<span class="pill kill-chain">msg</span>
<span class="pill kill-chain">type</span>
<span class="pill kill-chain">msg</span>
<span class="pill kill-chain">argc</span>
</div>
Data Source: Linux Auditd Execve
Description
Logs the execution of processes on a Linux system, including details about the executed command, arguments, and the initiating process.
Details
Property | Value |
---|---|
Source | auditd |
Sourcetype | auditd |
Separator | type |
Supported Apps
- Splunk Add-on for Unix and Linux (version 10.0.0)
Event Fields
Example Log
1type=EXECVE msg=audit(1723044684.257:15795): argc=3 a0="sudo" a1="LD_PRELOAD=./myfopen.so" a2="./prog"
Source: GitHub | Version: 2