Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Script name appears in Exe args #105

Open
dcarolloz opened this issue Jul 4, 2023 · 0 comments
Open

Script name appears in Exe args #105

dcarolloz opened this issue Jul 4, 2023 · 0 comments
Labels
bug Something isn't working

Comments

@dcarolloz
Copy link

Indicate project
libsysflow

Describe the bug
When executing a script, the script name appears in the Exe args field

To reproduce
Steps to reproduce the behavior:

  1. Build and run sf-collector example
  2. Create and run a bash script from terminal

Expected behavior
The script name should appear only in the Exe field (as done with binaries)

Environment (please complete the following information):

  • OS: Ubuntu 20.04.4 LTS
  • kernel: 5.4.0-128-generic
  • SysFlow version: v0.5.1 (from master branch)
  • Configurations (if applicable): eBPF driver

sf-collector example log

****************************************************************
Header: Exporter , IP , File name 
Process: PID 13246 Creation Time, 1688462767702306855, Exe /usr/bin/bash, Exe Args , User Name vagrant, Group Name vagrant, TTY 1
Proc Evt: TID 13246, OpFlags 1, Ret 14128
****************************************************************
****************************************************************
Header: Exporter , IP , File name 
Process: PID 14128 Creation Time, 1688462920057048358, Exe /usr/bin/bash, Exe Args , User Name vagrant, Group Name vagrant, TTY 1
Proc Evt: TID 14128, OpFlags 1, Ret 0
****************************************************************
****************************************************************
Header: Exporter , IP , File name 
Process: PID 14128 Creation Time, 1688462920057048358, Exe /home/vagrant/script.sh, Exe Args ./script.sh, User Name vagrant, Group Name vagrant, TTY 1
Proc Evt: TID 14128, OpFlags 2, Ret 0
****************************************************************
****************************************************************
Header: Exporter , IP , File name 
Process: PID 14128 Creation Time, 1688462920057048358, Exe /home/vagrant/script.sh, Exe Args ./script.sh, User Name vagrant, Group Name vagrant, TTY 1
File: Type 102, Path /etc/ld.so.cache
File Flow: TID 14128, OpFlags: 9344, OpenFlags 4097, FD 3
****************************************************************
@dcarolloz dcarolloz added the bug Something isn't working label Jul 4, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dcarolloz