On Tuesday, October 18, 2016 4:59:58 PM EDT Nil . wrote:
> Hi, i would like to know if it is possible to log the parameters that a
> command get's passed on,
> i.e in the command ' ls -la', the logs only show comm="ls" and i would like
> to have the full comm="ls -la".
> is it possible anyhow using audit logs? do you know any other way to log
> those parameters?
These are captured in the PROCTITLE record of the event. If you do not have
that record attached to events, then you need a newer or patched kernel. So,
you should have it on a recent kernel.
Linux-audit mailing list