Documentation
¶
Index ¶
- Constants
- Variables
- func FetchNumThreads(pid int) (int, error)
- func GetProcMemPercentage(proc ProcState, totalPhyMem uint64) opt.Float
- func PssCaptureSnapshot(processHandle syscall.Handle, captureFlags PSSCaptureFlags, ...) (err error)
- func PssFreeSnapshot(processHandle syscall.Handle, snapshotHandle syscall.Handle) (err error)
- func PssQuerySnapshot(snapshotHandle syscall.Handle, informationClass uint32, ...) (err error)
- type CPUTicks
- type CPUTotal
- type CgroupPctStats
- type IncludeTopConfig
- type MemBytePct
- type Name
- type NonFatalErr
- type PSSCaptureFlags
- type Parent
- type PidState
- type ProcCPUInfo
- type ProcCallback
- type ProcFDInfo
- type ProcLimits
- type ProcMemInfo
- type ProcState
- func FillMetricsRequiringMoreAccess(pid int, state ProcState) (ProcState, error)
- func FillPidMetrics(_ resolve.Resolver, pid int, state ProcState, _ func(string) bool) (ProcState, error)
- func GetInfoForPid(_ resolve.Resolver, pid int) (ProcState, error)
- func GetProcCPUPercentage(s0, s1 ProcState) ProcState
- func ListStates(hostfs resolve.Resolver) ([]ProcState, error)
- type ProcStateRootEvent
- type ProcessRoot
- type ProcsMap
- type ProcsTrack
- type PssThreadInformation
- type RootCPUFields
- type Stats
Constants ¶
const ( PssQueryProcessInformation uint32 = iota PssQueryVaCloneInformation PssQueryAuxiliaryPagesInformation PssQueryVaSpaceInformation PssQueryHandleInformation PssQueryThreadInformation PssQueryHandleTraceInformation PssQueryPerformanceCounters )
The following constants are PssQueryInformationClass as defined on https://learn.microsoft.com/en-us/windows/win32/api/processsnapshot/ne-processsnapshot-pss_query_information_class
Variables ¶
var PidStates = map[byte]PidState{ 'S': Sleeping, 'R': Running, 'D': DiskSleep, 'I': Idle, 'T': Stopped, 'Z': Zombie, 'X': Dead, 'x': Dead, 'K': WakeKill, 'W': Waking, 'P': Parked, }
PidStates is a Map of all pid states, mostly applicable to linux
var ProcNotExist = errors.New("process does not exist")
ProcNotExist indicates that a process was not found.
Functions ¶
func FetchNumThreads ¶ added in v0.7.0
func GetProcMemPercentage ¶
GetProcMemPercentage returns process memory usage as a percent of total memory usage
func PssCaptureSnapshot ¶ added in v0.7.0
func PssFreeSnapshot ¶ added in v0.8.2
func PssQuerySnapshot ¶ added in v0.7.0
Types ¶
type CPUTotal ¶
type CPUTotal struct {
Value opt.Float `struct:"value,omitempty"`
Ticks opt.Uint `struct:"ticks,omitempty"`
Pct opt.Float `struct:"pct,omitempty"`
Norm opt.PctOpt `struct:"norm,omitempty"`
}
CPUTotal is the struct for cpu.total metrics
type CgroupPctStats ¶
type CgroupPctStats struct {
CPUTotalPct float64
CPUTotalPctNorm float64
CPUUserPct float64
CPUUserPctNorm float64
CPUSystemPct float64
CPUSystemPctNorm float64
}
CgroupPctStats stores rendered percent values from cgroup CPU data
type IncludeTopConfig ¶
type IncludeTopConfig struct {
Enabled bool `config:"enabled"`
ByCPU int `config:"by_cpu"`
ByMemory int `config:"by_memory"`
}
IncludeTopConfig is the configuration for the "top N processes filtering" feature
type MemBytePct ¶
type MemBytePct struct {
Bytes opt.Uint `struct:"bytes,omitempty"`
Pct opt.Float `struct:"pct,omitempty"`
}
MemBytePct is the formatting struct for wrapping pct/byte metrics
type NonFatalErr ¶ added in v0.8.0
type NonFatalErr struct {
Err error
}
NonFatalErr is returned when there was an error collecting metrics, however the metrics already gathered and returned are still valid. This error can be safely ignored, this will result in having partial metrics for a process rather than no metrics at all.
