-
Notifications
You must be signed in to change notification settings - Fork 1.2k
/
eventmonitor.go
83 lines (70 loc) · 2.79 KB
/
eventmonitor.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
// Unless explicitly stated otherwise all files in this repository are licensed
// under the Apache License Version 2.0.
// This product includes software developed at Datadog (https://www.datadoghq.com/).
// Copyright 2016-present Datadog, Inc.
//go:build linux || windows
package modules
import (
"github.com/DataDog/datadog-agent/cmd/system-probe/api/module"
sysconfigtypes "github.com/DataDog/datadog-agent/cmd/system-probe/config/types"
"github.com/DataDog/datadog-agent/comp/core/workloadmeta"
"github.com/DataDog/datadog-agent/pkg/eventmonitor"
emconfig "github.com/DataDog/datadog-agent/pkg/eventmonitor/config"
"github.com/DataDog/datadog-agent/pkg/network/events"
procconsumer "github.com/DataDog/datadog-agent/pkg/process/events/consumer"
secconfig "github.com/DataDog/datadog-agent/pkg/security/config"
secmodule "github.com/DataDog/datadog-agent/pkg/security/module"
"github.com/DataDog/datadog-agent/pkg/util/log"
"github.com/DataDog/datadog-agent/pkg/util/optional"
)
var eventMonitorModuleConfigNamespaces = []string{"event_monitoring_config", "runtime_security_config"}
func createEventMonitorModule(_ *sysconfigtypes.Config, wmeta optional.Option[workloadmeta.Component]) (module.Module, error) {
emconfig := emconfig.NewConfig()
secconfig, err := secconfig.NewConfig()
if err != nil {
log.Errorf("invalid probe configuration: %v", err)
return nil, module.ErrNotEnabled
}
opts := eventmonitor.Opts{}
secmoduleOpts := secmodule.Opts{}
// adapt options
if secconfig.RuntimeSecurity.IsRuntimeEnabled() {
secmodule.UpdateEventMonitorOpts(&opts, secconfig)
} else {
secmodule.DisableRuntimeSecurity(secconfig)
}
evm, err := eventmonitor.NewEventMonitor(emconfig, secconfig, opts, wmeta)
if err != nil {
log.Errorf("error initializing event monitoring module: %v", err)
return nil, module.ErrNotEnabled
}
if secconfig.RuntimeSecurity.IsRuntimeEnabled() {
cws, err := secmodule.NewCWSConsumer(evm, secconfig.RuntimeSecurity, secmoduleOpts)
if err != nil {
return nil, err
}
evm.RegisterEventConsumer(cws)
log.Info("event monitoring cws consumer initialized")
}
// only add the network consumer if the pkg/network/events
// module was initialized by the network tracer module
// (this will happen only if the network consumer is enabled
// in config and the network tracer module is loaded successfully)
if events.Initialized() {
network, err := events.NewNetworkConsumer(evm)
if err != nil {
return nil, err
}
evm.RegisterEventConsumer(network)
log.Info("event monitoring network consumer initialized")
}
if emconfig.ProcessConsumerEnabled {
process, err := procconsumer.NewProcessConsumer(evm)
if err != nil {
return nil, err
}
evm.RegisterEventConsumer(process)
log.Info("event monitoring process-agent consumer initialized")
}
return evm, err
}