Data Source: Linux Auditd Proctitle

Date: 2025-02-20

ID: 5a25984a-2789-400a-858b-d75c923e06b1

Author: Teoderick Contreras, Splunk

Description

Logs the full command-line arguments of a process execution on a Linux system, providing visibility into the executed command and its parameters.

Details

Property	Value
Source	`auditd`
Sourcetype	`auditd`
Separator	type

Supported Apps

Splunk Add-on for Unix and Linux (version 10.0.0)

Event Fields

+ Fields

  <span class="pill kill-chain">proctitle</span>
  
  <span class="pill kill-chain">msg</span>
  
  <span class="pill kill-chain">type</span>
  
</div>

Example Log

1type=PROCTITLE msg=audit(1722944427.844:4146): proctitle=63686D6F640037373700312E7368

Source: GitHub | Version: 2