Aushape produces garbage as the value of the "vm" field in Docker's VIRT_CONTROL records.
Example input:
type=VIRT_CONTROL msg=audit(1506334818.325:606): pid=1182 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:container_runtime_t:s0 msg='auid=1000 hostname=c3b752d5eceb vm=centos:7 vm-pid=17252 user=jkarasek exe=sleep reason=api op=resize exe="/usr/bin/dockerd-current" hostname=? addr=? terminal=? res=success'
Resulting output:
{
"serial":513,
"time":"2017-09-25T08:59:01.407+02:00",
"data":{
"virt_control":{
"pid":["1182"],
"uid":["root","0"],
"auid":["unset","4294967295"],
"ses":["unset","4294967295"],
"subj":["system_u:system_r:container_runtime_t:s0"],
"op":["resize"],
"vm-pid":["11482"],
"user":["jkarasek"],
"reason":["api"],
"vm":["�"],
"auid":["jkarasek","1000"],
"exe":["sleep"],
"hostname":["a056213011e5"],
"exe":["/usr/bin/dockerd-current"],
"hostname":["?"],
"addr":["?"],
"terminal":["?"],
"res":["success"]
}
}
}
Aushape produces garbage as the value of the "vm" field in Docker's VIRT_CONTROL records.
Example input:
Resulting output:
{ "serial":513, "time":"2017-09-25T08:59:01.407+02:00", "data":{ "virt_control":{ "pid":["1182"], "uid":["root","0"], "auid":["unset","4294967295"], "ses":["unset","4294967295"], "subj":["system_u:system_r:container_runtime_t:s0"], "op":["resize"], "vm-pid":["11482"], "user":["jkarasek"], "reason":["api"], "vm":["�"], "auid":["jkarasek","1000"], "exe":["sleep"], "hostname":["a056213011e5"], "exe":["/usr/bin/dockerd-current"], "hostname":["?"], "addr":["?"], "terminal":["?"], "res":["success"] } } }