LinuxAuditLog

Table attributes

Attribute	Value
Resource types	-
Categories	Security
Solutions	Security, SecurityInsights
Basic log	No
Ingestion-time transformation	Yes
Sample Queries	-

Column	Type	Description
a0	string
a1	string
a2	string
a3	string
a4	string
a5	string
a6	string
a7	string
a8	string
a9	string
acct	string
addr	string
arch	string
argc	long
audit_user	string
AuditID	string
auid	long
_BilledSize	real	The record size in bytes
cmd	string
comm	string
Computer	string
ComputerEnvironment	string
cwd	string
data	string
effective_group	string
effective_user	string
egid	long
euid	long
exe	string
exit	string
ExternalAgentIp	string
family	string
filetype	string
gid	long
group	string
hostname	string
icmptype	string
_IsBillable	string	Specifies whether ingesting the data is billable. When _IsBillable is `false` ingestion isn't billed to your Azure account
key	string
ManagementGroup	string
ManagementGroupName	string
name	string
node	string
op	string
path	string
pid	long
ppid	long
RawRecord	string
RecordType	string
res	string
ResourceId	string
_ResourceId	string	A unique identifier for the resource that the record is associated with
result	string
SerialNumber	string
ses	long
SourceComputerId	string
_SubscriptionId	string	A unique identifier for the subscription that the record is associated with
success	string
syscall	string
terminal	string
TimeGenerated	datetime
TimeUploaded	datetime
tty	string
Type	string	The name of the table
uid	long
user	string
vm	string

Was this page helpful?