From mboxrd@z Thu Jan  1 00:00:00 1970
From: Tim Galyean <tgalyean@splunk.com>
Subject: Auditd SYSCALL argument decoding
Date: Tue, 19 Nov 2019 17:24:21 +0000
Message-ID: <2B96DB9C-982F-4B8D-94A9-AC08073A55E3@splunk.com>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="===============2593094206791641088=="
Return-path: <linux-audit-bounces@redhat.com>
Received: from mimecast-mx02.redhat.com
	(mimecast04.extmail.prod.ext.rdu2.redhat.com [10.11.55.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 105022022EB3
	for <linux-audit@redhat.com>; Tue, 19 Nov 2019 17:27:47 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.81])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id E6293101A55E
	for <linux-audit@redhat.com>; Tue, 19 Nov 2019 17:27:46 +0000 (UTC)
Content-Language: en-US
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: "linux-audit@redhat.com" <linux-audit@redhat.com>
List-Id: linux-audit@redhat.com

--===============2593094206791641088==
Content-Language: en-US
Content-Type: multipart/alternative;
	boundary="_000_2B96DB9C982F4B8D94A9AC08073A55E3splunkcom_"

--_000_2B96DB9C982F4B8D94A9AC08073A55E3splunkcom_
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: base64

SGVsbG8sDQoNCkFzIEkgdW5kZXJzdGFuZCBpdCwgbG9uZyB2YWx1ZXMgcmVjb3JkZWQgYnkgYXVk
aXRkIGFyZSBzdG9yZWQgYXMgaGV4IGVuY29kZWQgc3RyaW5ncy4gSG93ZXZlciwgd2hlbiBJIGF0
dGVtcHQgdG8gZGVjb2RlIGFyZ3VtZW50cyBzdWNoIGFzIGEwIG9yIGExIGluIFNZU0NBTEwgZXZl
bnRzLCB0aGV5IGFyZSBkZWNvZGVkIGludG8gc3BlY2lhbCBjaGFyYWN0ZXJzIGluc3RlYWQgb2Yg
QVNDSUkuIEFyZSB0aGVzZSB2YWx1ZXMgZW5jb2RlZCBkaWZmZXJlbnRseSB0aGFuIFBST0NUSVRM
RSBldmVudHM/DQoNCkJlbG93IGlzIGFuIGV4YW1wbGUgbG9nIGxpbmU6DQoNCnR5cGU9U1lTQ0FM
TCBtc2c9YXVkaXQoMTU3NDE4MjA5OS41NTk6MjAwMik6IGFyY2g9YzAwMDAwM2Ugc3lzY2FsbD01
OSBzdWNjZXNzPXllcyBleGl0PTAgYTA9NTVkZjMzMGEzYzEwIGExPTU1ZGYzMzBhM2M3OCBhMj01
NWRmMzMwYTNjOTAgYTM9MCBpdGVtcz0zIHBwaWQ9Mjk2NjQgcGlkPTI5Njc4IGF1aWQ9MTE3MSB1
aWQ9MCBnaWQ9MCBldWlkPTAgc3VpZD0wIGZzdWlkPTAgZWdpZD0wIHNnaWQ9MCBmc2dpZD0wIHR0
eT0obm9uZSkgc2VzPTE3MCBjb21tPSJhcHQtY2hlY2siIGV4ZT0iL3Vzci9iaW4vcHl0aG9uMy41
IiBrZXk9InJvb3RjbWQiDQoNCkluIHRoaXMgZXhhbXBsZSwgSSBhbSBsb29raW5nIHRvIGRlY29k
ZSBhMCwgYTEsIGFuZCBhMi4gWWVzLCBpdCBzZWVtcyB0aGF0IGF1c2VhcmNoIGNhbiBkZWNvZGUg
dGhlc2UgdmFsdWVzLiBIb3dldmVyLCBJIGFtIGxvb2tpbmcgdG8gZGVjb2RlIHRoZW0gdmlhIFNw
bHVuay4gV2hhdCBmb3JtYXQgYXJlIHRoZXNlIHN0cmluZ3MgZW5jb2RlZCBpbiBhbmQgaXMgdGhl
cmUgYSB3YXkgdG8gZGVjb2RlIHRoZXNlIHZhbHVlcyBpbiBhbnkgb3RoZXIgd2F5IG90aGVyIHRo
YW4gYnkgdXNpbmcgYXVzZWFyY2g/DQo=
--_000_2B96DB9C982F4B8D94A9AC08073A55E3splunkcom_
Content-Type: text/html; charset=UTF-8
Content-ID: <F3B7C98A379C7F4C897C378E6A0C200B@pexch111.serverpod.net>
Content-Transfer-Encoding: base64

