Track user events from the audit framework.
Please be aware that some queries can only be run against certain platforms. Below is a list of the supported platforms that this query supports. Zercurity will automatically pause queries from running if errors are detected. Running a query against an unsupported platform will result in the following error:
no such table: user_events
- Mac OSX
|auid||BIGINT||Audit User ID|
|pid||BIGINT||Process (or thread) ID|
|message||TEXT||Message from the event|
|type||INTEGER||The file description for the process socket|
|path||TEXT||Supplied path from event|
|address||TEXT||The Internet protocol address or family ID|
|terminal||TEXT||The network protocol ID|
|time||BIGINT||Time of execution in UNIX time|
|uptime||BIGINT||Time of execution in system uptime|
Select all the results for the given table.
SELECT * FROM user_events;