Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Eventing framework refactor #6610

Merged
merged 6 commits into from
Dec 18, 2020
Merged

Eventing framework refactor #6610

merged 6 commits into from
Dec 18, 2020

Conversation

alessandrogario
Copy link
Member

@alessandrogario alessandrogario commented Aug 25, 2020
edited by mike-myers-tob
Loading

This patch aims to move the event indexes outside the database to reduce the disk activity required to capture/evict/expire/return events.

A refactor has also taken place so that tests for this part of the code can be rewritten and improved to make sure regressions are not introduced.

Requires: #6732 (which is now done)

@alessandrogario alessandrogario added the events Related to osquery's evented tables or eventing subsystem label Aug 25, 2020
@alessandrogario alessandrogario force-pushed the alessandro/misc/eventing-framework-refactor branch from 648e889 to 0a45e69 Compare August 25, 2020 16:15
@alessandrogario alessandrogario force-pushed the alessandro/misc/eventing-framework-refactor branch 4 times, most recently from 589b974 to 88755c3 Compare October 10, 2020 09:17
@alessandrogario alessandrogario force-pushed the alessandro/misc/eventing-framework-refactor branch 9 times, most recently from 334ae14 to 85b1460 Compare October 27, 2020 21:02
@alessandrogario alessandrogario marked this pull request as ready for review October 27, 2020 22:17
@alessandrogario alessandrogario force-pushed the alessandro/misc/eventing-framework-refactor branch 4 times, most recently from 03c047c to 48446fe Compare October 29, 2020 15:44
@alessandrogario alessandrogario added the ready for review Pull requests that are ready to be reviewed by a maintainer label Oct 29, 2020
@alessandrogario alessandrogario force-pushed the alessandro/misc/eventing-framework-refactor branch from 48446fe to a1ba8da Compare November 19, 2020 18:36
@Smjert Smjert closed this Nov 21, 2020
@Smjert Smjert reopened this Nov 21, 2020
@alessandrogario alessandrogario force-pushed the alessandro/misc/eventing-framework-refactor branch from a1ba8da to eefc466 Compare November 23, 2020 21:20
theopolis
theopolis requested changes Dec 5, 2020
View reviewed changes
Copy link
Member

@theopolis theopolis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for doing all of this work. I left some notes in code that you may just be moving around. I think it's fine to leave it be if you want and we can follow up and fix in another diff.

osquery/core/init.cpp Outdated Show resolved Hide resolved
osquery/events/eventfactory.cpp Outdated Show resolved Hide resolved
osquery/events/eventfactory.cpp Show resolved Hide resolved
osquery/events/eventfactory.cpp Show resolved Hide resolved
osquery/events/eventfactory.cpp Outdated Show resolved Hide resolved
osquery/events/eventfactory.h Outdated Show resolved Hide resolved
osquery/events/eventpublisherplugin.cpp Outdated Show resolved Hide resolved
osquery/events/tests/eventsubscriberplugin.cpp Show resolved Hide resolved
osquery/events/types.h Show resolved Hide resolved
@alessandrogario alessandrogario force-pushed the alessandro/misc/eventing-framework-refactor branch 4 times, most recently from a91d4c7 to d212293 Compare December 10, 2020 21:00
@alessandrogario alessandrogario force-pushed the alessandro/misc/eventing-framework-refactor branch from d212293 to 4616948 Compare December 10, 2020 21:22
theopolis
theopolis requested changes Dec 13, 2020
View reviewed changes
osquery/events/eventsubscriberplugin.h
[[deprecated("Group events together and use addBatch() instead.")]]
// clang-format on
Status
add(const Row& r);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nitpick, remove the newline within the function signature

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tried to remove this newline but clang-format/make format will restore it, probably due to how the [[deprecated]] tag is handled

osquery/events/eventpublisherplugin.cpp Outdated Show resolved Hide resolved
@alessandrogario alessandrogario force-pushed the alessandro/misc/eventing-framework-refactor branch from 4616948 to 53281b3 Compare December 14, 2020 11:55
@theopolis theopolis merged commit cfabaa9 into osquery:master Dec 18, 2020
@mike-myers-tob mike-myers-tob deleted the alessandro/misc/eventing-framework-refactor branch December 18, 2020 06:56
@mike-myers-tob mike-myers-tob removed the ready for review Pull requests that are ready to be reviewed by a maintainer label Dec 18, 2020
@mike-myers-tob mike-myers-tob mentioned this pull request Jan 5, 2021
Closed
@mike-myers-tob mike-myers-tob mentioned this pull request Sep 7, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@theopolis theopolis theopolis approved these changes

Assignees
No one assigned
Labels
events Related to osquery's evented tables or eventing subsystem
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@alessandrogario @theopolis @Smjert @mike-myers-tob