model

package
v0.0.0-...-065eb90 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 27, 2024 License: Apache-2.0 Imports: 2 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type EventType

type EventType int32

EventType represents the type of the process lifecycle event

const (
	// Fork represents a process fork event
	Fork EventType = iota
	// Exec represents a process exec event
	Exec
	// Exit represents a process exit event
	Exit
)

func NewEventType

func NewEventType(eventType string) EventType

NewEventType returns the EventType associated with a string

func (*EventType) DecodeMsg

func (z *EventType) DecodeMsg(dc *msgp.Reader) (err error)

DecodeMsg implements msgp.Decodable

func (EventType) EncodeMsg

func (z EventType) EncodeMsg(en *msgp.Writer) (err error)

EncodeMsg implements msgp.Encodable

func (EventType) MarshalMsg

func (z EventType) MarshalMsg(b []byte) (o []byte, err error)

MarshalMsg implements msgp.Marshaler

func (EventType) Msgsize

func (z EventType) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (EventType) String

func (e EventType) String() string

String returns the string representation of an EventType

func (*EventType) UnmarshalMsg

func (z *EventType) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

type ProcessEvent

type ProcessEvent struct {
	EventType      EventType `json:"event_type" msg:"event_type"`
	EMEventType    uint32    `json:"-" msg:"-" copy:"GetEventType;event:*;cast:uint32"`
	CollectionTime time.Time `json:"collection_time" msg:"collection_time" copy:"GetTimestamp;event:*"`
	Pid            uint32    `json:"pid" msg:"pid"`
	ContainerID    string    `json:"container_id" msg:"container_id" copy:"GetContainerId;event:*"`
	Ppid           uint32    `json:"ppid" msg:"ppid" copy:"GetProcessPpid;event:*"`
	UID            uint32    `json:"uid" msg:"uid" copy_linux:"GetProcessUid;event:*"`
	GID            uint32    `json:"gid" msg:"gid" copy_linux:"GetProcessUid;event:*"`
	Username       string    `json:"username" msg:"username" copy_linux:"GetProcessUser;event:*"`
	Group          string    `json:"group" msg:"group" copy_linux:"GetProcessGroup;event:*"`
	Exe            string    `json:"exe" msg:"exe" copy_linux:"GetExecFilePath;event:*"`
	Cmdline        []string  `json:"cmdline" msg:"cmdline" copy_linux:"GetExecCmdargv;event:ExecEventType"`
	ForkTime       time.Time `json:"fork_time,omitempty" msg:"fork_time,omitempty" copy_linux:"GetProcessExecTime;event:ForkEventType"`
	ExecTime       time.Time `json:"exec_time,omitempty" msg:"exec_time,omitempty" copy:"GetProcessExecTime;event:ExecEventType"`
	ExitTime       time.Time `json:"exit_time,omitempty" msg:"exit_time,omitempty" copy:"GetProcessExitTime;event:ExitEventType"`
	ExitCode       uint32    `json:"exit_code,omitempty" msg:"exit_code,omitempty" copy:"GetExitCode;event:ExitEventType"`
}

ProcessEvent is a common interface for collected process events shared across multiple event listener implementations

func NewMockedExecEvent

func NewMockedExecEvent(ts time.Time, pid uint32, exe string, args []string) *ProcessEvent

NewMockedExecEvent creates a mocked Exec event for tests

func NewMockedExitEvent

func NewMockedExitEvent(ts time.Time, pid uint32, exe string, args []string, code uint32) *ProcessEvent

NewMockedExitEvent creates a mocked Exit event for tests

func NewMockedForkEvent

func NewMockedForkEvent(ts time.Time, pid uint32, exe string, args []string) *ProcessEvent

NewMockedForkEvent creates a mocked Fork event for tests

func (*ProcessEvent) DecodeMsg

func (z *ProcessEvent) DecodeMsg(dc *msgp.Reader) (err error)

DecodeMsg implements msgp.Decodable

func (*ProcessEvent) EncodeMsg

func (z *ProcessEvent) EncodeMsg(en *msgp.Writer) (err error)

EncodeMsg implements msgp.Encodable

func (*ProcessEvent) MarshalMsg

func (z *ProcessEvent) MarshalMsg(b []byte) (o []byte, err error)

MarshalMsg implements msgp.Marshaler

func (*ProcessEvent) Msgsize

func (z *ProcessEvent) Msgsize() (s int)

Msgsize returns an upper bound estimate of the number of bytes occupied by the serialized message

func (*ProcessEvent) UnmarshalMsg

func (z *ProcessEvent) UnmarshalMsg(bts []byte) (o []byte, err error)

UnmarshalMsg implements msgp.Unmarshaler

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL