Attention
Zercurity has been acquired by JumpCloud.
This documentation will no longer be maintained or updated. You can read more about the acquisition, or signup to JumpCloud today.
user_events¶
Track user events from the audit framework.
Platform support¶
Please be aware that some queries can only be run against certain platforms. Below is a list of the supported platforms that this query supports. Zercurity will automatically pause queries from running if errors are detected. Running a query against an unsupported platform will result in the following error: no such table: user_events
- Linux
- Mac OSX
Table schema¶
Name | Type | Description |
---|---|---|
uid | BIGINT | User ID |
auid | BIGINT | Audit User ID |
pid | BIGINT | Process (or thread) ID |
message | TEXT | Message from the event |
type | INTEGER | The file description for the process socket |
path | TEXT | Supplied path from event |
address | TEXT | The Internet protocol address or family ID |
terminal | TEXT | The network protocol ID |
time | BIGINT | Time of execution in UNIX time |
uptime | BIGINT | Time of execution in system uptime |
eid | TEXT | Event ID |