PGh0bWwgeG1sbnM6bz0idXJuOnNjaGVtYXMtbWljcm9zb2Z0LWNvbTpvZmZpY2U6b2ZmaWNlIiB4
bWxuczp3PSJ1cm46c2NoZW1hcy1taWNyb3NvZnQtY29tOm9mZmljZTp3b3JkIiB4bWxuczptPSJo
dHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL29mZmljZS8yMDA0LzEyL29tbWwiIHhtbG5zPSJo
dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwIj4NCjxoZWFkPg0KPG1ldGEgaHR0cC1lcXVp
dj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0L2h0bWw7IGNoYXJzZXQ9dXRmLTgiPg0KPG1l
dGEgbmFtZT0iR2VuZXJhdG9yIiBjb250ZW50PSJNaWNyb3NvZnQgV29yZCAxNSAoZmlsdGVyZWQg
bWVkaXVtKSI+DQo8c3R5bGU+PCEtLQ0KLyogRm9udCBEZWZpbml0aW9ucyAqLw0KQGZvbnQtZmFj
ZQ0KCXtmb250LWZhbWlseToiQ2FtYnJpYSBNYXRoIjsNCglwYW5vc2UtMToyIDQgNSAzIDUgNCA2
IDMgMiA0O30NCkBmb250LWZhY2UNCgl7Zm9udC1mYW1pbHk6Q2FsaWJyaTsNCglwYW5vc2UtMToy
IDE1IDUgMiAyIDIgNCAzIDIgNDt9DQovKiBTdHlsZSBEZWZpbml0aW9ucyAqLw0KcC5Nc29Ob3Jt
YWwsIGxpLk1zb05vcm1hbCwgZGl2Lk1zb05vcm1hbA0KCXttYXJnaW46MGluOw0KCW1hcmdpbi1i
b3R0b206LjAwMDFwdDsNCglmb250LXNpemU6MTIuMHB0Ow0KCWZvbnQtZmFtaWx5OiJDYWxpYnJp
IixzYW5zLXNlcmlmO30NCmE6bGluaywgc3Bhbi5Nc29IeXBlcmxpbmsNCgl7bXNvLXN0eWxlLXBy
aW9yaXR5Ojk5Ow0KCWNvbG9yOiMwNTYzQzE7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9
DQphOnZpc2l0ZWQsIHNwYW4uTXNvSHlwZXJsaW5rRm9sbG93ZWQNCgl7bXNvLXN0eWxlLXByaW9y
aXR5Ojk5Ow0KCWNvbG9yOiM5NTRGNzI7DQoJdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTt9DQpz
cGFuLkVtYWlsU3R5bGUxNw0KCXttc28tc3R5bGUtdHlwZTpwZXJzb25hbC1jb21wb3NlOw0KCWZv
bnQtZmFtaWx5OiJDYWxpYnJpIixzYW5zLXNlcmlmOw0KCWNvbG9yOndpbmRvd3RleHQ7fQ0KLk1z
b0NocERlZmF1bHQNCgl7bXNvLXN0eWxlLXR5cGU6ZXhwb3J0LW9ubHk7DQoJZm9udC1mYW1pbHk6
IkNhbGlicmkiLHNhbnMtc2VyaWY7fQ0KQHBhZ2UgV29yZFNlY3Rpb24xDQoJe3NpemU6OC41aW4g
MTEuMGluOw0KCW1hcmdpbjoxLjBpbiAxLjBpbiAxLjBpbiAxLjBpbjt9DQpkaXYuV29yZFNlY3Rp
b24xDQoJe3BhZ2U6V29yZFNlY3Rpb24xO30NCi0tPjwvc3R5bGU+DQo8L2hlYWQ+DQo8Ym9keSBs
YW5nPSJFTi1VUyIgbGluaz0iIzA1NjNDMSIgdmxpbms9IiM5NTRGNzIiPg0KPGRpdiBjbGFzcz0i
V29yZFNlY3Rpb24xIj4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNp
emU6MTEuMHB0Ij5IZWxsbyw8bzpwPjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9y
bWFsIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjExLjBwdCI+PG86cD4mbmJzcDs8L286cD48L3Nw
YW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4w
cHQiPkFzIEkgdW5kZXJzdGFuZCBpdCwgbG9uZyB2YWx1ZXMgcmVjb3JkZWQgYnkgYXVkaXRkIGFy
