Track user events from the audit framework.

Platform support

Please be aware that some queries can only be run against certain platforms. Below is a list of the supported platforms that this query supports. Zercurity will automatically pause queries from running if errors are detected. Running a query against an unsupported platform will result in the following error: no such table: user_events

  • Linux
  • Mac OSX

Table schema

Name Type Description
uid BIGINT User ID
auid BIGINT Audit User ID
pid BIGINT Process (or thread) ID
message TEXT Message from the event
type INTEGER The file description for the process socket
path TEXT Supplied path from event
address TEXT The Internet protocol address or family ID
terminal TEXT The network protocol ID
time BIGINT Time of execution in UNIX time
uptime BIGINT Time of execution in system uptime
eid TEXT Event ID

Query examples

Select all the results for the given table.

SELECT * FROM user_events;