- https://github.com/slackhq/go-audit
go build
- 读取所有的日志父子进程都输出
- 参考所有的类型有 linux/audit.h
def print_tree(process, depth=0, prefix=" "):
if depth == 0:
print("┬─" + str(process))
else:
print(prefix[:-3] + "├─ " + str(process))
if len(process.children) > 0:
prefix += "│ "
else:
prefix += " "
for i, child in enumerate(process.children):
if i == len(process.children) - 1:
print_tree(child, depth + 1, prefix[:-3] + "└─ ")
else:
print_tree(child, depth + 1, prefix)
