-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathfalcon.fbs
69 lines (61 loc) · 1007 Bytes
/
falcon.fbs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
namespace falcon.core.protocol.fbs;
union EventData {
ProcessStart,
ProcessEnd,
ProcessCreate,
ProcessJoin,
SocketEvent,
FSync,
}
union SocketEventData {
SocketConnect,
SocketAccept,
SocketSend,
SocketReceive,
}
/**
* Event types
*/
table ProcessStart {}
table ProcessEnd {}
table ProcessCreate {
child_pid:uint;
}
table ProcessJoin {
child_pid:uint;
}
table SocketConnect {}
table SocketAccept {}
table SocketSend {
size:uint;
}
table SocketReceive {
size:uint;
}
table FSync {}
/**
* Main events
*/
table SocketEvent {
source_port:ushort;
destination_port:ushort;
socket_family:int;
socket_type:int;
socket_from:string;
socket_to:string;
socket_id:string;
event:SocketEventData;
}
table FalconEvent {
id:string;
user_time:long;
kernel_time:long;
type:ubyte;
pid:uint;
tid:uint;
comm:string;
host:string;
event:EventData;
extra_data:string;
}
root_type FalconEvent;