what is the mapping relation between evt.type and evt.category?

draios / sysdig

Linux system exploration and troubleshooting tool with first class support for containers

http://www.sysdig.com/

Other

7.72k stars 726 forks source link

what is the mapping relation between evt.type and evt.category? #1989

Closed zhang-xh95 closed 1 year ago

zhang-xh95 commented 1 year ago

Execuse me. I'm wondering the excat mapping relation between evt.type and evt.category. Is there any config file or docs define the relation?

therealbobo commented 1 year ago

Hi @zhang-xh95! The event type is syscall name itself; meanwhile the category are just groups of syscall. To find out in which group is a syscall you can take a look here in the event table. Do you think that this should be documented in some way?

zhang-xh95 commented 1 year ago

Thanks very much for your help. In my opinion, It would be better if the event table relation link can be provided in the docs.

therealbobo commented 1 year ago

If you want you could open an issue (and maybe contribute 😄) to libs to bring up this topic with the maintainers!