It was introduced to allow for partial metrics collection on privileged process on Windows.
func (NonFatalErr) Error ¶ added in v0.8.0
func (c NonFatalErr) Error() string
func (NonFatalErr) Is ¶ added in v0.8.0
func (c NonFatalErr) Is(other error) bool
type PSSCaptureFlags ¶ added in v0.7.0
type PSSCaptureFlags uint32
PSSCaptureFlags from https://learn.microsoft.com/en-us/windows/win32/api/processsnapshot/ne-processsnapshot-pss_capture_flags
const ( PSSCaptureNone PSSCaptureFlags = 0x00000000 PSSCaptureVAClone PSSCaptureFlags = 0x00000001 PSSCaptureReserved00000002 PSSCaptureFlags = 0x00000002 PSSCaptureHandles PSSCaptureFlags = 0x00000004 PSSCaptureHandleNameInformation PSSCaptureFlags = 0x00000008 PSSCaptureHandleBasicInformation PSSCaptureFlags = 0x00000010 PSSCaptureHandleTypeSpecificInformation PSSCaptureFlags = 0x00000020 PSSCaptureHandleTrace PSSCaptureFlags = 0x00000040 PSSCaptureThreads PSSCaptureFlags = 0x00000080 PSSCaptureThreadContext PSSCaptureFlags = 0x00000100 PSSCaptureThreadContextExtended PSSCaptureFlags = 0x00000200 PSSCaptureReserved00000400 PSSCaptureFlags = 0x00000400 PSSCaptureVASpace PSSCaptureFlags = 0x00000800 PSSCaptureVASpaceSectionInformation PSSCaptureFlags = 0x00001000 PSSCaptureIPTTrace PSSCaptureFlags = 0x00002000 PSSCaptureReserved00004000 PSSCaptureFlags = 0x00004000 PSSCreateBreakawayOptional PSSCaptureFlags = 0x04000000 PSSCreateBreakaway PSSCaptureFlags = 0x08000000 PSSCreateForceBreakaway PSSCaptureFlags = 0x10000000 PSSCreateUseVMAllocations PSSCaptureFlags = 0x20000000 PSSCreateMeasurePerformance PSSCaptureFlags = 0x40000000 PSSCreateReleaseSection PSSCaptureFlags = 0x80000000 )
type PidState ¶
type PidState string
PidState are the constants for various PID states
var ( // Dead state, on linux this is both "x" and "X" Dead PidState = "dead" // Running state Running PidState = "running" // Sleeping state Sleeping PidState = "sleeping" // Idle state. Idle PidState = "idle" // DiskSleep is uninterruptible disk sleep DiskSleep PidState = "disk_sleep" // Stopped state. Stopped PidState = "stopped" // Zombie state. Zombie PidState = "zombie" // WakeKill is a linux state only found on kernels 2.6.33-3.13 WakeKill PidState = "wakekill" // Waking is a linux state only found on kernels 2.6.33-3.13 Waking PidState = "waking" // Parked is a linux state. On the proc man page, it says it's available on 3.9-3.13, but it appears to still be in the code. Parked PidState = "parked" // Unknown state Unknown PidState = "unknown" )
type ProcCPUInfo ¶
type ProcCPUInfo struct {
StartTime string `struct:"start_time,omitempty"`
Total CPUTotal `struct:"total,omitempty"`
// Optional Tick values
User CPUTicks `struct:"user,omitempty"`
System CPUTicks `struct:"system,omitempty"`
}
ProcCPUInfo is the main struct for CPU metrics
type ProcCallback ¶
ProcCallback is a function that FetchPid* methods can call at various points to do OS-agnostic processing
type ProcFDInfo ¶
type ProcFDInfo struct {
Open opt.Uint `struct:"open,omitempty"`
Limit ProcLimits `struct:"limit,omitempty"`
}
ProcFDInfo is the struct for process.fd metrics
func (ProcFDInfo) IsZero ¶
func (t ProcFDInfo) IsZero() bool
IsZero returns true if the underlying value nil
type ProcLimits ¶
type ProcLimits struct {
Soft opt.Uint `struct:"soft,omitempty"`
Hard opt.Uint `struct:"hard,omitempty"`
}
ProcLimits wraps the fd.limit metrics
type ProcMemInfo ¶
type ProcMemInfo struct {
Size opt.Uint `struct:"size,omitempty"`
Rss MemBytePct `struct:"rss,omitempty"`
}
ProcMemInfo is the struct for cpu.memory metrics
type ProcState ¶
type ProcState struct {
// Basic Process data
Name string `struct:"name,omitempty"`
State PidState `struct:"state,omitempty"`
Username string `struct:"username,omitempty"`
Pid opt.Int `struct:"pid,omitempty"`
Ppid opt.Int `struct:"ppid,omitempty"`
Pgid opt.Int `struct:"pgid,omitempty"`
NumThreads opt.Int `struct:"num_threads,omitempty"`
// Extended Process Data
Args []string `struct:"args,omitempty"`
Cmdline string `struct:"cmdline,omitempty"`
Cwd string `struct:"cwd,omitempty"`
Exe string `struct:"exe,omitempty"`
Env mapstr.M `struct:"env,omitempty"`
// Resource Metrics
Memory ProcMemInfo `struct:"memory,omitempty"`
CPU ProcCPUInfo `struct:"cpu,omitempty"`
FD ProcFDInfo `struct:"fd,omitempty"`
Network *sysinfotypes.NetworkCountersInfo `struct:"-,omitempty"`
// cgroups
Cgroup cgroup.CGStats `struct:"cgroup,omitempty"`
// meta
SampleTime time.Time `struct:"-,omitempty"`
}
ProcState is the main struct for process information and metrics.
func FillMetricsRequiringMoreAccess ¶ added in v0.8.0
FillMetricsRequiringMoreAccess All calls that need more access rights than windows.PROCESS_QUERY_LIMITED_INFORMATION
func FillPidMetrics ¶
func FillPidMetrics(_ resolve.Resolver, pid int, state ProcState, _ func(string) bool) (ProcState, error)
FillPidMetrics is the windows implementation
func GetInfoForPid ¶
GetInfoForPid returns basic info for the process
func GetProcCPUPercentage ¶
GetProcCPUPercentage returns the percentage of total CPU time consumed by the process during the period between the given samples. Two percentages are returned (these must be multiplied by 100). The first is a normalized based on the number of cores such that the value ranges on [0, 1]. The second is not normalized and the value ranges on [0, number_of_cores].
Implementation note: The total system CPU time (including idle) is not provided so this method will resort to using the difference in wall-clock time multiplied by the number of cores as the total amount of CPU time available between samples. This could result in incorrect percentages if the wall-clock is adjusted (prior to Go 1.9) or the machine is suspended.
func ListStates ¶
ListStates is a wrapper that returns a list of processess with only the basic PID info filled out.
func (*ProcState) FormatForRoot ¶
func (p *ProcState) FormatForRoot() ProcStateRootEvent
type ProcStateRootEvent ¶
type ProcStateRootEvent struct {
Process ProcessRoot `struct:"process,omitempty"`
User Name `struct:"user,omitempty"`
}
ProcStateRootEvent represents the "root" beat/agent ECS event fields that are copied from the integration-level event.
type ProcessRoot ¶
type ProcessRoot struct {
Cmdline string `struct:"command_line,omitempty"`
State PidState `struct:"state,omitempty"`
CPU RootCPUFields `struct:"cpu,omitempty"`
Memory opt.PctOpt `struct:"memory,omitempty"`
Cwd string `struct:"working_directory,omitempty"`
Exe string `struct:"executable,omitempty"`
Args []string `struct:"args,omitempty"`
Name string `struct:"name,omitempty"`
Pid opt.Int `struct:"pid,omitempty"`
Parent Parent `struct:"parent,omitempty"`
Pgid opt.Int `struct:"pgid,omitempty"`
}
ProcessRoot wraps the process metrics for the root ECS fields
type ProcsTrack ¶ added in v0.4.4
type ProcsTrack struct {
// contains filtered or unexported fields
}
ProcsTrack is a thread-safe wrapper for a process Stat object's internal map of processes.
func NewProcsTrack ¶ added in v0.4.4
func NewProcsTrack() *ProcsTrack
func (*ProcsTrack) SetMap ¶ added in v0.4.4
func (pm *ProcsTrack) SetMap(pids map[int]ProcState)
func (*ProcsTrack) SetPid ¶ added in v0.4.4
func (pm *ProcsTrack) SetPid(pid int, ps ProcState)
type PssThreadInformation ¶ added in v0.7.0
type RootCPUFields ¶
type Stats ¶
type Stats struct {
Hostfs resolve.Resolver
Procs []string
ProcsMap *ProcsTrack
CPUTicks bool
EnvWhitelist []string
CacheCmdLine bool
IncludeTop IncludeTopConfig
CgroupOpts cgroup.ReaderOptions
EnableCgroups bool
EnableNetwork bool
// NetworkMetrics is an allowlist of network metrics,
// the names of which can be found in /proc/PID/net/snmp and /proc/PID/net/netstat
NetworkMetrics []string
// contains filtered or unexported fields
}
Stats stores the stats of processes on the host.
func (*Stats) Get ¶
Get fetches the configured processes and returns a list of formatted events and root ECS fields
func (*Stats) GetOne ¶
GetOne fetches process data for a given PID if its name matches the regexes provided from the host.
Source Files