github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-08-07 17:24:05 +00:00
Code Issues Projects Releases Wiki Activity

digwatch: use appropriate formatter for each event

Browse Source
This commit is contained in:
Henri DF 2016-02-23 10:21:25 -08:00
parent a3976281a8
commit 87186df85a
3 changed files with 17 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
userspace/digwatch/digwatch.cpp
View File

@ -28,7 +28,7 @@ extern "C" {
static void usage() static void usage()
{ {
printf( printf(
"Usage: digwatch [options] [-p <output_format>] rules_filename\n\n" "Usage: digwatch [options] rules_filename\n\n"
"Options:\n" "Options:\n"
" -h, --help Print this page\n" " -h, --help Print this page\n"
" -m <filename>, --main-lua <filename>\n" " -m <filename>, --main-lua <filename>\n"
@ -55,13 +55,14 @@ static void usage()
captureinfo do_inspect(sinsp* inspector, captureinfo do_inspect(sinsp* inspector,
uint64_t cnt, uint64_t cnt,
int duration_to_tot, int duration_to_tot,
sinsp_evt_formatter* formatter) digwatch_rules* rules)
{ {
captureinfo retval; captureinfo retval;
int32_t res; int32_t res;
sinsp_evt* ev; sinsp_evt* ev;
string line; string line;
int duration_start = 0; int duration_start = 0;
sinsp_evt_formatter* formatter;
// //
// Loop through the events // Loop through the events
@ -113,6 +114,13 @@ captureinfo do_inspect(sinsp* inspector,
{ {
continue; continue;
} }
formatter = rules->lookup_formatter(ev->get_check_id());
if (!formatter)
{
throw sinsp_exception("Error: No formatter for event with id %d " + to_string(ev->get_check_id()));
}
if(formatter->tostring(ev, &line)) if(formatter->tostring(ev, &line))
{ {
cout << line; cout << line;
@ -137,7 +145,6 @@ int digwatch_init(int argc, char **argv)
sinsp_evt::param_fmt event_buffer_format = sinsp_evt::PF_NORMAL; sinsp_evt::param_fmt event_buffer_format = sinsp_evt::PF_NORMAL;
int duration_to_tot = 0; int duration_to_tot = 0;
captureinfo cinfo; captureinfo cinfo;
string output_format;
int long_index = 0; int long_index = 0;
string lua_main_filename; string lua_main_filename;
string lua_dir = DIGWATCH_INSTALLATION_DIR; string lua_dir = DIGWATCH_INSTALLATION_DIR;
@ -152,8 +159,6 @@ int digwatch_init(int argc, char **argv)
{0, 0, 0, 0} {0, 0, 0, 0}
}; };
output_format = "*%evt.num %evt.outputtime %evt.cpu %proc.name (%thread.tid) %evt.dir %evt.type %evt.info";
try try
{ {
inspector = new sinsp(); inspector = new sinsp();
@ -240,10 +245,6 @@ int digwatch_init(int argc, char **argv)
} }
// //
// Create the event formatter
//
sinsp_evt_formatter formatter(inspector, output_format);
char* env_lua_dir = getenv("DIGWATCH_LUA_DIR"); char* env_lua_dir = getenv("DIGWATCH_LUA_DIR");
if (env_lua_dir) if (env_lua_dir)
{ {
@ -265,7 +266,7 @@ int digwatch_init(int argc, char **argv)
cinfo = do_inspect(inspector, cinfo = do_inspect(inspector,
cnt, cnt,
duration_to_tot, duration_to_tot,
&formatter); rules);
inspector->close(); inspector->close();
} }

4
userspace/digwatch/rules.cpp
View File

@ -56,6 +56,10 @@ int digwatch_rules::set_formatter (lua_State *ls) {
return 0; return 0;
} }
sinsp_evt_formatter* digwatch_rules::lookup_formatter(uint32_t index)
{
return g_format_map[index];
}
void digwatch_rules::add_lua_path(string path) void digwatch_rules::add_lua_path(string path)
{ {

2
userspace/digwatch/rules.h
View File

@ -15,6 +15,8 @@ class digwatch_rules
// set_formatter(index, format_string) // set_formatter(index, format_string)
static int set_formatter(lua_State *ls); static int set_formatter(lua_State *ls);
sinsp_evt_formatter* lookup_formatter(uint32_t index);
private: private:
void add_lua_path(string path); void add_lua_path(string path);
void load_compiler(string lua_main_filename); void load_compiler(string lua_main_filename);