ContainerCheck instance.

func (*ContainerCheck) IsEnabled

func (c *ContainerCheck) IsEnabled() bool

IsEnabled returns true if the check is enabled by configuration Keep in mind that ContainerRTCheck.IsEnabled should only be enabled if the `ContainerCheck` is enabled

func (*ContainerCheck) Name

func (c *ContainerCheck) Name() string

Name returns the name of the ProcessCheck.

func (*ContainerCheck) Realtime

func (c *ContainerCheck) Realtime() bool

Realtime indicates if this check only runs in real-time mode.

func (*ContainerCheck) Run

func (c *ContainerCheck) Run(nextGroupID func() int32, options *RunOptions) (RunResult, error)

Run runs the ContainerCheck to collect a list of running ctrList and the stats for each container.

func (*ContainerCheck) ShouldSaveLastRun

func (c *ContainerCheck) ShouldSaveLastRun() bool

ShouldSaveLastRun indicates if the output from the last run should be saved for use in flares

func (*ContainerCheck) SupportsRunOptions

func (c *ContainerCheck) SupportsRunOptions() bool

SupportsRunOptions returns true if the check supports RunOptions

type HostInfo

type HostInfo struct {
	SystemInfo *model.SystemInfo
	HostName   string
	// host type of the agent, used to populate container payload with additional host information
	ContainerHostType model.ContainerHostType
}

HostInfo describes details of host information shared between various checks

func CollectHostInfo

func CollectHostInfo(config pkgconfigmodel.Reader) (*HostInfo, error)

CollectHostInfo collects host information

type LookupIdProbe

type LookupIdProbe struct {
	// contains filtered or unexported fields
}

func NewLookupIDProbe

func NewLookupIDProbe(coreConfig pkgconfigmodel.Reader) *LookupIdProbe

NewLookupIDProbe returns a new LookupIdProbe from the config

func (*LookupIdProbe) LookupId

func (p *LookupIdProbe) LookupId(uid string) (*user.User, error)

type ProcessCheck

type ProcessCheck struct {
	// contains filtered or unexported fields
}

ProcessCheck collects full state, including cmdline args and related metadata, for live and running processes. The instance will store some state between checks that will be used for rates, cpu calculations, etc.

func NewProcessCheck

func NewProcessCheck(config pkgconfigmodel.Reader, sysprobeYamlConfig pkgconfigmodel.Reader, wmeta workloadmetacomp.Component) *ProcessCheck

NewProcessCheck returns an instance of the ProcessCheck.

func (*ProcessCheck) Cleanup

func (p *ProcessCheck) Cleanup()

Cleanup frees any resource held by the ProcessCheck before the agent exits

func (*ProcessCheck) Init

func (p *ProcessCheck) Init(syscfg *SysProbeConfig, info *HostInfo, oneShot bool) error

Init initializes the singleton ProcessCheck.

func (*ProcessCheck) IsEnabled

func (p *ProcessCheck) IsEnabled() bool

IsEnabled returns true if the check is enabled by configuration

func (*ProcessCheck) Name

func (p *ProcessCheck) Name() string

Name returns the name of the ProcessCheck.

func (*ProcessCheck) Realtime

func (p *ProcessCheck) Realtime() bool

Realtime indicates if this check only runs in real-time mode.

func (*ProcessCheck) Run

func (p *ProcessCheck) Run(nextGroupID func() int32, options *RunOptions) (RunResult, error)

Run collects process data (regular metadata + stats) and/or realtime process data (stats only)

func (*ProcessCheck) ShouldSaveLastRun

func (p *ProcessCheck) ShouldSaveLastRun() bool

ShouldSaveLastRun indicates if the output from the last run should be saved for use in flares

func (*ProcessCheck) SupportsRunOptions

func (p *ProcessCheck) SupportsRunOptions() bool

SupportsRunOptions returns true if the check supports RunOptions

type ProcessConnRates

type ProcessConnRates map[int32]*model.ProcessNetworks

ProcessConnRates describes connection rates for processes

type ProcessData

type ProcessData struct {
	// contains filtered or unexported fields
}

ProcessData collects a basic state of process data such as cmdline args. This is currently used for metadata extraction from processes. This is a starting point for providing process data across all checks as part of the migration to components.

