Problems with command args
Jure Simsic
jure.simsic at gmail.com
Thu Sep 16 07:46:40 UTC 2010
Hi
I need to audit some specific commands which have the following form
cmd -arg1 -arg2 -query 'some query("args")'
In audit log I get a record like:
type=EXECVE msg=audit(1282117611.037:27469599): argv[0]="cmd" argv[1]="-arg1"
argv[2]="-arg2" argv[3]="-query"
argv[4]=737472626567696E73287468726561645F69642C227468726561645F69643D32333639383932662229
Now, I'd really need to get the last query argument in an understandable
form. Is this possible or is this the way it is and I can't do it?
Thanks
Jure
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20100916/f94db964/attachment.htm>
More information about the Linux-audit
mailing list