Audit log decode
khalid fahad
kfgm2001 at gmail.com
Tue Sep 11 12:14:05 UTC 2018
Hi,
I need help to decode the following records in audit.log. Thanks
type=PROCTITLE msg=audit(100000000.000:000): proctitle=726D002F7661722F6C6F672F736563757265
type=PATH msg=audit(100000000.000:000): item=1 name="/var/log/secure" inode=34679270 dev=fd:00 mode=0100600 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:var_log_t:s0 objtype=DELETE
type=PATH msg=audit(100000000.000:000): item=0 name="/var/log/" inode=33586091 dev=fd:00 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=system_u:object_r:var_log_t:s0 objtype=PARENT
type=CWD msg=audit(100000000.000:000): cwd="/home/adminuser"
type=SYSCALL msg=audit(100000000.000:000): arch=c000003e syscall=263 success=no exit=-13 a0=ffffffffffffff9c a1=b830c0 a2=0 a3=7ffc9bd9d600 items=2 ppid=3493 pid=35055 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts2 ses=1 comm="rm" exe="/usr/bin/rm" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key="secure_log"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20180911/187395bc/attachment.htm>
More information about the Linux-audit
mailing list