ycao

@christian-2 Thanks for the tutorial, this is definitely a good start. A bash script works, but I have some concerns for putting this into the real world, it may not...

@christian-2 Is that the right link? I don't see things related to the gRPC client.

As an industry experience, especially for security and observability perspectives; I mentioned this in my original request too https://github.com/cilium/tetragon/issues/2015. It will be very helpful if tetragon agent can provide a...

thanks @christian-2 . Totally agreed that: `UPDATE On reflection, it's perhaps too strong an assumption (even for Linux alone) that /etc/passwd always "owns" usernames. Clearly e.g. PAM allows for different...

According to here https://www.reddit.com/r/redhat/s/OyQGjPd4PF, that means the `auid` is `unset` if it's `4294967295`. So the real problem is that why `auid` is unset?

Hey @tixxdz, thanks for sharing! Quick question, does the `auid` ever work for you? Was it able to correctly show the real login users in some cases?

Thank you both. I am opening this mostly for user experience, for security perspective, the username means a lot. If tetragon has such, I am pretty sure it will kill...

@christian-2 yes, looks good to me!

Closing this, since https://github.com/cilium/tetragon/issues/2030 has been opened.