Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var RootCmd = &cobra.Command{ Use: "fibratus", Short: "Modern tool for the kernel observability and exploration", Long: ` Fibratus is a tool for exploration and tracing of the Windows kernel. It lets you trap system-wide events such as process life-cycle, file system I/O, registry modifications or network requests among many other observability signals. In a nutshell, Fibratus allows for gaining deep operational visibility into the Windows kernel but also processes running on top of it. `, SilenceUsage: true, PersistentPreRunE: func(cmd *cobra.Command, args []string) error { if runtime.GOOS != "windows" { return errors.New("fibratus can only be run on Windows operating systems") } if runtime.GOARCH == "386" { return errors.New("fibratus can't be run on 32-bits Windows operating systems") } return nil }, }
RootCmd is the entrance to Fibratus CLI
Functions ¶
Types ¶
type Stats ¶
type Stats struct {
AggregatorBatchEvents int `json:"aggregator.batch.events"`
AggregatorFlushesCount int `json:"aggregator.flushes.count"`
AggregatorKeventErrors int `json:"aggregator.kevent.errors"`
AggregatorTransformerErrors map[string]int `json:"aggregator.transformer.errors"`
AggregatorWorkerClientPublishErrors int `json:"aggregator.worker.client.publish.errors"`
FilamentKdictErrors int `json:"filament.kdict.errors"`
FilamentKeventBatchFlushes int `json:"filament.kevent.batch.flushes"`
FilamentKeventErrors map[string]int `json:"filament.kevent.errors"`
FilamentKeventProcessErrors int `json:"filament.kevent.process.errors"`
FilterAccessorErrors map[string]int `json:"filter.accessor.errors"`
FsFileObjectHandleHits int `json:"fs.file.object.handle.hits"`
FsFileObjectMisses int `json:"fs.file.object.misses"`
FsFileReleases int `json:"fs.file.releases"`
FsTotalRundownFiles int `json:"fs.total.rundown.files"`
HandleDeferredEvictions int `json:"handle.deferred.evictions"`
HandleNameQueryFailures map[string]int `json:"handle.name.query.failures"`
HandleSnapshotCount int `json:"handle.snapshot.count"`
HandleSnapshotBytes int `json:"handle.snapshot.bytes"`
HandleTypesCount int `json:"handle.types.count"`
HandleTypeNameMisses int `json:"handle.type.name.misses"`
HandleWaitTimeouts int `json:"handle.wait.timeouts"`
HostnameErrors map[string]int `json:"hostname.errors"`
KcapFlusherErrors map[string]int `json:"kcap.flusher.errors"`
KcapHandleWriteErrors int `json:"kcap.handle.write.errors"`
KcapKeventUnmarshalErrors int `json:"kcap.kevent.unmarshal.errors"`
KcapKeventWriteErrors int `json:"kcap.kevent.write.errors"`
KcapKstreamConsumerErrors int `json:"kcap.kstream.consumer.errors"`
KcapOverflowErrors int `json:"kcap.overflow.errors"`
KcapReadBytes int `json:"kcap.read.bytes"`
KcapReadKevents int `json:"kcap.read.kevents"`
KcapReaderDroppedByFilter int `json:"kcap.reader.dropped.by.filter"`
KcapReaderHandleUnmarshalErrors int `json:"kcap.reader.handle.unmarshal.errors"`
KeventInterceptorFailures int `json:"kevent.interceptor.failures"`
KeventSeqInitErrors map[string]int `json:"kevent.seq.init.errors"`
KeventSeqStoreErrors int `json:"kevent.seq.store.errors"`
KeventTimestampUnmarshalErrors int `json:"kevent.timestamp.unmarshal.errors"`
KstreamBlacklistDroppedKevents map[string]int `json:"kstream.blacklist.dropped.kevents"`
KstreamBlacklistDroppedProcs map[string]int `json:"kstream.blacklist.dropped.procs"`
KstreamKbuffersRead int `json:"kstream.kbuffers.read"`
KstreamKeventParamFailures int `json:"kstream.kevent.param.failures"`
KstreamKeventsEnqueued int `json:"kstream.kevents.enqueued"`
KstreamKeventsDequeued int `json:"kstream.kevents.dequeued"`
KstreamKeventsFailures map[string]int `json:"kstream.kevents.failures"`
KstreamKeventsMissingSchemaErrors map[string]int `json:"kstream.kevents.missing.schema.errors"`
KstreamUpstreamCancellations int `json:"kstream.upstream.cancellations"`
LoggerErrors map[string]int `json:"logger.errors"`
OutputAMQPChannelFailures int `json:"output.amqp.channel.failures"`
OutputAMQPConnectionFailures int `json:"output.amqp.connection.failures"`
OutputAMQPPublishErrors int `json:"output.amqp.publish.errors"`
OutputConsoleErrors int `json:"output.console.errors"`
OutputNullBlackholeEvents int `json:"output.null.blackhole.events"`
PeFailedResourceEntryReads int `json:"pe.failed.resource.entry.reads"`
PeMaxResourceEntriesExceeded int `json:"pe.max.resource.entries.exceeded"`
ProcessCount int `json:"process.count"`
ProcessModuleCount int `json:"process.module.count"`
ProcessLookupFailureCount map[int]int `json:"process.lookup.failure.count"`
ProcessPebReadErrors int `json:"process.peb.read.errors"`
ProcessReaped int `json:"process.reaped"`
ProcessThreadCount int `json:"process.thread.count"`
RegistryKcbCount int `json:"registry.kcb.count"`
RegistryKcbMisses int `json:"registry.kcb.misses"`
RegistryKeyHandleHits int `json:"registry.key.handle.hits"`
RegistryUnknownKeysCount int `json:"registry.unknown.keys.count"`
SidsCount int `json:"sids.count"`
YaraImageScans int `json:"yara.image.scans"`
YaraProcScans int `json:"yara.proc.scans"`
YaraRuleMatches int `json:"yara.rule.matches"`
}
Stats stores runtime statistics that are retrieved from the expvar endpoint.
Source Files
Click to show internal directories.
Click to hide internal directories.