OMS-Auditd-Plugin

Граф коммитов

Автор	SHA1	Сообщение	Дата
Kevin Sheldrake	9d3dbe36ae	Patched so outputs can be added and removed and ProcessTree and GLobalFiltersMask are updated each time (#40 )	2020-01-07 11:42:41 -08:00
Tad Glines	68ad23c06d	Add metrics collection and other changes (#36 ) - Added collection of syscall metrics - Added collection of auoms process CPU and MEM consumtion metrics - Added system CPU and MEM metrics - Added collection of event metrics - Changed event accumulator so it uses steady clock for tracking event age instead of event id. Added more efficient LRU list. - Changed so PATH records values are accumulated in a fixed set of fields where each field value is a JSON array of values ordered by PATH record order. - Changed SYSCALL event type from AUOMS_EXECVE to AUOMS_SYSCALL - Changed to include proctitle in non-execve syscall events. - Fixed "-S all" and "-S <number>" rule handling. - Fix std::function arg passing, make move semantics explicit. - Move event filter logic into seperate class. - Fix code so unit tests pass. - Fix json encoding of escaped values. - Remove exit(1) from ProcessNotify. - Fix ProcessNotify/ProcessTree Stop(). - Fix parsing of INTEGRITY_POLICY_RULE records. - Fix thread stack leak.	2019-11-21 14:55:06 -08:00

Автор

SHA1

Сообщение

Дата

Kevin Sheldrake

9d3dbe36ae

Patched so outputs can be added and removed and ProcessTree and GLobalFiltersMask are updated each time (#40 )

2020-01-07 11:42:41 -08:00

Tad Glines

68ad23c06d

Add metrics collection and other changes (#36 )

- Added collection of syscall metrics
- Added collection of auoms process CPU and MEM consumtion metrics
- Added system CPU and MEM metrics
- Added collection of event metrics
- Changed event accumulator so it uses steady clock for tracking event
  age instead of event id. Added more efficient LRU list.
- Changed so PATH records values are accumulated in a fixed set of
  fields where each field value is a JSON array of values ordered
  by PATH record order.
- Changed SYSCALL event type from AUOMS_EXECVE to AUOMS_SYSCALL
- Changed to include proctitle in non-execve syscall events.
- Fixed "-S all" and "-S <number>" rule handling.
- Fix std::function arg passing, make move semantics explicit.
- Move event filter logic into seperate class.
- Fix code so unit tests pass.
- Fix json encoding of escaped values.
- Remove exit(1) from ProcessNotify.
- Fix ProcessNotify/ProcessTree Stop().
- Fix parsing of INTEGRITY_POLICY_RULE records.
- Fix thread stack leak.

2019-11-21 14:55:06 -08:00

2 Коммитов