I had the next events examples:
2019-09-16T13:27:10.169107+02:00 koopa.browser.local node= koopa.browser.local type=EXECVE msg=audit(15687332450.174:771277): argc=2 a0="cat" a1="/proc/cmdline"
2019-09-16T13:27:10.169107+02:00 koopa.browser.local node= koopa.browser.local type=EXECVE msg=audit(15687123450.174:123277): argc=3 a0="/bin/systemctl" a1="status" a2="ntpd.service"
I need to concatenate de fields a0, a1, a2, a3... etc, but it isn't a fixed number of fields. Can I concatenate a variable number of fields defined by argc field?
Thanks!!
↧