mirror of
https://github.com/valitydev/osquery-1.git
synced 2024-11-07 01:55:20 +00:00
25 lines
1.2 KiB
Plaintext
25 lines
1.2 KiB
Plaintext
table_name("socket_events")
|
|
description("Track network socket opens and closes.")
|
|
schema([
|
|
Column("action", TEXT, "The socket action (bind, listen, close)"),
|
|
Column("pid", BIGINT, "Process (or thread) ID"),
|
|
Column("path", TEXT, "Path of executed file"),
|
|
Column("fd", TEXT, "The file description for the process socket"),
|
|
Column("auid", BIGINT, "Audit User ID"),
|
|
Column("success", INTEGER, "The socket open attempt status"),
|
|
Column("family", INTEGER, "The Internet protocol family ID"),
|
|
Column("protocol", INTEGER, "The network protocol ID",
|
|
hidden=True),
|
|
Column("local_address", TEXT, "Local address associated with socket"),
|
|
Column("remote_address", TEXT, "Remote address associated with socket"),
|
|
Column("local_port", INTEGER, "Local network protocol port number"),
|
|
Column("remote_port", INTEGER, "Remote network protocol port number"),
|
|
Column("socket", TEXT, "The local path (UNIX domain socket only)",
|
|
hidden=True),
|
|
Column("time", BIGINT, "Time of execution in UNIX time"),
|
|
Column("uptime", BIGINT, "Time of execution in system uptime"),
|
|
Column("eid", TEXT, "Event ID", hidden=True),
|
|
])
|
|
attributes(event_subscriber=True)
|
|
implementation("socket_events@socket_events::genTable")
|