user_events
===========

Track user events from the audit framework.

Platform support
----------------
Please be aware that some queries can only be run against certain platforms. Below is a list of the supported platforms that this query supports. Zercurity will automatically pause queries from running if errors are detected. **Running a query against an unsupported platform will result in the following error:** ``no such table: user_events``

- Linux
- Mac OSX

Table schema
------------

========  =======  ===========================================
Name      Type     Description                                
========  =======  ===========================================
uid       BIGINT   User ID                                    
auid      BIGINT   Audit User ID                              
pid       BIGINT   Process (or thread) ID                     
message   TEXT     Message from the event                     
type      INTEGER  The file description for the process socket
path      TEXT     Supplied path from event                   
address   TEXT     The Internet protocol address or family ID 
terminal  TEXT     The network protocol ID                    
time      BIGINT   Time of execution in UNIX time             
uptime    BIGINT   Time of execution in system uptime         
eid       TEXT     Event ID                                   
========  =======  ===========================================

Query examples
--------------

Select all the results for the given table.

.. code-block:: sql

   SELECT * FROM user_events;