Quoted argument not listed
Jure Simsic
jure.simsic at gmail.com
Thu Aug 19 10:54:23 UTC 2010
Hi
I have a case where I need to audit some command which goes like:
cmd -a foo -b -c -query 'some query'
What I get in the audit log is:
type=EXECVE msg=audit(1282117611.037:27469599): argv[0]="cmd" argv[1]="-a"
argv[2]="foo" argv[3]="-b" argv[4]="-c" argv[5]="-query"
argv[6]=737472626567696E73287468726561645F69642C227468726561645F69643D32333639383932662229
The argv[6] is even sometimes like 'arg,"id=123"' , I guess that doesn't
make much difference..
Is there any way to catch the quoted argument as it is and not as an
interesting longstring?
Tnx
Jure
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20100819/2839ebe2/attachment.htm>
More information about the Linux-audit
mailing list