Tracer

Tracer will be capturing information in some way. Collector will convert Tracer’s data_t to Tracking.

Note

Some filed of data_t will be converted to other more readable filed, if you want to fit this feature, you should refer to Tracking.normalize_field.

class duetector.tracers.BccTracer(config: Config | dict[str, Any] | None = None, *args, **kwargs)[source]

A Tracer use bcc.BPF as a host

For simple tracers, you can just set attach_type, attatch_args to attatch to bcc.BPF. Equal to bcc.BPF(prog).attatch_{attatch_type}(**attatch_args)

For those tracers need to attatch multiple times, set many_attatchs to attatch multiple times.

set_callback should attatch callback to bpf, translate raw data to data_t then call the callback

FIXME:

Maybe it’s hard for using? Maybe we should use a more simple way to implement this?

attach(host)[source]

Attatch to host.

Merge attatch_type, attatch_args to many_attatchs then attatch.

attach_type: str | None = None: Attatch type for bcc.BPF, called as BPF.attatch_{attach_type},

attatch_args: dict[str, str] = {}: Args for attatch function.

property config_scope: Config scope for this tracer.

data_t: namedtuple: Data type for this tracer.

default_config = {'disabled': False}: Default config for this tracer.

detach(host)[source]

Detach from host.

Merge attatch_type, attatch_args to many_attatchs then detach.

FIXME:

Maybe we should specify detach* for detaching?

property disabled: If this tracer is disabled.

get_poller(host) → Callable[source]: Get poller function from host.

many_attatchs: list[tuple[str, dict[str, str]]] = []: List of attatch function name and args. attatch_type, attatch_args will merge to this list.

name: str | None: Name for this tracer. Will be used for collecting data.

poll_args: dict[str, str] = {}: Args for poll function. Remenber to set timeout for poll function in poll_args if needed,

poll_fn: str: Poll function name in bcc.BPF

prog: str: bpf program

set_callback(host, callback: Callable[[namedtuple], None])[source]

Set callback function to host.

Should implemented by subclass.

class duetector.tracers.ShellTracer(config: Config | dict[str, Any] | None = None, *args, **kwargs)[source]

A tracer use ShTracerHost as host. More detail on ShellMonitor and ShTracerHost.

Output of shell command will be converted to data_t and cached by default.

comm

shell command

Type:: List[str]

data_t

data type for this tracer

Type:: NamedTuple

Special config:

enable_cache: If enable cache for this tracer.
Cache means the same output will not be converted and emited again.

attach(host)[source]: Attach to host.

comm: list[str]: shell command

property config_scope: Config scope for this tracer.

data_t: ShellOutput: data type for this tracer

default_config = {'disabled': False, 'enable_cache': True}: Default config for this tracer.

detach(host)[source]: Detach from host.

property disabled: If this tracer is disabled.

property enable_cache: If enable cache for this tracer.

get_cache()[source]: Get cache for this tracer.

get_poller(host) → Callable[source]: Get poller function from host.

name: str | None: Name for this tracer. Will be used for collecting data.

set_cache(cache)[source]: Set cache for this tracer.

set_callback(host, callback: Callable[[namedtuple], None])[source]: Set callback function to host.

class duetector.tracers.SubprocessTracer(config: Config | dict[str, Any] | None = None, *args, **kwargs)[source]

attach(host)[source]: Attach to host.

comm: list[str]: shell command

property config_scope: Config scope for this tracer.

data_t: namedtuple: Data type for this tracer.

default_config = {'disabled': False}: Default config for this tracer.

detach(host)[source]: Detach from host.

property disabled: If this tracer is disabled.

get_poller(host) → Callable[source]: Get poller function from host.

name: str | None: Name for this tracer. Will be used for collecting data.

preserve_env: bool = False: If preserve env for this command

set_callback(host, callback: Callable[[namedtuple], None])[source]: Set callback function to host.

class duetector.tracers.Tracer(config: Config | dict[str, Any] | None = None, *args, **kwargs)[source]

A base class for all tracers.

As a reverse dependency for host, subclass should implement attach, detach, get_poller and set_callback. This allow tracer to decide how to attach to host, how to detach from host.

data_t is a NamedTuple, which is used to convert raw data to a NamedTuple.

Default scope for config is Tracer.__class__.__name__.

attach(host)[source]: Attach this tracer to host.

property config_scope: Config scope for this tracer.

data_t: namedtuple: Data type for this tracer.

default_config = {'disabled': False}: Default config for this tracer.

detach(host)[source]: Detach this tracer from host.

property disabled: If this tracer is disabled.

get_poller(host) → Callable[source]: Get a poller function from host.

name: str | None: Name for this tracer. Will be used for collecting data.

set_callback(host, callback: Callable[[namedtuple], None])[source]: Set a callback function to host.

Tracer

Avaliable Tracer