func NewProcessData

func NewProcessData(cfg pkgconfigmodel.Reader) *ProcessData

NewProcessData returns a new ProcessData from the given config

func (*ProcessData) Fetch

func (p *ProcessData) Fetch() error

Fetch retrieves process data from the system and notifies registered extractors

func (*ProcessData) Register

func (p *ProcessData) Register(e metadata.Extractor)

Register adds an Extractor which will be notified for metadata extraction

type ProcessDiscoveryCheck added in v0.9.0

type ProcessDiscoveryCheck struct {
	// contains filtered or unexported fields
}

ProcessDiscoveryCheck is a check that gathers basic process metadata. It uses its own ProcessDiscovery payload. The goal of this check is to collect information about possible integrations that may be enabled by the end user.

func NewProcessDiscoveryCheck

func NewProcessDiscoveryCheck(config pkgconfigmodel.Reader) *ProcessDiscoveryCheck

NewProcessDiscoveryCheck returns an instance of the ProcessDiscoveryCheck.

func (*ProcessDiscoveryCheck) Cleanup

func (d *ProcessDiscoveryCheck) Cleanup()

Cleanup frees any resource held by the ProcessDiscoveryCheck before the agent exits

func (*ProcessDiscoveryCheck) Init added in v0.9.0

func (d *ProcessDiscoveryCheck) Init(syscfg *SysProbeConfig, info *HostInfo, _ bool) error

Init initializes the ProcessDiscoveryCheck. It is a runtime error to call Run without first having called Init.

func (*ProcessDiscoveryCheck) IsEnabled

func (d *ProcessDiscoveryCheck) IsEnabled() bool

IsEnabled returns true if the check is enabled by configuration

func (*ProcessDiscoveryCheck) Name added in v0.9.0

func (d *ProcessDiscoveryCheck) Name() string

Name returns the name of the ProcessDiscoveryCheck.

func (*ProcessDiscoveryCheck) Realtime

func (d *ProcessDiscoveryCheck) Realtime() bool

Realtime returns a value that says whether this check should be run in real time.

func (*ProcessDiscoveryCheck) Run added in v0.9.0

func (d *ProcessDiscoveryCheck) Run(nextGroupID func() int32, options *RunOptions) (RunResult, error)

Run collects process metadata, and packages it into a CollectorProcessDiscovery payload to be sent. It is a runtime error to call Run without first having called Init.

func (*ProcessDiscoveryCheck) ShouldSaveLastRun

func (d *ProcessDiscoveryCheck) ShouldSaveLastRun() bool

ShouldSaveLastRun indicates if the output from the last run should be saved for use in flares

func (*ProcessDiscoveryCheck) SupportsRunOptions

func (d *ProcessDiscoveryCheck) SupportsRunOptions() bool

SupportsRunOptions returns true if the check supports RunOptions

type ProcessEventsCheck

type ProcessEventsCheck struct {
	// contains filtered or unexported fields
}

ProcessEventsCheck collects process lifecycle events such as exec and exit signals

func NewProcessEventsCheck

func NewProcessEventsCheck(config pkgconfigmodel.Reader) *ProcessEventsCheck

NewProcessEventsCheck returns an instance of the ProcessEventsCheck.

func (*ProcessEventsCheck) Cleanup

func (e *ProcessEventsCheck) Cleanup()

Cleanup frees any resource held by the ProcessEventsCheck before the agent exits

func (*ProcessEventsCheck) Init

func (e *ProcessEventsCheck) Init(_ *SysProbeConfig, info *HostInfo, _ bool) error

Init initializes the ProcessEventsCheck.

func (*ProcessEventsCheck) IsEnabled

func (e *ProcessEventsCheck) IsEnabled() bool

IsEnabled returns true if the check is enabled by configuration

func (*ProcessEventsCheck) Name

func (e *ProcessEventsCheck) Name() string

Name returns the name of the ProcessEventsCheck.

