mirror of
https://github.com/valitydev/osquery-1.git
synced 2024-11-08 10:23:54 +00:00
16 lines
715 B
Plaintext
16 lines
715 B
Plaintext
table_name("user_events")
|
|
description("Track user events from the audit framework.")
|
|
schema([
|
|
Column("uid", BIGINT, "User ID"),
|
|
Column("pid", BIGINT, "Process (or thread) ID"),
|
|
Column("message", TEXT, "Path of executed file"),
|
|
Column("type", INTEGER, "The file description for the process socket"),
|
|
Column("path", TEXT, "The socket open attempt status"),
|
|
Column("address", TEXT, "The Internet protocol family ID"),
|
|
Column("terminal", TEXT, "The network protocol ID"),
|
|
Column("time", BIGINT, "Time of execution in UNIX time"),
|
|
Column("uptime", BIGINT, "Time of execution in system uptime"),
|
|
])
|
|
attributes(event_subscriber=True)
|
|
implementation("user_events@user_events::genTable")
|