ZSBzdG9yZWQgYXMgaGV4IGVuY29kZWQgc3RyaW5ncy4gSG93ZXZlciwgd2hlbiBJIGF0dGVtcHQg
dG8gZGVjb2RlIGFyZ3VtZW50cyBzdWNoIGFzIGEwIG9yIGExIGluIFNZU0NBTEwgZXZlbnRzLCB0
aGV5IGFyZSBkZWNvZGVkIGludG8gc3BlY2lhbCBjaGFyYWN0ZXJzDQogaW5zdGVhZCBvZiBBU0NJ
SS4gQXJlIHRoZXNlIHZhbHVlcyBlbmNvZGVkIGRpZmZlcmVudGx5IHRoYW4gUFJPQ1RJVExFIGV2
ZW50cz8gPG86cD4NCjwvbzpwPjwvc3Bhbj48L3A+DQo8cCBjbGFzcz0iTXNvTm9ybWFsIj48c3Bh
biBzdHlsZT0iZm9udC1zaXplOjExLjBwdCI+PG86cD4mbmJzcDs8L286cD48L3NwYW4+PC9wPg0K
PHAgY2xhc3M9Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQiPkJlbG93
IGlzIGFuIGV4YW1wbGUgbG9nIGxpbmU6PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9
Ik1zb05vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQiPjxvOnA+Jm5ic3A7PC9v
OnA+PC9zcGFuPjwvcD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNp
emU6MTEuMHB0Ij50eXBlPVNZU0NBTEwgbXNnPWF1ZGl0KDE1NzQxODIwOTkuNTU5OjIwMDIpOiBh
cmNoPWMwMDAwMDNlIHN5c2NhbGw9NTkgc3VjY2Vzcz15ZXMgZXhpdD0wIGEwPTU1ZGYzMzBhM2Mx
MCBhMT01NWRmMzMwYTNjNzggYTI9NTVkZjMzMGEzYzkwIGEzPTAgaXRlbXM9MyBwcGlkPTI5NjY0
IHBpZD0yOTY3OCBhdWlkPTExNzEgdWlkPTAgZ2lkPTAgZXVpZD0wIHN1aWQ9MA0KIGZzdWlkPTAg
ZWdpZD0wIHNnaWQ9MCBmc2dpZD0wIHR0eT0obm9uZSkgc2VzPTE3MCBjb21tPSZxdW90O2FwdC1j
aGVjayZxdW90OyBleGU9JnF1b3Q7L3Vzci9iaW4vcHl0aG9uMy41JnF1b3Q7IGtleT0mcXVvdDty
b290Y21kJnF1b3Q7PG86cD48L286cD48L3NwYW4+PC9wPg0KPHAgY2xhc3M9Ik1zb05vcm1hbCI+
PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMS4wcHQiPjxvOnA+Jm5ic3A7PC9vOnA+PC9zcGFuPjwv
cD4NCjxwIGNsYXNzPSJNc29Ob3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTEuMHB0Ij5J
biB0aGlzIGV4YW1wbGUsIEkgYW0gbG9va2luZyB0byBkZWNvZGUgYTAsIGExLCBhbmQgYTIuIFll
cywgaXQgc2VlbXMgdGhhdCBhdXNlYXJjaCBjYW4gZGVjb2RlIHRoZXNlIHZhbHVlcy4gSG93ZXZl
ciwgSSBhbSBsb29raW5nIHRvIGRlY29kZSB0aGVtIHZpYSBTcGx1bmsuIFdoYXQgZm9ybWF0IGFy
ZSB0aGVzZSBzdHJpbmdzIGVuY29kZWQgaW4gYW5kIGlzDQogdGhlcmUgYSB3YXkgdG8gZGVjb2Rl
IHRoZXNlIHZhbHVlcyBpbiBhbnkgb3RoZXIgd2F5IG90aGVyIHRoYW4gYnkgdXNpbmcgYXVzZWFy
Y2g/PG86cD48L286cD48L3NwYW4+PC9wPg0KPC9kaXY+DQo8L2JvZHk+DQo8L2h0bWw+DQo=
--_000_2B96DB9C982F4B8D94A9AC08073A55E3splunkcom_--

--===============2593094206791641088==
Content-Type: text/plain; charset=WINDOWS-1252
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline


--===============2593094206791641088==--