Module kmsg 

Kernel message ring buffer extraction.

Reads the kernel log (printk) ring buffer from __log_buf and log_buf_len. Each record uses the kernel 3.x+ printk_log format. Suspicious messages (rootkit indicators, kernel oops) are flagged.

Re-exports

pub use crate::heuristics::classify_kmsg;

Structs

KmsgEntry

A single kernel log record.

Functions

parse_printk_record

Parse raw printk_log record bytes into a KmsgEntry.

walk_kmsg

Walk the kernel log ring buffer and return parsed entries.