Skip to content

Commit 8553d0d

Browse files
wpoely86wpoely86
committed
fix bash history pattern
1 parent 31dc34f commit 8553d0d

File tree

2 files changed

+13
-2
lines changed

2 files changed

+13
-2
lines changed

files/bash

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
BASH_MSG HISTORY: PID=%{INT:pid:int} UID=%{INT:uid:int} %{GREEDYDATA:command}
1+
BASH_MSG HISTORY: PID=%{INT:bash_pid} UID=%{INT:uid} %{GREEDYDATA:command}

tests/data/bash

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,8 +6,19 @@ data = [
66
"@source_host": "master01",
77
"program": "-bash",
88
"uid": 0,
9-
"pid": 23883,
9+
"bash_pid": 23883,
1010
"command": "echo boem",
1111
}
1212
},
13+
{
14+
"raw": "<14>1 2024-12-09T11:18:16.406259+01:00 storctrl02 -bash[1102070]: - -bash: HISTORY: PID=1102070 UID=4005 sudo cat /etc/cron.d/aad-*",
15+
"expected": {
16+
"@source_host": "storctrl02",
17+
"program": "-bash",
18+
"uid": 4005,
19+
"pid": 1102070,
20+
"bash_pid": 1102070,
21+
"command": "sudo cat /etc/cron.d/aad-*",
22+
}
23+
},
1324
]

0 commit comments

Comments
 (0)