process_events ============== Track time/action process executions. Platform support ---------------- Please be aware that some queries can only be run against certain platforms. Below is a list of the supported platforms that this query supports. Zercurity will automatically pause queries from running if errors are detected. **Running a query against an unsupported platform will result in the following error:** ``no such table: process_events`` - Linux - Mac OSX Table schema ------------ ============ ====== ==================================================== Name Type Description ============ ====== ==================================================== pid BIGINT Process (or thread) ID path TEXT Path of executed file mode TEXT File mode permissions cmdline TEXT Command line arguments (argv) cmdline_size BIGINT Actual size (bytes) of command line arguments env TEXT Environment variables delimited by spaces env_count BIGINT Number of environment variables env_size BIGINT Actual size (bytes) of environment list cwd TEXT The process current working directory auid BIGINT Audit User ID at process start uid BIGINT User ID at process start euid BIGINT Effective user ID at process start gid BIGINT Group ID at process start egid BIGINT Effective group ID at process start owner_uid BIGINT File owner user ID owner_gid BIGINT File owner group ID atime BIGINT File last access in UNIX time mtime BIGINT File modification in UNIX time ctime BIGINT File last metadata change in UNIX time btime BIGINT File creation in UNIX time overflows TEXT List of structures that overflowed parent BIGINT Process parent's PID, or -1 if cannot be determined. time BIGINT Time of execution in UNIX time uptime BIGINT Time of execution in system uptime eid TEXT Event ID status BIGINT OpenBSM Attribute: Status of the process ============ ====== ==================================================== Query examples -------------- Select all the results for the given table. .. code-block:: sql SELECT * FROM process_events;