NAME

quark_event_dump — dump a quark_event to a FILE

SYNOPSIS

#include <quark.h>

int
quark_event_dump(struct quark_event *qev, FILE *file);

DESCRIPTION

quark_event_dump dumps a human readable format of the event pointed to by qev to the file specified in file.

OUTPUT EXAMPLE

->818621 (FORK+EXEC+EXIT)
  COMM  comm=git
  CMDL  cmdline=[ /usr/bin/git, --no-pager, ls-tree, --name-only, -z, HEAD, --, quark_event_dump.3 ]
  PROC  ppid=5082
  PROC  uid=1000 gid=1000 suid=1000 sgid=1000 euid=1000 egid=1000
  PROC  cap_inheritable=0x0 cap_permitted=0x0 cap_effective=0x0
  PROC  cap_bset=0x1ffffffffff cap_ambient=0x0
  PROC  time_boot=1712219191035753014
  CWD   cwd=/home/haesbaert
  FILE  filename=/usr/bin/git
  EXIT  exit_code=0 exit_time=72031260061483

FORMAT

The number 818621 after the -> is the pid of the originating process. The string (FORK+EXEC+EXIT) describes what is aggregated in this specific event. The following fields contain all the data we know about pid 818621, which originates both from this event, and whatever has been learned before and is cached.

The first column of the subsequent lines is a description of the flag from where the fields in the second column originates from. For example PROC is QUARK_F_PROC and produces the fields ppid, uid, gid, suid ...

RETURN VALUES

Zero on success, -1 in error from fwrite(3).

SEE ALSO

quark_process_lookup(3), quark_queue_block(3), quark_queue_close(3), quark_queue_default_attr(3), quark_queue_get_epollfd(3), quark_queue_get_events(3), quark_queue_get_stats(3), quark_queue_open(3), quark(7), quark-btf(8), quark-mon(8)