登录 注册
开源 企业版 高校版 私有云 Gitee AI NEW
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
1 Star 0 Fork 0

zhangjungang/beats

代码 Issues 0 Pull Requests 0 Wiki 统计 流水线
服务
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
克隆/下载
eventreader_fsnotify.go 2.34 KB
一键复制 编辑 原始数据 按行查看 历史
Andrew Kroh 提交于 2018-01-29 12:47 . Fix metricbeat test util RunPushMetricSetV2 (#6198) (#6212)
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105
// +build linux freebsd openbsd netbsd windows



package file_integrity



import (

	"syscall"

	"time"



	"github.com/fsnotify/fsnotify"

	"github.com/pkg/errors"



	"github.com/elastic/beats/auditbeat/module/file_integrity/monitor"

	"github.com/elastic/beats/libbeat/logp"

)



type reader struct {

	watcher monitor.Watcher

	config  Config

	eventC  chan Event

	log     *logp.Logger

}



// NewEventReader creates a new EventProducer backed by fsnotify.

func NewEventReader(c Config) (EventProducer, error) {

	watcher, err := monitor.New(c.Recursive)

	if err != nil {

		return nil, err

	}



	return &reader{

		watcher: watcher,

		config:  c,

		eventC:  make(chan Event, 1),

		log:     logp.NewLogger(moduleName),

	}, nil

}



func (r *reader) Start(done <-chan struct{}) (<-chan Event, error) {

	for _, p := range r.config.Paths {

		if err := r.watcher.Add(p); err != nil {

			if err == syscall.EMFILE {

				r.log.Warnw("Failed to add watch (check the max number of "+

					"open files allowed with 'ulimit -a')",

					"file_path", p, "error", err)

			} else {

				r.log.Warnw("Failed to add watch", "file_path", p, "error", err)

			}

		}

	}



	if err := r.watcher.Start(); err != nil {

		return nil, errors.Wrap(err, "unable to start watcher")

	}

	go r.consumeEvents(done)

	r.log.Infow("Started fsnotify watcher",

		"file_path", r.config.Paths,

		"recursive", r.config.Recursive)

	return r.eventC, nil

}



func (r *reader) consumeEvents(done <-chan struct{}) {

	defer close(r.eventC)

	defer r.watcher.Close()



	for {

		select {

		case <-done:

			r.log.Debug("fsnotify reader terminated")

			return

		case event := <-r.watcher.EventChannel():

			if event.Name == "" || r.config.IsExcludedPath(event.Name) {

				continue

			}

			r.log.Debugw("Received fsnotify event",

				"file_path", event.Name,

				"event_flags", event.Op)



			start := time.Now()

			e := NewEvent(event.Name, opToAction(event.Op), SourceFSNotify,

				r.config.MaxFileSizeBytes, r.config.HashTypes)

			e.rtt = time.Since(start)



			r.eventC <- e

		case err := <-r.watcher.ErrorChannel():

			r.log.Warnw("fsnotify watcher error", "error", err)

		}

	}

}



func opToAction(op fsnotify.Op) Action {

	switch op {

	case fsnotify.Create:

		return Created

	case fsnotify.Write:

		return Updated

	case fsnotify.Remove:

		return Deleted

	case fsnotify.Rename:

		return Moved

	case fsnotify.Chmod:

		return AttributesModified

	default:

		return 0

	}

}
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
1
https://gitee.com/zhangjungang/beats.git
git@gitee.com:zhangjungang/beats.git
zhangjungang
beats
beats
v6.2.2
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
评论
仓库举报
回到顶部