socket_events ============= Track network socket opens and closes. Platform support ---------------- Please be aware that some queries can only be run against certain platforms. Below is a list of the supported platforms that this query supports. Zercurity will automatically pause queries from running if errors are detected. **Running a query against an unsupported platform will result in the following error:** ``no such table: socket_events`` - Linux Table schema ------------ ============== ======= =========================================== Name Type Description ============== ======= =========================================== action TEXT The socket action (bind, listen, close) pid BIGINT Process (or thread) ID path TEXT Path of executed file fd TEXT The file description for the process socket auid BIGINT Audit User ID success INTEGER The socket open attempt status family INTEGER The Internet protocol family ID protocol INTEGER The network protocol ID local_address TEXT Local address associated with socket remote_address TEXT Remote address associated with socket local_port INTEGER Local network protocol port number remote_port INTEGER Remote network protocol port number socket TEXT The local path (UNIX domain socket only) time BIGINT Time of execution in UNIX time uptime BIGINT Time of execution in system uptime eid TEXT Event ID ============== ======= =========================================== Query examples -------------- Select all the results for the given table. .. code-block:: sql SELECT * FROM socket_events;