nogi package

Submodules

nogi.client module

class nogi.client.NogiClient(host='*', port=5556, events=['.'], handler=None)

Bases: object

close()

Closing the client.

handler(event, data)

Defaut event handler.

Display events and arguments onto the stdout.

run()

This method create a zmq subscribe socket that listen for forwarded events.

Received events are filtered to only capture the events specified by user.

nogi.client.client()

Convenience function to launch the Nogi client

Module contents

class nogi.Nogi(host='*', port=5556, handler=None, socket=True, audit=None)

Bases: object

Provides high-level functionality for initialize the event audit.

The Nogi object automatically configure mechanismes that allow enable and disable auditing by sending signals to the process you want to inspect.

By instanciate this class, two kind of signal are binds to the running process. The first one is the SIGUSR1 signal, which is the signal who will trigger the audit. The second one is the SIGUSR2 signal who should be used to disable the running audit.

Nogi allow you to provide a custom event handler. The default event handler trigger a python thread which receive the catched events and then publish them on PUB zmq socket.

By default this socket listen on localhost:5556 and each new intercepted event will be forwarded over it. The event name correspond to the publication topic, allowing users to subscribe only to specific events.

When the audit handler is closed, then the socket is also closed.

Users are allowed to customize the way they want to handle signals and the way they want to catch events.

A convenience socket is provided by default, but this one can be disabled if needed.

For more details about Python audits please take a look at the Audit events table

audit(event, args)

Default audit hook.

This hook puts all received events, and their arguments into a python queue. The default handler will consume the elements puts in that queue.

Warning

Only the thread which instanciate Nogi will be audited. Meaning that if you instanciate Nogi at the beginning of our process then you will surely audit the main python thread, not the events ran in the sub threads you launched.

serve()

Default handler that publish received events on a zmq socket.

When an event is consumed by this handler, it is automatically removed from the queue.

This handler is executed in a dedicated thread to not block the main process.

start(sig, frame)

Starting the audit.

This method is bind on the SIGUSR1, so if this signal is emitted this method will be automatically called and then will ran the audit.

Will using the configured handler and audit hook. If not provided it will start with the default conveniences.

stop(sig, frame)

Stopping the audit.

The SIGUSR2 is bind to this method. If this signal is sent to the process, then this method will be called and so, the audit will be terminated.