github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-08-18 06:07:18 +00:00
Code Issues Projects Releases Wiki Activity

refactor(userspace/falco): use new stats writer in event processing action

Browse Source 
Signed-off-by: Jason Dellaluce <jasondellaluce@gmail.com>
This commit is contained in:
Jason Dellaluce 2022-07-01 10:29:01 +00:00 committed by poiana
parent 605dd2816d
commit 2f5461bed0
2 changed files with 21 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
userspace/falco/app_actions/process_events.cpp
View File

@ -39,12 +39,13 @@ using namespace falco::app;
// Event processing loop // Event processing loop
// //
application::run_result application::do_inspect(syscall_evt_drop_mgr &sdropmgr, application::run_result application::do_inspect(syscall_evt_drop_mgr &sdropmgr,
std::shared_ptr<stats_writer> statsw,
uint64_t duration_to_tot_ns, uint64_t duration_to_tot_ns,
uint64_t &num_evts) uint64_t &num_evts)
{ {
int32_t rc; int32_t rc;
sinsp_evt* ev; sinsp_evt* ev;
StatsFileWriter writer; stats_writer::state stats_state;
uint64_t duration_start = 0; uint64_t duration_start = 0;
uint32_t timeouts_since_last_success_or_msg = 0; uint32_t timeouts_since_last_success_or_msg = 0;
std::size_t source_idx; std::size_t source_idx;
@ -70,16 +71,6 @@ application::run_result application::do_inspect(syscall_evt_drop_mgr &sdropmgr,
m_state->config->m_syscall_evt_drop_max_burst, m_state->config->m_syscall_evt_drop_max_burst,
m_state->config->m_syscall_evt_simulate_drops); m_state->config->m_syscall_evt_simulate_drops);
if (m_options.stats_filename != "")
{
string errstr;
if (!writer.init(m_state->inspector, m_options.stats_filename, m_options.stats_interval, errstr))
{
return run_result::fatal(errstr);
}
}
// //
// Loop through the events // Loop through the events
// //
@ -88,7 +79,7 @@ application::run_result application::do_inspect(syscall_evt_drop_mgr &sdropmgr,
rc = m_state->inspector->next(&ev); rc = m_state->inspector->next(&ev);
writer.handle(); statsw->handle(m_state->inspector, stats_state);
if(m_state->terminate.load(std::memory_order_acquire) if(m_state->terminate.load(std::memory_order_acquire)
|| m_state->restart.load(std::memory_order_acquire)) || m_state->restart.load(std::memory_order_acquire))
@ -208,10 +199,26 @@ application::run_result application::process_events()
scap_stats cstats; scap_stats cstats;
uint64_t num_evts = 0; uint64_t num_evts = 0;
run_result ret; run_result ret;
std::shared_ptr<stats_writer> statsw;
if (!m_options.stats_filename.empty())
{
std::string err;
if (!stats_writer::set_timer(m_options.stats_interval, err))
{
return run_result::fatal(err);
}
statsw.reset(new stats_writer(m_options.stats_filename));
}
else
{
statsw.reset(new stats_writer());
}
duration = ((double)clock()) / CLOCKS_PER_SEC; duration = ((double)clock()) / CLOCKS_PER_SEC;
ret = do_inspect(sdropmgr, ret = do_inspect(sdropmgr,
statsw,
uint64_t(m_options.duration_to_tot*ONE_SECOND_IN_NS), uint64_t(m_options.duration_to_tot*ONE_SECOND_IN_NS),
num_evts); num_evts);

2
userspace/falco/application.h
View File

@ -17,6 +17,7 @@ limitations under the License.
#pragma once #pragma once
#include "configuration.h" #include "configuration.h"
#include "statsfilewriter.h"
#ifndef MINIMAL_BUILD #ifndef MINIMAL_BUILD
#include "grpc_server.h" #include "grpc_server.h"
#include "webserver.h" #include "webserver.h"
@ -224,6 +225,7 @@ private:
void print_all_ignored_events(); void print_all_ignored_events();
void format_plugin_info(std::shared_ptr<sinsp_plugin> p, std::ostream& os) const; void format_plugin_info(std::shared_ptr<sinsp_plugin> p, std::ostream& os) const;
run_result do_inspect(syscall_evt_drop_mgr &sdropmgr, run_result do_inspect(syscall_evt_drop_mgr &sdropmgr,
std::shared_ptr<stats_writer> statsw,
uint64_t duration_to_tot_ns, uint64_t duration_to_tot_ns,
uint64_t &num_events); uint64_t &num_events);