func (*ProcessEventsCheck) Realtime

func (e *ProcessEventsCheck) Realtime() bool

Realtime returns a value that says whether this check should be run in real time.

func (*ProcessEventsCheck) Run

func (e *ProcessEventsCheck) Run(nextGroupID func() int32, _ *RunOptions) (RunResult, error)

Run fetches process lifecycle events that have been stored in-memory since the last check run

func (*ProcessEventsCheck) ShouldSaveLastRun

func (e *ProcessEventsCheck) ShouldSaveLastRun() bool

ShouldSaveLastRun indicates if the output from the last run should be saved for use in flares

func (*ProcessEventsCheck) SupportsRunOptions

func (e *ProcessEventsCheck) SupportsRunOptions() bool

SupportsRunOptions returns true if the check supports RunOptions

type RTContainerCheck

type RTContainerCheck struct {
	// contains filtered or unexported fields
}

RTContainerCheck collects numeric statistics about live ctrList.

func NewRTContainerCheck

func NewRTContainerCheck(config pkgconfigmodel.Reader, wmeta workloadmeta.Component) *RTContainerCheck

NewRTContainerCheck returns an instance of the RTContainerCheck.

func (*RTContainerCheck) Cleanup

func (r *RTContainerCheck) Cleanup()

Cleanup frees any resource held by the RTContainerCheck before the agent exits

func (*RTContainerCheck) Init

func (r *RTContainerCheck) Init(_ *SysProbeConfig, hostInfo *HostInfo, _ bool) error

Init initializes a RTContainerCheck instance.

func (*RTContainerCheck) IsEnabled

func (r *RTContainerCheck) IsEnabled() bool

IsEnabled returns true if the check is enabled by configuration

func (*RTContainerCheck) Name

func (r *RTContainerCheck) Name() string

Name returns the name of the RTContainerCheck.

func (*RTContainerCheck) Realtime

func (r *RTContainerCheck) Realtime() bool

Realtime indicates if this check only runs in real-time mode.

func (*RTContainerCheck) Run

func (r *RTContainerCheck) Run(nextGroupID func() int32, _ *RunOptions) (RunResult, error)

Run runs the real-time container check getting container-level stats from the Cgroups and Docker APIs.

func (*RTContainerCheck) ShouldSaveLastRun

func (r *RTContainerCheck) ShouldSaveLastRun() bool

ShouldSaveLastRun indicates if the output from the last run should be saved for use in flares

func (*RTContainerCheck) SupportsRunOptions

func (r *RTContainerCheck) SupportsRunOptions() bool

SupportsRunOptions returns true if the check supports RunOptions

type RunOptions added in v0.9.0

type RunOptions struct {
	RunStandard bool
	RunRealtime bool
	NoChunking  bool
}

RunOptions provides run options for checks

type RunResult added in v0.9.0

type RunResult interface {
	Payloads() []model.MessageBody
	RealtimePayloads() []model.MessageBody
}

RunResult is a result for a check run

type RunnerConfig added in v0.9.0

type RunnerConfig struct {
	CheckInterval time.Duration
	RtInterval    time.Duration

	ExitChan       chan struct{}
	RtIntervalChan chan time.Duration
	RtEnabled      func() bool
	RunCheck       func(options RunOptions)
}

RunnerConfig implements config for runners that work with CheckWithRealTime

type StandardRunResult

type StandardRunResult []model.MessageBody

StandardRunResult is a run result containing payloads for standard run

func (StandardRunResult) Payloads

func (p StandardRunResult) Payloads() []model.MessageBody

func (StandardRunResult) RealtimePayloads

func (p StandardRunResult) RealtimePayloads() []model.MessageBody

type SysProbeConfig

type SysProbeConfig struct {
	MaxConnsPerMessage int
	// System probe collection configuration
	SystemProbeAddress string
	// System probe process module on/off configuration
	ProcessModuleEnabled bool
	// System probe network_tracer module on/off configuration
	NetworkTracerModuleEnabled bool
}

SysProbeConfig provides access to system probe configuration

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL