Hilko Bengen

@juju4 ping?

@aderumier I'd like to use the process labels for that. Currently, a key can be turned into a process label (which may then be inherited by the children of the...

Filtering based on process labels has been implemented as of 3ef7c45f08f9cdd132eca6fe58082816b8dab25c by @Hublerho. Closing this issue.

@juju4 Does this help?

I think that the `jq` call does not do what you want. Using it on the sample piece of laurel output from https://github.com/threathunters-io/laurel/blob/master/practical-auditd-problems.md gives us just the `EXECVE` key. Removing...

alright. I'll be doing some remodelling to be able to implement event filtering fieatures, this will allow for some more diagnostics and statistics. In the meantime, here's a stupid idea:...

> also for file integrity monitoring, audispd have nametype with CREATED, DELETED... but laurel output is always NORMAL Not sure what you mean by that, can you provide an example?

Laurel does not do anything specific with the PATH entries that may contain different `nametype` entries. So if you paste the following into its STDIN… ``` type=SYSCALL msg=audit(1633859647.072:120613): arch=c000003e syscall=316...

@juju4 Do you still see problems with missing messages?

@juju4 ping?