procmon

package
v0.0.0-...-dcb1157 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 28, 2025 License: GPL-3.0 Imports: 5 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ProcEventsChannel channel of events to read
	ProcEventsChannel = make(chan ProcEvent)
)

Functions

func ProcEventsMonitor 

func ProcEventsMonitor(done <-chan struct{})

ProcEventsMonitor listens for process events from kernel. We listen for events via netlink, from the Process Events Conector: https://lwn.net/Articles/157150/ The kernel must have the options CONFIG_CONECTOR and CONFIG_PROC_EVENTS enabled.

Types

type ProcEvent 

type ProcEvent struct {
	TimeStamp uint64
	PID       uint32
	PPID      uint32
	TGID      uint32
	PTGID     uint32
	// contains filtered or unexported fields
}

ProcEvent represents the struct returned from kernel

func NewProcEvent 

func NewProcEvent(ev netlink.ProcEvent) ProcEvent

NewProcEvent returns a new event received from kernel

func (*ProcEvent) IsComm 

func (pe *ProcEvent) IsComm() bool

IsComm returns if the event is comm

func (*ProcEvent) IsExec 

func (pe *ProcEvent) IsExec() bool

IsExec returns if the event is exec

func (*ProcEvent) IsExit 

func (pe *ProcEvent) IsExit() bool

IsExit returns if the event is exit

func (*ProcEvent) IsFork 

func (pe *ProcEvent) IsFork() bool

IsFork returns if the event is fork

func (*ProcEvent) Msg 

func (pe *ProcEvent) Msg() interface{}

Msg returns the message received from netlink

func (*ProcEvent) Pid 

func (pe *ProcEvent) Pid() uint32

Pid returns the pid of the event

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.