event

package
v0.1.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 17, 2020 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type ContainerAddEvent 

type ContainerAddEvent struct{ *types.Container }

ContainerAddEvent is an event sourced from the Topology api on container-entry

type ContainerDelEvent 

type ContainerDelEvent struct{ *types.Container }

ContainerDelEvent is an event sourced from the Topology api upon container-exit

type KernelEvent 

type KernelEvent []byte

KernelEvent is a raw event from the kernel, used by kernel event reader

type KernelLostEvent 

type KernelLostEvent uint64

KernelLostEvent is a raw lost event counter from the kernel, used by kernel event reader

type RawEvent 

type RawEvent struct {
	Pid       uint32                      `json:"pid"`
	Tid       uint32                      `json:"tid"`
	UID       uint32                      `json:"uid"`
	Gid       uint32                      `json:"gid"`
	Syscall   uint32                      `json:"nr"`
	NsPid     uint32                      `json:"ns_pid"`
	Start     uint64                      `json:"start"`
	Finish    uint64                      `json:"finish"`
	Session   int32                       `json:"sid"`
	PidNS     uint32                      `json:"pid_ns"`
	UtsNS     uint32                      `json:"uts_ns"`
	MntNS     uint32                      `json:"mnt_ns"`
	IpcNS     uint32                      `json:"ipc_ns"`
	CgrNS     uint32                      `json:"cgr_ns"`
	ContextSw uint64                      `json:"context_sw"`
	Errno     uint32                      `json:"error"`
	Ret       uint32                      `json:"ret"`
	Comm      [evCommLen]uint8            `json:"comm,omitempty"`
	Arguments [evArgLen * evArgCount]byte `json:"buf,omitempty"`
}

RawEvent is format of an event as seen by the kernel.

func (*RawEvent) ArgLen 

func (ev *RawEvent) ArgLen() int

ArgLen is for interface abstraction of messages and their arguments, used to get the size of a single argument within this type of message.

func (*RawEvent) Args 

func (ev *RawEvent) Args() []*byte

Args returns a cup up version of ev.Arguments, each slice representing a single argument.

func (*RawEvent) Commstr 

func (ev *RawEvent) Commstr() string

Commstr returns a stringified version of the process.

func (*RawEvent) Ingest 

func (ev *RawEvent) Ingest(data interface{}) (*RawEvent, error)

Ingest will take an input of various types (data), and attempts to convert it into a working RawEvent

func (*RawEvent) IngestBytes 

func (ev *RawEvent) IngestBytes(data []byte) (*RawEvent, error)

IngestBytes converts a []byte into a RawEvent

func (*RawEvent) IngestKernelEvent 

func (ev *RawEvent) IngestKernelEvent(data KernelEvent) (*RawEvent, error)

IngestKernelEvent converts a KernelEvent into a RawEvent

func (*RawEvent) MntNamespace 

func (ev *RawEvent) MntNamespace() int

MntNamespace returns the mnt-namespace of the current event

func (*RawEvent) PidNamespace 

func (ev *RawEvent) PidNamespace() int

PidNamespace returns the pid-namespace of the current event

type RedisEvent 

type RedisEvent *redis.Message

RedisEvent is an event containing a message from a redis query

type TraceEvent 

type TraceEvent struct {
	Syscall      *syscalls.Syscall `json:"syscall"`
	Pid          int               `json:"pid"`
	Tid          int               `json:"tid"`
	CPid         int               `json:"container_pid"`
	UID          int               `json:"uid"`
	Gid          int               `json:"gid"`
	Comm         string            `json:"comm"`
	Sid          int               `json:"session"`
	Container    *types.Container  `json:"container"`
	Error        types.Errno       `json:"error"`
	Return       int               `json:"return"`
	PidNamespace int               `json:"pid_ns"`
	UtsNamespace int               `json:"uts_ns"`
	MntNamespace int               `json:"mount_ns"`
	Start        int64             `json:"start"`
	Finish       int64             `json:"finish"`
	Argv         interface{}       `json:"args"`
	// contains filtered or unexported fields
}

TraceEvent is a more concrete version of the `RawEvent` structure, it includes data that needs to be "filled in" like the container information (as the kernel has no real idea what a container is)

func (*TraceEvent) ColorString 

func (ev *TraceEvent) ColorString() string

ColorString is just a helper to display a stupid terminal-colored representation of a single event.

func (*TraceEvent) Ingest 

func (ev *TraceEvent) Ingest(data interface{}) (*TraceEvent, error)

Ingest reads an abstract input and outputs it as a fully-parsed TraceEvent. If a topology context has been set, it will also attempt to resolve the kernel-namespace to a pod/container.

func (*TraceEvent) UnmarshalJSON 

func (ev *TraceEvent) UnmarshalJSON(data []byte) error

func (*TraceEvent) WithTopology 

func (ev *TraceEvent) WithTopology(topo *topology.Topology) *TraceEvent

WithTopology sets the internal topology context to `topo` for "resolving" kernel-namespaces to containers.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.