README
¶
package kstream
This package represents the backbone of the kernel event collection. It configures the processing of the trace session, consumes events and parses the required parameters.
Documentation
¶
Overview ¶
Package kstream contains facilities for controlling the kernel logger session and opening kernel event stream for the purpose of collecting and processing kernel events.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Consumer ¶
type Consumer interface {
// OpenKstream initializes the kernel event stream by setting the event record callback and instructing it
// to consume events from log buffers. This operation can fail if opening the kernel logger session results
// in an invalid trace handler. Errors returned by `ProcessTrace` are sent to the channel since this function
// blocks the current thread and we schedule its execution in a separate goroutine.
OpenKstream() error
// CloseKstream shutdowns the currently running kernel event stream consumer by closing the corresponding
// session.
CloseKstream() error
// Errors returns the channel where errors are pushed.
Errors() chan error
// Events returns the buffered channel for pulling collected kernel events.
Events() chan *kevent.Kevent
// SetFilter initializes the filter that's applied on the kernel events.
SetFilter(filter filter.Filter)
}
Consumer is the interface for the kernel event stream consumer.
func NewConsumer ¶
func NewConsumer(ktraceController KtraceController, psnap ps.Snapshotter, hsnap handle.Snapshotter, config *config.Config) Consumer
NewConsumer constructs a new kernel event stream consumer.
type KtraceController ¶
type KtraceController interface {
// StartKtrace starts a new kernel tracing session.
StartKtrace() error
// CloseKtrace stops currently running kernel trace session.
CloseKtrace() error
// StartKtraceRundown initiates the kernel logger rundown session that will enumerate open file objects
// we can use to match file names in file system kernel events.
StartKtraceRundown() error
// IsKRundownStarted indicates if kernel logger rundown session is started.
IsKRundownStarted() bool
// GetTraceHandle returns the handle of the kernel trace session.
GetTraceHandle() etw.TraceHandle
}
KtraceController is responsible for managing the life cycle of the kernel traces.
func NewKtraceController ¶
func NewKtraceController(kstreamConfig config.KstreamConfig) KtraceController
NewKtraceController spins up a new instance of kernel trace controller.
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.