Why OBJ_PRIME in ausearch CSV format has a dot(.) at the end
Issue
- OBJ_PRIME(/tmp/test/.) in ausearch CSV format has a dot(.) at the end.
[root@vm76 test]# ausearch -m SYSCALL -ts today --format csv --input-logs
NODE,EVENT,DATE,TIME,SERIAL_NUM,EVENT_KIND,SESSION,SUBJ_PRIME,SUBJ_SEC,SUBJ_KIND,ACTION,RESULT,OBJ_PRIME,OBJ_SEC,OBJ_KIND,HOW
,SYSCALL,07/19/2020,10:10:01,138,audit-rule,1,root,root,priviliged-acct,opened-file,success,/tmp/test/.,25782127,file,/usr/bin/ls
,SYSCALL,07/19/2020,10:10:07,140,audit-rule,1,root,root,priviliged-acct,opened-file,success,/tmp/test/.,25782127,file,/usr/bin/find
,SYSCALL,07/19/2020,10:10:07,139,audit-rule,1,root,root,priviliged-acct,opened-file,success,/tmp/test/.,25782127,file,bash
,SYSCALL,07/19/2020,10:10:07,141,audit-rule,1,root,root,priviliged-acct,opened-file,success,/tmp/test/.,25782127,file,/usr/bin/find
Environment
- Red Hat Enterprise Linux 7
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.