pengutils.events.types module¶
Event Types¶
This module defines the main event types for the penguin event database, each as a subclass of Event. These types represent different kinds of system events (read, write, syscall, exec) and are mapped to corresponding tables in the database using SQLAlchemy ORM.
Example usage¶
from pengutils.events.types import Read, Write, Syscall, Exec
Classes¶
Read: Represents a file read event.
Write: Represents a file write event.
Syscall: Represents a syscall event with arguments and return value.
Exec: Represents an exec event (process execution).
Each class provides a __str__ method for human-readable representation.
Table Structure¶
Each event type is mapped to its own table and linked to the base event table via a foreign key.
- class pengutils.events.types.Exec(**kwargs)[source]¶
Bases:
EventExec Event¶
Represents a process execution (exec) event.
Attributes¶
- idint
Primary key, foreign key to event.id.
- calltreestr
Call tree information.
- argcstr
Argument count.
- argvstr
Argument values.
- envpstr
Environment variables.
- euidint
Effective user ID.
- egidint
Effective group ID.
- argc: Mapped[str]¶
- argv: Mapped[str]¶
- calltree: Mapped[str]¶
- egid: Mapped[int]¶
- envp: Mapped[str]¶
- euid: Mapped[int]¶
- id: Mapped[int]¶
- proc_id: Mapped[int]¶
- procname: Mapped[str]¶
- type: Mapped[str]¶
- class pengutils.events.types.Read(**kwargs)[source]¶
Bases:
EventRead Event¶
Represents a file read event.
Attributes¶
- idint
Primary key, foreign key to event.id.
- fdint
File descriptor read from.
- fnamestr
Name of the file read.
- bufferOptional[bytes]
Contents read from the file.
- buffer: Mapped[bytes | None]¶
- fd: Mapped[int]¶
- fname: Mapped[str]¶
- id: Mapped[int]¶
- proc_id: Mapped[int]¶
- procname: Mapped[str]¶
- type: Mapped[str]¶
- class pengutils.events.types.Syscall(**kwargs)[source]¶
Bases:
EventSyscall Event¶
Represents a syscall event, including arguments and return value.
Attributes¶
- idint
Primary key, foreign key to event.id.
- namestr
Name of the syscall.
- retnoOptional[int]
Return value of the syscall.
- retno_reprOptional[str]
String representation of the return value.
- arg0-arg5Optional[int]
Argument values.
- arg0_repr-arg5_reprOptional[str]
String representations of arguments.
- arg0: Mapped[int | None]¶
- arg0_repr: Mapped[str | None]¶
- arg1: Mapped[int | None]¶
- arg1_repr: Mapped[str | None]¶
- arg2: Mapped[int | None]¶
- arg2_repr: Mapped[str | None]¶
- arg3: Mapped[int | None]¶
- arg3_repr: Mapped[str | None]¶
- arg4: Mapped[int | None]¶
- arg4_repr: Mapped[str | None]¶
- arg5: Mapped[int | None]¶
- arg5_repr: Mapped[str | None]¶
- id: Mapped[int]¶
- name: Mapped[str]¶
- proc_id: Mapped[int]¶
- procname: Mapped[str]¶
- retno: Mapped[int | None]¶
- retno_repr: Mapped[str | None]¶
- type: Mapped[str]¶
- class pengutils.events.types.Write(**kwargs)[source]¶
Bases:
EventWrite Event¶
Represents a file write event.
Attributes¶
- idint
Primary key, foreign key to event.id.
- fdint
File descriptor written to.
- fnameOptional[str]
Name of the file written.
- bufferOptional[bytes]
Contents written to the file.
- buffer: Mapped[bytes | None]¶
- fd: Mapped[int]¶
- fname: Mapped[str | None]¶
- id: Mapped[int]¶
- proc_id: Mapped[int]¶
- procname: Mapped[str]¶
- type: Mapped[str]¶