2015-06-30 21:20:04 +00:00
|
|
|
table_name("process_events")
|
|
|
|
|
description("Track time/action process executions.")
|
|
|
|
|
schema([
|
2015-07-30 23:05:11 +00:00
|
|
|
Column("pid", BIGINT, "Process (or thread) ID"),
|
|
|
|
|
Column("path", TEXT, "Path of executed file"),
|
|
|
|
|
Column("mode", BIGINT, "File mode permissions"),
|
|
|
|
|
Column("cmdline", TEXT, "Command line arguments (argv)"),
|
|
|
|
|
Column("cmdline_size", BIGINT, "Actual size (bytes) of command line arguments"),
|
|
|
|
|
Column("environment", TEXT, "Environment variables delimited by spaces"),
|
|
|
|
|
Column("environment_count", BIGINT, "Number of environment variables"),
|
|
|
|
|
Column("environment_size", BIGINT, "Actual size (bytes) of environment list"),
|
|
|
|
|
Column("uid", BIGINT, "User ID at process start"),
|
|
|
|
|
Column("euid", BIGINT, "Effective user ID at process start"),
|
|
|
|
|
Column("gid", BIGINT, "Group ID at process start"),
|
|
|
|
|
Column("egid", BIGINT, "Effective group ID at process start"),
|
|
|
|
|
Column("owner_uid", BIGINT, "File owner user ID"),
|
|
|
|
|
Column("owner_gid", BIGINT, "File owner group ID"),
|
|
|
|
|
Column("create_time", BIGINT, "File creation in UNIX time"),
|
|
|
|
|
Column("access_time", BIGINT, "File last access in UNIX time"),
|
|
|
|
|
Column("modify_time", BIGINT, "File modification in UNIX time"),
|
|
|
|
|
Column("change_time", BIGINT, "File last metadata change in UNIX time"),
|
|
|
|
|
Column("overflows", TEXT, "List of structures that overflowed"),
|
|
|
|
|
Column("parent", BIGINT, "Process parent's PID"),
|
|
|
|
|
Column("time", BIGINT, "Time of execution in UNIX time"),
|
|
|
|
|
Column("uptime", BIGINT, "Time of execution in system uptime"),
|
2015-06-30 21:20:04 +00:00
|
|
|
])
|
|
|
|
|
attributes(event_subscriber=True)
|
|
|
|
|
implementation("process_events@process_events::genTable")
|
