代码拉取完成,页面将自动刷新
package file
import (
"os"
"github.com/pkg/errors"
"github.com/elastic/beats/libbeat/common/cfgwarn"
"github.com/elastic/beats/libbeat/logp"
"github.com/elastic/beats/metricbeat/mb"
"github.com/elastic/beats/metricbeat/mb/parse"
)
const (
metricsetName = "audit.file"
logPrefix = "[" + metricsetName + "]"
)
var (
debugf = logp.MakeDebug(metricsetName)
)
func init() {
if err := mb.Registry.AddMetricSet("audit", "file", New, parse.EmptyHostParser); err != nil {
panic(err)
}
}
type EventReader interface {
Start(done <-chan struct{}) (<-chan Event, error)
}
type MetricSet struct {
mb.BaseMetricSet
config Config
reader EventReader
}
func New(base mb.BaseMetricSet) (mb.MetricSet, error) {
cfgwarn.Experimental("The %v metricset is an experimental feature", metricsetName)
config := defaultConfig
if err := base.Module().UnpackConfig(&config); err != nil {
return nil, err
}
r, err := NewEventReader(config)
if err != nil {
return nil, errors.Wrap(err, "failed to initialize audit file event reader")
}
debugf("%v Initialized the audit file event reader. Running as euid=%v",
logPrefix, os.Geteuid())
return &MetricSet{BaseMetricSet: base, config: config, reader: r}, nil
}
func (ms *MetricSet) Run(reporter mb.PushReporter) {
eventChan, err := ms.reader.Start(reporter.Done())
if err != nil {
err = errors.Wrap(err, "failed to start event reader")
reporter.Error(err)
logp.Err("%v %v", logPrefix, err)
return
}
for {
select {
case <-reporter.Done():
return
case event := <-eventChan:
reporter.Event(buildMapStr(&event))
if len(event.errors) > 0 {
debugf("%v Errors on %v event for %v: %v",
logPrefix, event.Action, event.Path, event.errors)
}
}
}
}
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手