Data Source: Linux Auditd Execve

Description

Data source object for Linux Auditd Execve Type

Details

Property Value
Source /var/log/audit/audit.log
Sourcetype linux:audit

Supported Apps

Event Fields

+ Fields
  <span class="pill kill-chain">msg</span>
  
  <span class="pill kill-chain">type</span>
  
  <span class="pill kill-chain">msg</span>
  
  <span class="pill kill-chain">argc</span>
  
</div>

Example Log

1type=EXECVE msg=audit(1723044684.257:15795): argc=3 a0="sudo" a1="LD_PRELOAD=./myfopen.so" a2="./prog"

Source: GitHub | Version: 1