auditing-warroom
  • Natalia King

    Natalia King

    03/07/2019, 4:22 AM
    Hi guys 👋 saw this ticket https://github.com/facebook/osquery/issues/3740 i am wondering if this feature is still work-in-progress :meep_thinking: i am not getting any
    selinux_events
    even tho flag
    --audit_allow_selinux_events
    (for context, other queries like
    socket_events
    ,
    process_events
    work as expected.
  • Natalia King

    Natalia King

    03/07/2019, 6:59 PM
    Malformed syscall event. The saddr field in the AUDIT_SOCKADDR record could not be parsed: "00000000000000000000000000000000"