github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-09-17 15:28:18 +00:00
Code Issues Projects Releases Wiki Activity

Add ability to run live for specific duration

Browse Source 
Use -M <secs> (same as sysdig) to run falco for a specific duration and
exit.
This commit is contained in:
Mark Stemm
2017-03-22 13:06:23 -07:00
parent ec5adfe892
commit 52b006e875
1 changed files with 24 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
userspace/falco/falco.cpp
View File

@@ -87,6 +87,7 @@ static void usage()
" Marathon url is optional and defaults to Mesos address, port 8080.\n" " Marathon url is optional and defaults to Mesos address, port 8080.\n"
" The API servers can also be specified via the environment variable\n" " The API servers can also be specified via the environment variable\n"
" FALCO_MESOS_API.\n" " FALCO_MESOS_API.\n"
" -M <num_seconds> Stop collecting after <num_seconds> reached.\n"
" -o, --option <key>=<val> Set the value of option <key> to <val>. Overrides values in configuration file.\n" " -o, --option <key>=<val> Set the value of option <key> to <val>. Overrides values in configuration file.\n"
" <key> can be a two-part <key>.<subkey>\n" " <key> can be a two-part <key>.<subkey>\n"
" -p <output_format>, --print=<output_format>\n" " -p <output_format>, --print=<output_format>\n"
@@ -135,12 +136,14 @@ std::list<string> cmdline_options;
uint64_t do_inspect(falco_engine *engine, uint64_t do_inspect(falco_engine *engine,
falco_outputs *outputs, falco_outputs *outputs,
sinsp* inspector, sinsp* inspector,
uint64_t duration_to_tot_ns,
string &stats_filename) string &stats_filename)
{ {
uint64_t num_evts = 0; uint64_t num_evts = 0;
int32_t res; int32_t res;
sinsp_evt* ev; sinsp_evt* ev;
StatsFileWriter writer; StatsFileWriter writer;
uint64_t duration_start = 0;
if (stats_filename != "") if (stats_filename != "")
{ {
@@ -184,6 +187,17 @@ uint64_t do_inspect(falco_engine *engine,
throw sinsp_exception(inspector->getlasterr().c_str()); throw sinsp_exception(inspector->getlasterr().c_str());
} }
if (duration_start == 0)
{
duration_start = ev->get_ts();
} else if(duration_to_tot_ns > 0)
{
if(ev->get_ts() - duration_start >= duration_to_tot_ns)
{
break;
}
}
if(!inspector->is_debug_enabled() && if(!inspector->is_debug_enabled() &&
ev->get_category() & EC_INTERNAL) ev->get_category() & EC_INTERNAL)
{ {
@@ -234,6 +248,7 @@ int falco_init(int argc, char **argv)
string* mesos_api = 0; string* mesos_api = 0;
string output_format = ""; string output_format = "";
bool replace_container_info = false; bool replace_container_info = false;
int duration_to_tot = 0;
// Used for writing trace files // Used for writing trace files
int duration_seconds = 0; int duration_seconds = 0;
@@ -275,7 +290,7 @@ int falco_init(int argc, char **argv)
// Parse the args // Parse the args
// //
while((op = getopt_long(argc, argv, while((op = getopt_long(argc, argv,
"hc:AdD:e:k:K:Ll:m:o:P:p:r:s:T:t:vw:", "hc:AdD:e:k:K:Ll:m:M:o:P:p:r:s:T:t:vw:",
long_options, &long_index)) != -1) long_options, &long_index)) != -1)
{ {
switch(op) switch(op)
@@ -316,6 +331,13 @@ int falco_init(int argc, char **argv)
case 'm': case 'm':
mesos_api = new string(optarg); mesos_api = new string(optarg);
break; break;
case 'M':
duration_to_tot = atoi(optarg);
if(duration_to_tot <= 0)
{
throw sinsp_exception(string("invalid duration") + optarg);
}
break;
case 'o': case 'o':
cmdline_options.push_back(optarg); cmdline_options.push_back(optarg);
break; break;
@@ -662,6 +684,7 @@ int falco_init(int argc, char **argv)
num_evts = do_inspect(engine, num_evts = do_inspect(engine,
outputs, outputs,
inspector, inspector,
uint64_t(duration_to_tot*ONE_SECOND_IN_NS),
stats_filename); stats_filename);
duration = ((double)clock()) / CLOCKS_PER_SEC - duration; duration = ((double)clock()) / CLOCKS_PER_SEC - duration;