Created
November 5, 2013 12:14
-
-
Save diyan/7318186 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# nxlog script that converts uid, gid into username and group name | |
#$id = getpwnam($name); | |
#$name = getpwuid($num); | |
#$name = getpwent(); | |
#$gid = getgrnam($name); | |
#$name = getgrgid($num; | |
#$name = getgrent(); | |
my %user_names = (); | |
# Get $log_message value from Nxlog API | |
my $log_message = "type=SYSCALL msg=audit(1383648649.052:13644): arch=c000003e syscall=59 success=yes exit=0 a0=20f12e0 a1=7fff03cd60c0 a2=20f1310 a3=7fff03cd7ee0 items=2 ppid=835 pid=17726 auid=33"; | |
$log_message =~ /auid=(?<auid>\d+)/; | |
my $user_id = $+{auid}; | |
my $user_name = $user_names{$user_id}; | |
if (!$user_name) { | |
print "user not found\n"; | |
$user_name = getpwuid($user_id); | |
$user_names{$user_id} = $user_name; | |
} | |
# Iterate over the fields | |
#foreach my $field_name ( @{Log::Nxlog::field_names($event)} ) { | |
# print "Nxlog field_name", $field_name, "\n"; | |
#} | |
if ($user_name) { | |
print "user found - ", $user_name, "\n"; | |
} | |
else { | |
print "user not found\n"; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment