{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/syslog", "job": "security-scans", "service_name": "security-scans", "source": "host"}, "msg": "2026-04-10T23:59:22.927112+00:00 prometheus auditd[868]: Audit daemon rotating log files"}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865598.754:21710561): proctitle=77676574002D2D737069646572002D7100687474703A2F2F3132372E302E302E313A383333332F6865616C74687A"}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865598.754:21710561): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:5f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865598.754:21710561): item=0 name=\"/usr/bin/wget\" inode=3454556 dev=00:5f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865598.754:21710561): cwd=\"/data\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865598.754:21710561): argc=4 a0=\"wget\" a1=\"--spider\" a2=\"-q\" a3=\"http://127.0.0.1:8333/healthz\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865598.754:21710561): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865598.754:21710561): arch=c000003e syscall=59 success=yes exit=0 a0=79d370a32408 a1=79d370a323b0 a2=79d370a323d8 a3=8080808080808080 items=2 ppid=2183696 pid=2183702 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865598.750:21710560): proctitle=2F62696E2F7368002D630077676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A383333332F6865616C74687A207C7C20657869742031"}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865598.750:21710560): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:5f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865598.750:21710560): item=0 name=\"/bin/sh\" inode=3454556 dev=00:5f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865598.750:21710560): cwd=\"/data\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865598.750:21710560): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=77676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A383333332F6865616C74687A207C7C20657869742031"}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865598.750:21710560): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865598.750:21710560): arch=c000003e syscall=59 success=yes exit=0 a0=c00018cf38 a1=c000022ac0 a2=c000022ae0 a3=0 items=2 ppid=4048 pid=2183696 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865598.709:21710559): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865598.709:21710559): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865598.709:21710559): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865598.709:21710559): cwd=\"/var/lib/docker/rootfs/overlayfs/38a784eb49e8778635b8fa1d44a04c342675dfae8a3a09d66ba486cc6e08b7bb\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865598.709:21710559): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865598.709:21710559): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5880 a1=c0001c9350 a2=c0001cbc40 a3=0 items=2 ppid=2183684 pid=2183692 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865598.695:21710558): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F33386137383465623439653837373836333562386661316434"}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865598.695:21710558): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865598.695:21710558): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865598.695:21710558): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/38a784eb49e8778635b8fa1d44a04c342675dfae8a3a09d66ba486cc6e08b7bb\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865598.695:21710558): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/38a784eb49e8778635b8fa1d44a04c342675dfae8a3a09d66ba486cc6e08b7bb/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process852920856\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/38a784eb49e8778635b8fa1d44a04c342675dfae8a3a09d66ba486cc6e08b7bb/96f899ca851432c3742eabfd0aeddec2420c41f1233986b161247d6cd95868a6.pid\" a14=\"38a784eb49e8778635b8fa1d44a04c342675dfae8a3a09d66ba486cc6e08b7bb\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865598.695:21710558): arch=c000003e syscall=59 success=yes exit=0 a0=c0002e1920 a1=c000115200 a2=c000115280 a3=0 items=2 ppid=4048 pid=2183684 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865598.529:21710557): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865598.529:21710557): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865598.529:21710557): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865598.529:21710557): cwd=\"/var/lib/docker/rootfs/overlayfs/ad3efa4adb2d722d56d3649168adfdee0034142a9983b8c4c4a5058e82e5e14b\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865598.529:21710557): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865598.529:21710557): arch=c000003e syscall=59 success=yes exit=0 a0=c0001cd880 a1=c0001d1350 a2=c0001d3c80 a3=0 items=2 ppid=2183663 pid=2183672 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865598.514:21710556): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F61643365666134616462326437323264353664333634393136"}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865598.514:21710556): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865598.514:21710556): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865598.514:21710556): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/ad3efa4adb2d722d56d3649168adfdee0034142a9983b8c4c4a5058e82e5e14b\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865598.514:21710556): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/ad3efa4adb2d722d56d3649168adfdee0034142a9983b8c4c4a5058e82e5e14b/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3383419928\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/ad3efa4adb2d722d56d3649168adfdee0034142a9983b8c4c4a5058e82e5e14b/455c9f94ae3b30141ca85fc621146a69d75c05a90950a9e5dff9ed5fa76cf3af.pid\" a14=\"ad3efa4adb2d722d56d3649168adfdee0034142a9983b8c4c4a5058e82e5e14b\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865598.514:21710556): arch=c000003e syscall=59 success=yes exit=0 a0=c000011020 a1=c0002a7880 a2=c0002a7900 a3=0 items=2 ppid=3834774 pid=2183663 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865598.259:21710555): proctitle=6D617269616462002D2D64656661756C74732D65787472612D66696C653D2F7661722F6C69622F6D7973716C2F2E6D792D6865616C7468636865636B2E636E66002D2D70726F746F636F6C00736F636B6574002D42002D2D736B69702D636F6C756D6E2D6E616D6573002D650073656C65637420312066726F6D20696E666F72"}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865598.259:21710555): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:48 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865598.259:21710555): item=0 name=\"/usr/bin/mariadb\" inode=7117817 dev=00:48 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865598.259:21710555): cwd=\"/\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865598.259:21710555): argc=8 a0=\"mariadb\" a1=\"--defaults-extra-file=/var/lib/mysql/.my-healthcheck.cnf\" a2=\"--protocol\" a3=\"socket\" a4=\"-B\" a5=\"--skip-column-names\" a6=\"-e\" a7=73656C65637420312066726F6D20696E666F726D6174696F6E5F736368656D612E454E47494E455320574845524520656E67696E653D27696E6E6F64622720414E4420737570706F727420696E202827594553272C202744454641554C54272C2027454E41424C45442729"}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865598.259:21710555): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865598.259:21710555): arch=c000003e syscall=59 success=yes exit=0 a0=5f4429179990 a1=5f442919b9c0 a2=5f442917a860 a3=8 items=2 ppid=2183655 pid=2183662 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"mariadb\" exe=\"/usr/bin/mariadb\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865598.244:21710554): proctitle=6D617269616462002D2D64656661756C74732D65787472612D66696C653D2F7661722F6C69622F6D7973716C2F2E6D792D6865616C7468636865636B2E636E66002D2D70726F746F636F6C00736F636B6574002D42002D2D736B69702D636F6C756D6E2D6E616D6573002D650073656C656374204040736B69705F6E6574776F"}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865598.244:21710554): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:48 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865598.244:21710554): item=0 name=\"/usr/bin/mariadb\" inode=7117817 dev=00:48 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865598.244:21710554): cwd=\"/\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865598.244:21710554): argc=8 a0=\"mariadb\" a1=\"--defaults-extra-file=/var/lib/mysql/.my-healthcheck.cnf\" a2=\"--protocol\" a3=\"socket\" a4=\"-B\" a5=\"--skip-column-names\" a6=\"-e\" a7=73656C656374204040736B69705F6E6574776F726B696E67"}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865598.244:21710554): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865598.244:21710554): arch=c000003e syscall=59 success=yes exit=0 a0=5f4429179fe0 a1=5f442919b810 a2=5f442917a4a0 a3=8 items=2 ppid=2183655 pid=2183661 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"mariadb\" exe=\"/usr/bin/mariadb\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865598.236:21710553): proctitle=2F62696E2F62617368002F7573722F6C6F63616C2F62696E2F6865616C7468636865636B2E7368002D2D636F6E6E656374002D2D696E6E6F64625F696E697469616C697A6564"}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865598.236:21710553): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:48 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865598.236:21710553): item=1 name=\"/bin/bash\" inode=6963796 dev=00:48 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865598.236:21710553): item=0 name=\"/usr/local/bin/healthcheck.sh\" inode=7348502 dev=00:48 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865598.236:21710553): cwd=\"/\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865598.236:21710553): argc=4 a0=\"/bin/bash\" a1=\"/usr/local/bin/healthcheck.sh\" a2=\"--connect\" a3=\"--innodb_initialized\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865598.236:21710553): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865598.236:21710553): arch=c000003e syscall=59 success=yes exit=0 a0=c000028760 a1=c000022660 a2=c0000de320 a3=0 items=3 ppid=2183643 pid=2183655 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"healthcheck.sh\" exe=\"/usr/bin/bash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865598.188:21710552): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865598.188:21710552): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865598.188:21710552): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865598.188:21710552): cwd=\"/var/lib/docker/rootfs/overlayfs/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865598.188:21710552): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865598.188:21710552): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3840 a1=c0001f7338 a2=c0001f9c40 a3=0 items=2 ppid=2183643 pid=2183652 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865598.175:21710551): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865598.175:21710551): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6694357 dev=00:7e mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865598.175:21710551): item=0 name=\"/usr/local/bin/redis-cli\" inode=6703632 dev=00:7e mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865598.175:21710551): cwd=\"/data\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865598.175:21710551): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865598.175:21710551): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865598.175:21710551): arch=c000003e syscall=59 success=yes exit=0 a0=c000028760 a1=c00009f350 a2=c0001651c0 a3=0 items=2 ppid=3830339 pid=2183636 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865598.171:21710550): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F37656465303139653363623065383839303138636162386266"}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865598.171:21710550): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865598.171:21710550): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865598.171:21710550): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865598.171:21710550): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3171868901\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7/7e7b214f849a1378575b9a598263f8090b0c3b56dc2b62a841f512ff9ded4818.pid\" a14=\"7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865598.171:21710550): arch=c000003e syscall=59 success=yes exit=0 a0=c000511980 a1=c0004d2380 a2=c0004d2400 a3=0 items=2 ppid=4533 pid=2183643 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865598.124:21710549): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865598.124:21710549): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865598.124:21710549): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865598.124:21710549): cwd=\"/var/lib/docker/rootfs/overlayfs/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865598.124:21710549): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865598.124:21710549): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3840 a1=c0001f7338 a2=c0001f9c00 a3=0 items=2 ppid=2183624 pid=2183634 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865598.108:21710548): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F30613638333732643666643238323031363834626539383237"}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865598.108:21710548): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865598.108:21710548): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865598.108:21710548): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865598.108:21710548): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2371910606\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748/b8c4d61e093bc7bf55f4fe8f01d2a74daa2942b881f5d5d30f1c27059e22459d.pid\" a14=\"0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865598.108:21710548): arch=c000003e syscall=59 success=yes exit=0 a0=c00037f030 a1=c0002d4b00 a2=c0002d4b80 a3=0 items=2 ppid=3830339 pid=2183624 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865597.935:21710547): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-04-10T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865597.935:21710547): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6694357 dev=00:72 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865597.935:21710547): item=0 name=\"/usr/local/bin/redis-cli\" inode=6703632 dev=00:72 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865597.935:21710547): cwd=\"/data\""}
{"ts": "2026-04-10T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865597.935:21710547): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-04-10T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865597.935:21710547): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865597.935:21710547): arch=c000003e syscall=59 success=yes exit=0 a0=c0000289a0 a1=c0000d1350 a2=c0000d91c0 a3=0 items=2 ppid=2183606 pid=2183618 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865597.893:21710546): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865597.893:21710546): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865597.893:21710546): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865597.893:21710546): cwd=\"/var/lib/docker/rootfs/overlayfs/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-04-10T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865597.893:21710546): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865597.893:21710546): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b830 a1=c00017f338 a2=c000181c00 a3=0 items=2 ppid=2183606 pid=2183615 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865597.879:21710545): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F34383062353761303034306362373564646534356436663664"}
{"ts": "2026-04-10T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865597.879:21710545): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865597.879:21710545): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865597.879:21710545): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-04-10T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865597.879:21710545): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process632899366\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af/02ba748473ed8659e5c4c4610d6973172515d6c2f3cf9e77db964f0af3d93765.pid\" a14=\"480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-04-10T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865597.879:21710545): arch=c000003e syscall=59 success=yes exit=0 a0=c000564ee0 a1=c000291980 a2=c000291a00 a3=0 items=2 ppid=4127 pid=2183606 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865597.162:21710544): proctitle=77676574002D714F002F6465762F6E756C6C00687474703A2F2F3132372E302E302E313A383432382F6865616C7468"}
{"ts": "2026-04-10T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865597.162:21710544): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6692706 dev=00:8e mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865597.162:21710544): item=0 name=\"/usr/bin/wget\" inode=6690603 dev=00:8e mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865597.162:21710544): cwd=\"/\""}
{"ts": "2026-04-10T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865597.162:21710544): argc=4 a0=\"wget\" a1=\"-qO\" a2=\"/dev/null\" a3=\"http://127.0.0.1:8428/health\""}
{"ts": "2026-04-10T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865597.162:21710544): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865597.162:21710544): arch=c000003e syscall=59 success=yes exit=0 a0=7030148b5408 a1=7030148b53b0 a2=7030148b53d8 a3=8 items=2 ppid=2183597 pid=2183604 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865597.159:21710543): proctitle=2F62696E2F7368002D630077676574202D714F202F6465762F6E756C6C20687474703A2F2F3132372E302E302E313A383432382F6865616C7468207C7C20657869742031"}
{"ts": "2026-04-10T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865597.159:21710543): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6692706 dev=00:8e mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865597.159:21710543): item=0 name=\"/bin/sh\" inode=6690603 dev=00:8e mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865597.159:21710543): cwd=\"/\""}
{"ts": "2026-04-10T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865597.159:21710543): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=77676574202D714F202F6465762F6E756C6C20687474703A2F2F3132372E302E302E313A383432382F6865616C7468207C7C20657869742031"}
{"ts": "2026-04-10T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865597.159:21710543): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865597.159:21710543): arch=c000003e syscall=59 success=yes exit=0 a0=c00017cf38 a1=c000022680 a2=c0000226a0 a3=0 items=2 ppid=2183585 pid=2183597 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865597.113:21710542): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865597.113:21710542): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865597.113:21710542): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865597.113:21710542): cwd=\"/var/lib/docker/rootfs/overlayfs/ff20627dcc1f17b19cce3fc1d6393a0595979c05841bf0021710d30ab30e3e35\""}
{"ts": "2026-04-10T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865597.113:21710542): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865597.113:21710542): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5870 a1=c0001c9350 a2=c0001cbc40 a3=0 items=2 ppid=2183585 pid=2183594 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865597.098:21710541): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F66663230363237646363316631376231396363653366633164"}
{"ts": "2026-04-10T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865597.098:21710541): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865597.098:21710541): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865597.098:21710541): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/ff20627dcc1f17b19cce3fc1d6393a0595979c05841bf0021710d30ab30e3e35\""}
{"ts": "2026-04-10T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865597.098:21710541): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/ff20627dcc1f17b19cce3fc1d6393a0595979c05841bf0021710d30ab30e3e35/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1551285826\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/ff20627dcc1f17b19cce3fc1d6393a0595979c05841bf0021710d30ab30e3e35/930faf31eec6f034723e222b97abf790c7b80e756bb0137a2b8956c99321adde.pid\" a14=\"ff20627dcc1f17b19cce3fc1d6393a0595979c05841bf0021710d30ab30e3e35\""}
{"ts": "2026-04-10T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865597.098:21710541): arch=c000003e syscall=59 success=yes exit=0 a0=c000322940 a1=c0001cae80 a2=c0001caf00 a3=0 items=2 ppid=4352 pid=2183585 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865596.941:21710540): proctitle=2F62696E2F7368002D630070675F69737265616479202D552077696E646D696C6C5F75736572202D642077696E646D696C6C5F6462"}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865596.941:21710540): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:bb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865596.941:21710540): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:bb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865596.941:21710540): cwd=\"/\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865596.941:21710540): argc=5 a0=\"pg_isready\" a1=\"-U\" a2=\"windmill_user\" a3=\"-d\" a4=\"windmill_db\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865596.941:21710540): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865596.941:21710540): arch=c000003e syscall=59 success=yes exit=0 a0=72b2d5d4b3f8 a1=72b2d5d4b290 a2=72b2d5d4b378 a3=0 items=2 ppid=2004556 pid=2183578 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865596.938:21710539): proctitle=2F62696E2F7368002D630070675F69737265616479202D552077696E646D696C6C5F75736572202D642077696E646D696C6C5F6462"}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865596.938:21710539): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:bb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865596.938:21710539): item=0 name=\"/bin/sh\" inode=8589166 dev=00:bb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865596.938:21710539): cwd=\"/\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865596.938:21710539): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552077696E646D696C6C5F75736572202D642077696E646D696C6C5F6462"}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865596.938:21710539): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865596.938:21710539): arch=c000003e syscall=59 success=yes exit=0 a0=c00018cf38 a1=c000022ac0 a2=c0001348c0 a3=0 items=2 ppid=2183566 pid=2183578 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865596.890:21710538): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865596.890:21710538): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865596.890:21710538): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865596.890:21710538): cwd=\"/var/lib/docker/rootfs/overlayfs/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865596.890:21710538): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865596.890:21710538): arch=c000003e syscall=59 success=yes exit=0 a0=c000173850 a1=c000177338 a2=c000179c80 a3=0 items=2 ppid=2183566 pid=2183575 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865596.874:21710537): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F32613336356335636263646565393463656638656238333338"}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865596.874:21710537): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865596.874:21710537): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865596.874:21710537): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865596.874:21710537): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1518432387\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c/55dcca66dced82737922279344348458691135084c5a9fd8118840487c08990b.pid\" a14=\"2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865596.874:21710537): arch=c000003e syscall=59 success=yes exit=0 a0=c0006001c0 a1=c00010c800 a2=c00010c880 a3=0 items=2 ppid=2004556 pid=2183566 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865596.752:21710536): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865596.752:21710536): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865596.752:21710536): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865596.752:21710536): cwd=\"/var/lib/docker/rootfs/overlayfs/531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865596.752:21710536): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865596.752:21710536): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3870 a1=c0001f7338 a2=c0001f9c40 a3=0 items=2 ppid=2183548 pid=2183558 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865596.737:21710535): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F35333161623839363863653834346231386230623365626166"}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865596.737:21710535): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865596.737:21710535): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865596.737:21710535): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865596.737:21710535): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2879990388\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50/ef53f64dc6480022ec1a1bf9d7611a4abba1c71f92fe5cdc3349a42868666a26.pid\" a14=\"531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865596.737:21710535): arch=c000003e syscall=59 success=yes exit=0 a0=c0003f8ec0 a1=c0000af400 a2=c0000af500 a3=0 items=2 ppid=3195716 pid=2183548 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865596.521:21710534): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865596.521:21710534): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:50 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865596.521:21710534): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:50 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865596.521:21710534): cwd=\"/\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865596.521:21710534): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"postgres\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865596.521:21710534): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865596.521:21710534): arch=c000003e syscall=59 success=yes exit=0 a0=7cc4b2dce288 a1=7cc4b2dce1e8 a2=7cc4b2dce208 a3=0 items=2 ppid=4396 pid=2183538 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865596.517:21710533): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865596.517:21710533): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:50 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865596.517:21710533): item=0 name=\"/bin/sh\" inode=8589166 dev=00:50 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865596.517:21710533): cwd=\"/\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865596.517:21710533): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865596.517:21710533): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865596.517:21710533): arch=c000003e syscall=59 success=yes exit=0 a0=c000196f78 a1=c000022680 a2=c0000d88c0 a3=0 items=2 ppid=2183525 pid=2183538 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865596.492:21710532): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520646F63757365616C"}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865596.492:21710532): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:32 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865596.492:21710532): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:32 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865596.492:21710532): cwd=\"/\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865596.492:21710532): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"docuseal\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865596.492:21710532): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865596.492:21710532): arch=c000003e syscall=59 success=yes exit=0 a0=7f63473c8288 a1=7f63473c81e8 a2=7f63473c8208 a3=0 items=2 ppid=3467 pid=2183519 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865596.485:21710531): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520646F63757365616C"}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865596.485:21710531): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:32 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865596.485:21710531): item=0 name=\"/bin/sh\" inode=8589166 dev=00:32 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865596.485:21710531): cwd=\"/\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865596.485:21710531): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520646F63757365616C"}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865596.485:21710531): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865596.485:21710531): arch=c000003e syscall=59 success=yes exit=0 a0=c0000fcf68 a1=c000022680 a2=c0001508c0 a3=0 items=2 ppid=2183506 pid=2183519 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865596.471:21710530): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865596.471:21710530): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865596.471:21710530): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:231 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865596.471:21710530): cwd=\"/var/lib/docker/rootfs/overlayfs/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865596.471:21710530): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865596.471:21710530): arch=c000003e syscall=59 success=yes exit=0 a0=c0001eb850 a1=c0001ef338 a2=c0001f1c40 a3=0 items=2 ppid=2183525 pid=2183534 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865596.456:21710529): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36373039376639343730643235616536323333306332373865"}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865596.456:21710529): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865596.456:21710529): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865596.456:21710529): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865596.456:21710529): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2077013774\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41/af75e300623afe8a396d746c1aa1515e2c5581a9ef027029922c82eda9516594.pid\" a14=\"67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865596.456:21710529): arch=c000003e syscall=59 success=yes exit=0 a0=c0004d8730 a1=c0000a7480 a2=c0000a7500 a3=0 items=2 ppid=4396 pid=2183525 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865596.442:21710528): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865596.442:21710528): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865596.442:21710528): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865596.442:21710528): cwd=\"/var/lib/docker/rootfs/overlayfs/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865596.442:21710528): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865596.442:21710528): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5890 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=2183506 pid=2183516 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865596.426:21710527): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F33363066643730616536656237636435653039353463653966"}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865596.426:21710527): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865596.426:21710527): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865596.426:21710527): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865596.426:21710527): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3208269197\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a/dfbcf19ad2fee7bcd1cb1b6352d44b57467d94e5a5bf6d77a28f727290462cb1.pid\" a14=\"360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865596.426:21710527): arch=c000003e syscall=59 success=yes exit=0 a0=c0004f5d30 a1=c00069a880 a2=c00069a900 a3=0 items=2 ppid=3467 pid=2183506 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865596.064:21710526): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865596.064:21710526): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6694357 dev=00:45 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865596.064:21710526): item=0 name=\"/usr/local/bin/redis-cli\" inode=6703632 dev=00:45 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865596.064:21710526): cwd=\"/data\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865596.064:21710526): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865596.064:21710526): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865596.064:21710526): arch=c000003e syscall=59 success=yes exit=0 a0=c000028760 a1=c0000a7350 a2=c0001631c0 a3=0 items=2 ppid=2183487 pid=2183499 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865596.016:21710525): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865596.016:21710525): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865596.016:21710525): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865596.016:21710525): cwd=\"/var/lib/docker/rootfs/overlayfs/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865596.016:21710525): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865596.016:21710525): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3830 a1=c0001f7338 a2=c0001f9c00 a3=0 items=2 ppid=2183487 pid=2183496 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865596.000:21710524): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F34636330343638363065393965643463653631636334663763"}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865596.000:21710524): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865596.000:21710524): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865596.000:21710524): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865596.000:21710524): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1043367584\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d/d9ae7e04482f9b1bf8bfbf0cb57336ed5b42698faf9792e3afd2fc59ebe50221.pid\" a14=\"4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d\""}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865596.000:21710524): arch=c000003e syscall=59 success=yes exit=0 a0=c00053bf20 a1=c0002ef980 a2=c0002efa00 a3=0 items=2 ppid=3439 pid=2183487 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865595.735:21710523): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520617065785F75736572202D6420617065785F6462"}
{"ts": "2026-04-10T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865595.735:21710523): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:117 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865595.735:21710523): item=0 name=\"/usr/local/bin/pg_isready\" inode=6091069 dev=00:117 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865595.735:21710523): cwd=\"/\""}
{"ts": "2026-04-10T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865595.735:21710523): argc=5 a0=\"pg_isready\" a1=\"-U\" a2=\"apex_user\" a3=\"-d\" a4=\"apex_db\""}
{"ts": "2026-04-10T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865595.735:21710523): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865595.735:21710523): arch=c000003e syscall=59 success=yes exit=0 a0=7a249ce5c3f8 a1=7a249ce5c278 a2=7a249ce5c378 a3=0 items=2 ppid=2004566 pid=2183480 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865595.732:21710522): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520617065785F75736572202D6420617065785F6462"}
{"ts": "2026-04-10T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865595.732:21710522): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:117 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865595.732:21710522): item=0 name=\"/bin/sh\" inode=3454556 dev=00:117 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865595.732:21710522): cwd=\"/\""}
{"ts": "2026-04-10T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865595.732:21710522): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520617065785F75736572202D6420617065785F6462"}
{"ts": "2026-04-10T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865595.732:21710522): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865595.732:21710522): arch=c000003e syscall=59 success=yes exit=0 a0=c00018af38 a1=c000022ac0 a2=c0001348c0 a3=0 items=2 ppid=2004566 pid=2183480 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865595.683:21710521): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865595.683:21710521): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865595.683:21710521): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865595.683:21710521): cwd=\"/var/lib/docker/rootfs/overlayfs/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83\""}
{"ts": "2026-04-10T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865595.683:21710521): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865595.683:21710521): arch=c000003e syscall=59 success=yes exit=0 a0=c0001ed850 a1=c0001f1338 a2=c0001f3c40 a3=0 items=2 ppid=2183468 pid=2183477 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865595.668:21710520): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F63316638663937643533353936653936373532306466353366"}
{"ts": "2026-04-10T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865595.668:21710520): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865595.668:21710520): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865595.668:21710520): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83\""}
{"ts": "2026-04-10T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865595.668:21710520): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3326430044\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83/97481d08357a0a296666a8549aa5852bfe9f0792f02ed70732ce37edd59ba795.pid\" a14=\"c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83\""}
{"ts": "2026-04-10T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865595.668:21710520): arch=c000003e syscall=59 success=yes exit=0 a0=c000530a50 a1=c00026d480 a2=c00026d500 a3=0 items=2 ppid=2004566 pid=2183468 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865595.657:21710519): proctitle=77676574002D714F002F6465762F6E756C6C00687474703A2F2F3132372E302E302E313A383132332F70696E67"}
{"ts": "2026-04-10T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865595.657:21710519): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6688979 dev=00:26 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865595.657:21710519): item=0 name=\"/usr/bin/wget\" inode=6699356 dev=00:26 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865595.657:21710519): cwd=\"/\""}
{"ts": "2026-04-10T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865595.657:21710519): argc=4 a0=\"wget\" a1=\"-qO\" a2=\"/dev/null\" a3=\"http://127.0.0.1:8123/ping\""}
{"ts": "2026-04-10T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865595.657:21710519): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a88465fb old_pi=0 old_pe=00000000a88465fb old_pa=0 pp=00000000a88465fb pi=0 pe=00000000a88465fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865595.657:21710519): arch=c000003e syscall=59 success=yes exit=0 a0=7d1b17066450 a1=7d1b170663b0 a2=7d1b170663d8 a3=8 items=2 ppid=2183461 pid=2183467 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865595.654:21710518): proctitle=2F62696E2F7368002D630077676574202D714F202F6465762F6E756C6C20687474703A2F2F3132372E302E302E313A383132332F70696E67207C7C20657869742031"}
{"ts": "2026-04-10T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865595.654:21710518): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6688979 dev=00:26 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865595.654:21710518): item=0 name=\"/bin/sh\" inode=6699356 dev=00:26 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865595.654:21710518): cwd=\"/\""}
{"ts": "2026-04-10T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865595.654:21710518): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=77676574202D714F202F6465762F6E756C6C20687474703A2F2F3132372E302E302E313A383132332F70696E67207C7C20657869742031"}
{"ts": "2026-04-10T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865595.654:21710518): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a88465fb old_pi=0 old_pe=00000000a88465fb old_pa=0 pp=00000000a88465fb pi=0 pe=00000000a88465fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865595.654:21710518): arch=c000003e syscall=59 success=yes exit=0 a0=c00018f188 a1=c000022ac0 a2=c0001348c0 a3=0 items=2 ppid=2183449 pid=2183461 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865595.610:21710517): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865595.610:21710517): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865595.610:21710517): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865595.610:21710517): cwd=\"/var/lib/docker/rootfs/overlayfs/1fb3858784c1bbc7b7db79bd21020b36e4b8209f56f9299f38689bcfe0a0492c\""}
{"ts": "2026-04-10T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865595.610:21710517): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865595.610:21710517): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5990 a1=c0001c93b0 a2=c0001cbd80 a3=0 items=2 ppid=2183449 pid=2183459 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865595.592:21710516): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F31666233383538373834633162626337623764623739626432"}
{"ts": "2026-04-10T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865595.592:21710516): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865595.592:21710516): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865595.592:21710516): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/1fb3858784c1bbc7b7db79bd21020b36e4b8209f56f9299f38689bcfe0a0492c\""}
{"ts": "2026-04-10T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865595.592:21710516): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/1fb3858784c1bbc7b7db79bd21020b36e4b8209f56f9299f38689bcfe0a0492c/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1061528515\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/1fb3858784c1bbc7b7db79bd21020b36e4b8209f56f9299f38689bcfe0a0492c/1a15604520d25375b9d8e9f8bcbf3960e480c1fea333bc4ae6b2ec4fa8d50ed6.pid\" a14=\"1fb3858784c1bbc7b7db79bd21020b36e4b8209f56f9299f38689bcfe0a0492c\""}
{"ts": "2026-04-10T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865595.592:21710516): arch=c000003e syscall=59 success=yes exit=0 a0=c000010200 a1=c0001ca280 a2=c0001ca800 a3=0 items=2 ppid=2094145 pid=2183449 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865594.718:21710515): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520666F7267656A6F"}
{"ts": "2026-04-10T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865594.718:21710515): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:5a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865594.718:21710515): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:5a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865594.718:21710515): cwd=\"/\""}
{"ts": "2026-04-10T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865594.718:21710515): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"forgejo\""}
{"ts": "2026-04-10T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865594.718:21710515): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865594.718:21710515): arch=c000003e syscall=59 success=yes exit=0 a0=7612ba321278 a1=7612ba3211d8 a2=7612ba3211f8 a3=8080808080808080 items=2 ppid=4460 pid=2183442 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865594.715:21710514): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520666F7267656A6F"}
{"ts": "2026-04-10T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865594.715:21710514): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:5a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865594.715:21710514): item=0 name=\"/bin/sh\" inode=8589166 dev=00:5a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865594.715:21710514): cwd=\"/\""}
{"ts": "2026-04-10T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865594.715:21710514): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520666F7267656A6F"}
{"ts": "2026-04-10T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865594.715:21710514): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865594.715:21710514): arch=c000003e syscall=59 success=yes exit=0 a0=c00018cf38 a1=c000022ac0 a2=c0001348c0 a3=0 items=2 ppid=2183430 pid=2183442 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865594.665:21710513): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865594.665:21710513): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865594.665:21710513): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865594.665:21710513): cwd=\"/var/lib/docker/rootfs/overlayfs/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251\""}
{"ts": "2026-04-10T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865594.665:21710513): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865594.665:21710513): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b840 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=2183430 pid=2183439 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865594.651:21710512): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F32636464336430383963393436373631633432633763666334"}
{"ts": "2026-04-10T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865594.651:21710512): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865594.651:21710512): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865594.651:21710512): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251\""}
{"ts": "2026-04-10T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865594.651:21710512): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3949780169\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251/f07ffe489531f7735b02264f6cc4d4b6ca54e5dd32d3b944a6747d331a58e213.pid\" a14=\"2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251\""}
{"ts": "2026-04-10T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865594.651:21710512): arch=c000003e syscall=59 success=yes exit=0 a0=c00055c270 a1=c000634400 a2=c000634480 a3=0 items=2 ppid=4460 pid=2183430 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865594.571:21710511): proctitle=6E6F6465002D65007265717569726528276874747027292E6765742827687474703A2F2F27202B207265717569726528276F7327292E686F73746E616D652829202B20273A333030302F272C2072203D3E2070726F636573732E657869742828722E737461747573436F6465203D3D3D20323030207C7C20722E737461747573"}
{"ts": "2026-04-10T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865594.571:21710511): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6834212 dev=00:82 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865594.571:21710511): item=0 name=\"/usr/local/bin/node\" inode=6881221 dev=00:82 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865594.571:21710511): cwd=\"/app\""}
{"ts": "2026-04-10T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865594.571:21710511): argc=3 a0=\"node\" a1=\"-e\" a2=7265717569726528276874747027292E6765742827687474703A2F2F27202B207265717569726528276F7327292E686F73746E616D652829202B20273A333030302F272C2072203D3E2070726F636573732E657869742828722E737461747573436F6465203D3D3D20323030207C7C20722E737461747573436F6465203D3D3D2033303729203F2030203A203129292E6F6E28276572726F72272C202829203D3E2070726F636573732E6578697428312929"}
{"ts": "2026-04-10T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865594.571:21710511): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865594.571:21710511): arch=c000003e syscall=59 success=yes exit=0 a0=5a2fcac04c68 a1=5a2fcac048f8 a2=5a2fcac04ba8 a3=8 items=2 ppid=2183411 pid=2183419 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"node\" exe=\"/usr/local/bin/node\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865594.566:21710510): proctitle=2F62696E2F7368002D63006E6F6465202D6520227265717569726528276874747027292E6765742827687474703A2F2F27202B207265717569726528276F7327292E686F73746E616D652829202B20273A333030302F272C2072203D3E2070726F636573732E657869742828722E737461747573436F6465203D3D3D20323030"}
{"ts": "2026-04-10T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865594.566:21710510): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6834212 dev=00:82 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865594.566:21710510): item=0 name=\"/bin/sh\" inode=6832457 dev=00:82 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865594.566:21710510): cwd=\"/app\""}
{"ts": "2026-04-10T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865594.566:21710510): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=6E6F6465202D6520227265717569726528276874747027292E6765742827687474703A2F2F27202B207265717569726528276F7327292E686F73746E616D652829202B20273A333030302F272C2072203D3E2070726F636573732E657869742828722E737461747573436F6465203D3D3D20323030207C7C20722E737461747573436F6465203D3D3D2033303729203F2030203A203129292E6F6E28276572726F72272C202829203D3E2070726F636573732E657869742831292922"}
{"ts": "2026-04-10T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865594.566:21710510): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865594.566:21710510): arch=c000003e syscall=59 success=yes exit=0 a0=c000196f08 a1=c000022680 a2=c0000c4240 a3=0 items=2 ppid=3827 pid=2183411 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865594.523:21710509): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865594.523:21710509): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865594.523:21710509): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865594.523:21710509): cwd=\"/var/lib/docker/rootfs/overlayfs/62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638\""}
{"ts": "2026-04-10T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865594.523:21710509): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865594.523:21710509): arch=c000003e syscall=59 success=yes exit=0 a0=c0001cd8b0 a1=c0001d1350 a2=c0001d3c40 a3=0 items=2 ppid=2183399 pid=2183408 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865594.508:21710508): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36326666313836633935353866356138376238373161616432"}
{"ts": "2026-04-10T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865594.508:21710508): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865594.508:21710508): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865594.508:21710508): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638\""}
{"ts": "2026-04-10T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865594.508:21710508): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3886000810\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638/3f65c208fe2b761149f2b760858d1b7f21376e1a0fce927dbed599eef309374c.pid\" a14=\"62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638\""}
{"ts": "2026-04-10T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865594.508:21710508): arch=c000003e syscall=59 success=yes exit=0 a0=c00033b520 a1=c000224b80 a2=c000224c00 a3=0 items=2 ppid=3827 pid=2183399 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.969:21710507): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.969:21710507): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:120 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.969:21710507): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:120 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.969:21710507): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865593.969:21710507): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865593.969:21710507): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.969:21710507): arch=c000003e syscall=59 success=yes exit=0 a0=7de3f471ed60 a1=7de3ad035c80 a2=634e07c84a40 a3=8 items=2 ppid=13318 pid=2183398 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.969:21710506): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.969:21710506): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.969:21710506): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.969:21710506): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad035c80 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2183398 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.969:21710505): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.969:21710505): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.969:21710505): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.969:21710505): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad035c80 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2183398 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.969:21710504): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.969:21710504): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.969:21710504): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.969:21710504): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad035c80 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2183398 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.969:21710503): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.969:21710503): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.969:21710503): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.969:21710503): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad035c80 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2183398 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.969:21710502): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.969:21710502): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.969:21710502): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.969:21710502): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad035c80 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2183398 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.969:21710501): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.969:21710501): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.969:21710501): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.969:21710501): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad035c80 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2183398 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.966:21710500): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.966:21710500): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:120 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.966:21710500): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:120 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.966:21710500): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865593.966:21710500): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865593.966:21710500): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.966:21710500): arch=c000003e syscall=59 success=yes exit=0 a0=7de3f471ed60 a1=7de3f4203140 a2=634e07c84a40 a3=8 items=2 ppid=13318 pid=2183397 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.966:21710499): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.966:21710499): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.966:21710499): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.966:21710499): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3f4203140 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2183397 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.966:21710498): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.966:21710498): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.966:21710498): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.966:21710498): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3f4203140 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2183397 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.966:21710497): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.966:21710497): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.966:21710497): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.966:21710497): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3f4203140 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2183397 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.966:21710496): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.966:21710496): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.966:21710496): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.966:21710496): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3f4203140 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2183397 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.966:21710495): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.966:21710495): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.966:21710495): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.966:21710495): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3f4203140 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2183397 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.966:21710494): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.966:21710494): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.966:21710494): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.966:21710494): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3f4203140 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2183397 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.963:21710493): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.963:21710493): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:120 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.963:21710493): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:120 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.963:21710493): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865593.963:21710493): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865593.963:21710493): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.963:21710493): arch=c000003e syscall=59 success=yes exit=0 a0=7de3f471ed60 a1=7de3ad035620 a2=634e07c84a40 a3=8 items=2 ppid=13318 pid=2183396 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.963:21710492): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.963:21710492): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.963:21710492): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.963:21710492): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad035620 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2183396 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.963:21710491): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.963:21710491): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.963:21710491): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.963:21710491): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad035620 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2183396 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.963:21710490): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.963:21710490): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.963:21710490): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.963:21710490): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad035620 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2183396 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.963:21710489): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.963:21710489): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.963:21710489): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.963:21710489): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad035620 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2183396 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.963:21710488): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.963:21710488): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.963:21710488): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.963:21710488): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad035620 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2183396 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.963:21710487): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.963:21710487): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.963:21710487): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.963:21710487): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad035620 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2183396 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.865:21710486): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.865:21710486): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.865:21710486): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.865:21710486): cwd=\"/var/lib/docker/rootfs/overlayfs/59582f7591559088714ccdef6fbea6ce773505523dcc785ab3c861f1c9a990ae\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865593.865:21710486): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.865:21710486): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b820 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=2183377 pid=2183387 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.850:21710485): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F35393538326637353931353539303838373134636364656636"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.850:21710485): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.850:21710485): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.850:21710485): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/59582f7591559088714ccdef6fbea6ce773505523dcc785ab3c861f1c9a990ae\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865593.850:21710485): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/59582f7591559088714ccdef6fbea6ce773505523dcc785ab3c861f1c9a990ae/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process4074487624\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/59582f7591559088714ccdef6fbea6ce773505523dcc785ab3c861f1c9a990ae/9f2a71f32a4223172d75a4affd61767c44250ed97b8970acdcd5b1ff86961709.pid\" a14=\"59582f7591559088714ccdef6fbea6ce773505523dcc785ab3c861f1c9a990ae\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.850:21710485): arch=c000003e syscall=59 success=yes exit=0 a0=c0002e4310 a1=c0002ee100 a2=c0002ee180 a3=0 items=2 ppid=3833039 pid=2183377 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.816:21710484): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550070726F6D6574686575735F61646D696E002D640070726F6D6574686575735F61646D696E"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.816:21710484): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=5581428 dev=00:a7 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.816:21710484): item=0 name=\"/usr/lib/postgresql/17/bin/pg_isready\" inode=5809487 dev=00:a7 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.816:21710484): cwd=\"/\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865593.816:21710484): argc=5 a0=\"/usr/lib/postgresql/17/bin/pg_isready\" a1=\"-U\" a2=\"prometheus_admin\" a3=\"-d\" a4=\"prometheus_admin\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865593.816:21710484): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.816:21710484): arch=c000003e syscall=59 success=yes exit=0 a0=62f34fe00700 a1=62f34fd148d0 a2=62f34fb02970 a3=762faa829e70 items=2 ppid=2183368 pid=2183375 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/lib/postgresql/17/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.778:21710483): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550070726F6D6574686575735F61646D696E002D640070726F6D6574686575735F61646D696E"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.778:21710483): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=5581428 dev=00:a7 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.778:21710483): item=1 name=\"/usr/bin/perl\" inode=5580916 dev=00:a7 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.778:21710483): item=0 name=\"/usr/bin/pg_isready\" inode=5823482 dev=00:a7 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.778:21710483): cwd=\"/\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865593.778:21710483): argc=6 a0=\"/usr/bin/perl\" a1=\"/usr/bin/pg_isready\" a2=\"-U\" a3=\"prometheus_admin\" a4=\"-d\" a5=\"prometheus_admin\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865593.778:21710483): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.778:21710483): arch=c000003e syscall=59 success=yes exit=0 a0=595c83437678 a1=595c834375e0 a2=595c83437610 a3=8 items=3 ppid=2183368 pid=2183375 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/bin/perl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.773:21710482): proctitle=2F62696E2F7368002D630070675F69737265616479202D552070726F6D6574686575735F61646D696E202D642070726F6D6574686575735F61646D696E"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.773:21710482): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=5581428 dev=00:a7 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.773:21710482): item=0 name=\"/bin/sh\" inode=5580787 dev=00:a7 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.773:21710482): cwd=\"/\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865593.773:21710482): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552070726F6D6574686575735F61646D696E202D642070726F6D6574686575735F61646D696E"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865593.773:21710482): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.773:21710482): arch=c000003e syscall=59 success=yes exit=0 a0=c00018ce80 a1=c000022ac0 a2=c0000900c0 a3=0 items=2 ppid=5382 pid=2183368 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/usr/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.725:21710481): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.725:21710481): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.725:21710481): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.725:21710481): cwd=\"/var/lib/docker/rootfs/overlayfs/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865593.725:21710481): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.725:21710481): arch=c000003e syscall=59 success=yes exit=0 a0=c0001cd880 a1=c0001d1350 a2=c0001d3c80 a3=0 items=2 ppid=2183356 pid=2183365 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.711:21710480): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F39366463666130373439336431613065353531353136646432"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.711:21710480): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.711:21710480): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.711:21710480): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865593.711:21710480): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3561651020\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24/88be1806983abfec582230d9e55e7b643fd22a37da66e820b97f630df632b0a0.pid\" a14=\"96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.711:21710480): arch=c000003e syscall=59 success=yes exit=0 a0=c000521830 a1=c0002c0d00 a2=c0002c0d80 a3=0 items=2 ppid=5382 pid=2183356 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.608:21710479): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.608:21710479): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:102 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.608:21710479): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:102 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.608:21710479): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865593.608:21710479): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865593.608:21710479): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.608:21710479): arch=c000003e syscall=59 success=yes exit=0 a0=7e8ad4131d60 a1=7e8ac6e04d80 a2=618bc9213650 a3=8 items=2 ppid=1943853 pid=2183355 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.608:21710478): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.608:21710478): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.608:21710478): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.608:21710478): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04d80 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2183355 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.608:21710477): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.608:21710477): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.608:21710477): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.608:21710477): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04d80 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2183355 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.608:21710476): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.608:21710476): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.608:21710476): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.608:21710476): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04d80 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2183355 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.608:21710475): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.608:21710475): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.608:21710475): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.608:21710475): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04d80 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2183355 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.608:21710474): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.608:21710474): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.608:21710474): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.608:21710474): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04d80 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2183355 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.608:21710473): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.608:21710473): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.608:21710473): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.608:21710473): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04d80 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2183355 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.605:21710472): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.605:21710472): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:102 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.605:21710472): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:102 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.605:21710472): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865593.605:21710472): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865593.605:21710472): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.605:21710472): arch=c000003e syscall=59 success=yes exit=0 a0=7e8ad4131d60 a1=7e8ac6e04e20 a2=618bc9213650 a3=8 items=2 ppid=1943853 pid=2183354 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.605:21710471): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.605:21710471): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.605:21710471): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.605:21710471): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04e20 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2183354 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.605:21710470): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.605:21710470): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.605:21710470): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.605:21710470): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04e20 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2183354 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.605:21710469): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.605:21710469): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.605:21710469): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.605:21710469): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04e20 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2183354 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.605:21710468): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.605:21710468): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.605:21710468): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.605:21710468): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04e20 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2183354 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.605:21710467): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.605:21710467): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.605:21710467): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.605:21710467): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04e20 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2183354 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.605:21710466): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.605:21710466): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.605:21710466): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.605:21710466): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04e20 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2183354 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.602:21710465): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.602:21710465): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:102 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.602:21710465): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:102 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.602:21710465): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865593.602:21710465): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865593.602:21710465): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.602:21710465): arch=c000003e syscall=59 success=yes exit=0 a0=7e8ad4131d60 a1=7e8ac6e04dc0 a2=618bc9213650 a3=8 items=2 ppid=1943853 pid=2183353 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.602:21710464): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.602:21710464): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.602:21710464): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.602:21710464): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04dc0 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2183353 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.602:21710463): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.602:21710463): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.602:21710463): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.602:21710463): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04dc0 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2183353 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.602:21710462): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.602:21710462): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.602:21710462): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.602:21710462): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04dc0 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2183353 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.602:21710461): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.602:21710461): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.602:21710461): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.602:21710461): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04dc0 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2183353 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.602:21710460): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.602:21710460): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.602:21710460): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.602:21710460): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04dc0 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2183353 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.602:21710459): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.602:21710459): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.602:21710459): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.602:21710459): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04dc0 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2183353 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.476:21710458): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.476:21710458): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:d2 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.476:21710458): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:d2 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.476:21710458): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865593.476:21710458): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865593.476:21710458): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.476:21710458): arch=c000003e syscall=59 success=yes exit=0 a0=74bcbc1b9d60 a1=74bc79e1c8e0 a2=5f16263f7a40 a3=8 items=2 ppid=12863 pid=2183352 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.476:21710457): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.476:21710457): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.476:21710457): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.476:21710457): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc79e1c8e0 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2183352 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.476:21710456): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.476:21710456): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.476:21710456): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.476:21710456): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc79e1c8e0 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2183352 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.476:21710455): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.476:21710455): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.476:21710455): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.476:21710455): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc79e1c8e0 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2183352 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.476:21710454): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.476:21710454): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.476:21710454): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.476:21710454): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc79e1c8e0 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2183352 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.476:21710453): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.476:21710453): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.476:21710453): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.476:21710453): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc79e1c8e0 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2183352 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.476:21710452): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.476:21710452): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.476:21710452): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.476:21710452): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc79e1c8e0 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2183352 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.473:21710451): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.473:21710451): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:d2 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.473:21710451): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:d2 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.473:21710451): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865593.473:21710451): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865593.473:21710451): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.473:21710451): arch=c000003e syscall=59 success=yes exit=0 a0=74bcbc1b9d60 a1=74bc78e8c9e0 a2=5f16263f7a40 a3=8 items=2 ppid=12863 pid=2183351 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.473:21710450): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.473:21710450): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.473:21710450): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.473:21710450): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8c9e0 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2183351 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.473:21710449): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.473:21710449): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.473:21710449): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.473:21710449): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8c9e0 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2183351 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.473:21710448): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.473:21710448): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.473:21710448): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.473:21710448): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8c9e0 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2183351 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.473:21710447): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.473:21710447): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.473:21710447): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.473:21710447): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8c9e0 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2183351 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.473:21710446): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.473:21710446): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.473:21710446): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.473:21710446): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8c9e0 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2183351 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.473:21710445): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.473:21710445): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.473:21710445): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.473:21710445): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8c9e0 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2183351 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.470:21710444): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.470:21710444): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:d2 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.470:21710444): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:d2 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.470:21710444): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865593.470:21710444): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865593.470:21710444): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.470:21710444): arch=c000003e syscall=59 success=yes exit=0 a0=74bcbc1b9d60 a1=74bc79e01320 a2=5f16263f7a40 a3=8 items=2 ppid=12863 pid=2183350 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.470:21710443): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.470:21710443): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.470:21710443): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.470:21710443): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc79e01320 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2183350 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.470:21710442): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.470:21710442): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.470:21710442): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.470:21710442): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc79e01320 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2183350 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.470:21710441): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.470:21710441): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.470:21710441): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.470:21710441): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc79e01320 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2183350 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.469:21710440): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.469:21710440): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.469:21710440): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.469:21710440): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc79e01320 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2183350 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.469:21710439): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.469:21710439): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.469:21710439): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.469:21710439): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc79e01320 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2183350 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.469:21710438): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.469:21710438): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.469:21710438): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.469:21710438): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc79e01320 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2183350 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.287:21710437): proctitle=67726570003A30424238002F70726F632F6E65742F746370"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.287:21710437): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6834212 dev=00:31 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.287:21710437): item=0 name=\"/bin/grep\" inode=6832538 dev=00:31 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.287:21710437): cwd=\"/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865593.287:21710437): argc=3 a0=\"grep\" a1=\":0BB8\" a2=\"/proc/net/tcp\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865593.287:21710437): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.287:21710437): arch=c000003e syscall=59 success=yes exit=0 a0=5704bd4c7758 a1=5704ba73b990 a2=5704bd4c76e8 a3=8 items=2 ppid=2183343 pid=2183349 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"grep\" exe=\"/bin/grep\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.283:21710436): proctitle=2F62696E2F7368002D630067726570203A30424238202F70726F632F6E65742F746370207C7C20657869742031"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.283:21710436): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6834212 dev=00:31 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.283:21710436): item=0 name=\"/bin/sh\" inode=6832457 dev=00:31 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.283:21710436): cwd=\"/app\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865593.283:21710436): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=67726570203A30424238202F70726F632F6E65742F746370207C7C20657869742031"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865593.283:21710436): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.283:21710436): arch=c000003e syscall=59 success=yes exit=0 a0=c00018aeb8 a1=c000022ac0 a2=c0001348c0 a3=0 items=2 ppid=2183330 pid=2183343 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.238:21710435): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.238:21710435): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.238:21710435): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.238:21710435): cwd=\"/var/lib/docker/rootfs/overlayfs/99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865593.238:21710435): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.238:21710435): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b840 a1=c00017f338 a2=c000181c80 a3=0 items=2 ppid=2183330 pid=2183339 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865593.220:21710434): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F39393735326335353431306262366163653365353739303464"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.220:21710434): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865593.220:21710434): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865593.220:21710434): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865593.220:21710434): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1600770228\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2/d4539ee519fda48a070a9cfa4b51550313f8b9532cf07ffb41459c10973001d4.pid\" a14=\"99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865593.220:21710434): arch=c000003e syscall=59 success=yes exit=0 a0=c0004632c0 a1=c00041a180 a2=c00041a200 a3=0 items=2 ppid=3423 pid=2183330 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865592.828:21710433): proctitle=6375726C002D6600687474703A2F2F6C6F63616C686F73743A383030302F6865616C74687A"}
{"ts": "2026-04-10T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865592.828:21710433): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:d2 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865592.828:21710433): item=0 name=\"/usr/bin/curl\" inode=8530521 dev=00:d2 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865592.828:21710433): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865592.828:21710433): argc=3 a0=\"curl\" a1=\"-f\" a2=\"http://localhost:8000/healthz\""}
{"ts": "2026-04-10T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865592.828:21710433): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865592.828:21710433): arch=c000003e syscall=59 success=yes exit=0 a0=c00018af50 a1=c000022ac0 a2=c000170a20 a3=0 items=2 ppid=2183311 pid=2183324 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"curl\" exe=\"/usr/bin/curl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865592.782:21710432): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865592.782:21710432): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865592.782:21710432): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865592.782:21710432): cwd=\"/var/lib/docker/rootfs/overlayfs/85b545c504cd648e96e62b4ba6066cca7e4a8b207e2cdfa5efa782d8a3e3241b\""}
{"ts": "2026-04-10T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865592.782:21710432): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865592.782:21710432): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b850 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=2183311 pid=2183319 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865592.768:21710431): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F38356235343563353034636436343865393665363262346261"}
{"ts": "2026-04-10T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865592.768:21710431): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865592.768:21710431): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865592.768:21710431): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/85b545c504cd648e96e62b4ba6066cca7e4a8b207e2cdfa5efa782d8a3e3241b\""}
{"ts": "2026-04-10T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865592.768:21710431): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/85b545c504cd648e96e62b4ba6066cca7e4a8b207e2cdfa5efa782d8a3e3241b/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process901274358\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/85b545c504cd648e96e62b4ba6066cca7e4a8b207e2cdfa5efa782d8a3e3241b/641c1d3646db07ba90c4e95350e183782a4bf415018c95f23af9dc2dcf85d41c.pid\" a14=\"85b545c504cd648e96e62b4ba6066cca7e4a8b207e2cdfa5efa782d8a3e3241b\""}
{"ts": "2026-04-10T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865592.768:21710431): arch=c000003e syscall=59 success=yes exit=0 a0=c0005012f0 a1=c000140d00 a2=c000140d80 a3=0 items=2 ppid=12647 pid=2183311 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865590.668:21710430): proctitle=6A71002D2D7261772D6F7574707574002E737461747573"}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865590.668:21710430): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865590.668:21710430): item=0 name=\"/usr/bin/jq\" inode=7115963 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865590.668:21710430): cwd=\"/app\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865590.668:21710430): argc=3 a0=\"jq\" a1=\"--raw-output\" a2=\".status\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865590.668:21710430): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865590.668:21710430): arch=c000003e syscall=59 success=yes exit=0 a0=603a5b3929a0 a1=603a5b393280 a2=603a5b38f300 a3=8 items=2 ppid=2183306 pid=2183308 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"jq\" exe=\"/usr/bin/jq\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865590.668:21710429): proctitle=6375726C002D2D73696C656E7400687474703A2F2F3132372E302E302E313A38312F6170692F"}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865590.668:21710429): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865590.668:21710429): item=0 name=\"/usr/bin/curl\" inode=7115848 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865590.668:21710429): cwd=\"/app\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865590.668:21710429): argc=3 a0=\"curl\" a1=\"--silent\" a2=\"http://127.0.0.1:81/api/\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865590.668:21710429): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865590.668:21710429): arch=c000003e syscall=59 success=yes exit=0 a0=603a5b3929d0 a1=603a5b3932b0 a2=603a5b38f300 a3=8 items=2 ppid=2183306 pid=2183307 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"curl\" exe=\"/usr/bin/curl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865590.661:21710428): proctitle=2F62696E2F62617368002F62696E2F636865636B2D6865616C7468"}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865590.661:21710428): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865590.661:21710428): item=1 name=\"/bin/bash\" inode=6954383 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865590.661:21710428): item=0 name=\"/bin/check-health\" inode=8694993 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865590.661:21710428): cwd=\"/app\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865590.661:21710428): argc=2 a0=\"/bin/bash\" a1=\"/bin/check-health\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865590.661:21710428): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865590.661:21710428): arch=c000003e syscall=59 success=yes exit=0 a0=c000027518 a1=c00002ae00 a2=c0000ca5a0 a3=0 items=3 ppid=2183288 pid=2183300 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"check-health\" exe=\"/usr/bin/bash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865590.614:21710427): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865590.614:21710427): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865590.614:21710427): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865590.614:21710427): cwd=\"/var/lib/docker/rootfs/overlayfs/3d00cea9d890ac76ec9bbdca47f4d82e83b0a918911a118694314103c0f1ab42\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865590.614:21710427): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865590.614:21710427): arch=c000003e syscall=59 success=yes exit=0 a0=c000208180 a1=c000206030 a2=c000228100 a3=0 items=2 ppid=2183288 pid=2183297 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865590.610:21710426): proctitle=6375726C002D6600687474703A2F2F6C6F63616C686F73743A383434332F6865616C74687A"}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865590.610:21710426): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8277530 dev=00:7a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865590.610:21710426): item=0 name=\"/usr/bin/curl\" inode=8272239 dev=00:7a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865590.610:21710426): cwd=\"/\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865590.610:21710426): argc=3 a0=\"curl\" a1=\"-f\" a2=\"http://localhost:8443/healthz\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865590.610:21710426): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865590.610:21710426): arch=c000003e syscall=59 success=yes exit=0 a0=c00018cd80 a1=c000022ac0 a2=c000170ab0 a3=0 items=2 ppid=2183268 pid=2183281 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"curl\" exe=\"/usr/bin/curl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865590.590:21710425): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F33643030636561396438393061633736656339626264636134"}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865590.590:21710425): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865590.590:21710425): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865590.590:21710425): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/3d00cea9d890ac76ec9bbdca47f4d82e83b0a918911a118694314103c0f1ab42\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865590.590:21710425): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/3d00cea9d890ac76ec9bbdca47f4d82e83b0a918911a118694314103c0f1ab42/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2747462989\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/3d00cea9d890ac76ec9bbdca47f4d82e83b0a918911a118694314103c0f1ab42/fee2332ef04a97d806631c685450d137ec6a39758233b78eff0a96a9d43e62b6.pid\" a14=\"3d00cea9d890ac76ec9bbdca47f4d82e83b0a918911a118694314103c0f1ab42\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865590.590:21710425): arch=c000003e syscall=59 success=yes exit=0 a0=c0003819a0 a1=c000170e80 a2=c000170f00 a3=0 items=2 ppid=1163673 pid=2183288 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865590.577:21710424): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865590.577:21710424): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:5b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865590.577:21710424): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:5b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865590.577:21710424): cwd=\"/\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865590.577:21710424): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"postgres\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865590.577:21710424): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865590.577:21710424): arch=c000003e syscall=59 success=yes exit=0 a0=7b6a1c6bf288 a1=7b6a1c6bf1e8 a2=7b6a1c6bf208 a3=0 items=2 ppid=5762 pid=2183263 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865590.575:21710423): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865590.575:21710423): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:5b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865590.575:21710423): item=0 name=\"/bin/sh\" inode=8589166 dev=00:5b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865590.575:21710423): cwd=\"/\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865590.575:21710423): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865590.575:21710423): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865590.575:21710423): arch=c000003e syscall=59 success=yes exit=0 a0=c000178f38 a1=c000022ac0 a2=c0000b48c0 a3=0 items=2 ppid=2183248 pid=2183263 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865590.557:21710422): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865590.557:21710422): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865590.557:21710422): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:231 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865590.557:21710422): cwd=\"/var/lib/docker/rootfs/overlayfs/39100183abc56a19c2ae07206cdab399444cf7fa09e4b9d16d02b58b22eb293c\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865590.557:21710422): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865590.557:21710422): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5910 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=2183268 pid=2183279 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865590.540:21710421): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F33393130303138336162633536613139633261653037323036"}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865590.540:21710421): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865590.540:21710421): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865590.540:21710421): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/39100183abc56a19c2ae07206cdab399444cf7fa09e4b9d16d02b58b22eb293c\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865590.540:21710421): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/39100183abc56a19c2ae07206cdab399444cf7fa09e4b9d16d02b58b22eb293c/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1660090101\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/39100183abc56a19c2ae07206cdab399444cf7fa09e4b9d16d02b58b22eb293c/e56a5e3eef0aa5633b5eaeed06b16eaf14986dffe4644f8d4c8ce5e5433f65e6.pid\" a14=\"39100183abc56a19c2ae07206cdab399444cf7fa09e4b9d16d02b58b22eb293c\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865590.540:21710421): arch=c000003e syscall=59 success=yes exit=0 a0=c0004703d0 a1=c00028a100 a2=c00028a180 a3=0 items=2 ppid=5322 pid=2183268 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865590.526:21710420): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865590.526:21710420): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865590.526:21710420): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865590.526:21710420): cwd=\"/var/lib/docker/rootfs/overlayfs/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865590.526:21710420): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865590.526:21710420): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5890 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=2183248 pid=2183257 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865590.509:21710419): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36653065616135386161643139626438656463306639353565"}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865590.509:21710419): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865590.509:21710419): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865590.509:21710419): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865590.509:21710419): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process780534261\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39/fd63e79d04993ee4b1e3a4b7e2eedaef39396a25a1846af98715e113489ba5d8.pid\" a14=\"6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39\""}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865590.509:21710419): arch=c000003e syscall=59 success=yes exit=0 a0=c0005af640 a1=c000236a80 a2=c000236b00 a3=0 items=2 ppid=5762 pid=2183248 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865589.834:21710418): proctitle=636174002F746D702F66616C636F5F6865616C7468"}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865589.834:21710418): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8279763 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865589.834:21710418): item=0 name=\"/bin/cat\" inode=8279592 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865589.834:21710418): cwd=\"/\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865589.834:21710418): argc=2 a0=\"cat\" a1=\"/tmp/falco_health\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865589.834:21710418): arch=c000003e syscall=59 success=yes exit=0 a0=5b25ca500c50 a1=5b25ca4ff758 a2=5b25ca500bb8 a3=4 items=2 ppid=2183241 pid=2183247 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/bin/busybox\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865589.830:21710417): proctitle=2F62696E2F7368002D6300636174202F746D702F66616C636F5F6865616C7468207C7C20657869742030"}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865589.830:21710417): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8279763 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865589.830:21710417): item=0 name=\"/bin/sh\" inode=8279592 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865589.830:21710417): cwd=\"/\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865589.830:21710417): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=636174202F746D702F66616C636F5F6865616C7468207C7C20657869742030"}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865589.830:21710417): arch=c000003e syscall=59 success=yes exit=0 a0=c00016bcb8 a1=c0000224e0 a2=c000114e10 a3=0 items=2 ppid=2183229 pid=2183241 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865589.811:21710416): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865589.811:21710416): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865589.811:21710416): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865589.811:21710416): cwd=\"/var/lib/docker/rootfs/overlayfs/293239633a2ddf31b93206215b8746aa165b26f8930bdc103230de7930321e5e\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865589.811:21710416): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865589.811:21710416): arch=c000003e syscall=59 success=yes exit=0 a0=c00017bc20 a1=c0000a7038 a2=c0000b7c00 a3=0 items=2 ppid=2183229 pid=2183238 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865589.796:21710415): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F32393332333936333361326464663331623933323036323135"}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865589.796:21710415): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865589.796:21710415): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865589.796:21710415): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/293239633a2ddf31b93206215b8746aa165b26f8930bdc103230de7930321e5e\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865589.796:21710415): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/293239633a2ddf31b93206215b8746aa165b26f8930bdc103230de7930321e5e/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process239228271\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/293239633a2ddf31b93206215b8746aa165b26f8930bdc103230de7930321e5e/4b41707003181e8a4121adc8abbc7174dd9980459a07d062807b423c8ab2e511.pid\" a14=\"293239633a2ddf31b93206215b8746aa165b26f8930bdc103230de7930321e5e\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865589.796:21710415): arch=c000003e syscall=59 success=yes exit=0 a0=c0003d2200 a1=c0000c4100 a2=c0000c4180 a3=0 items=2 ppid=5318 pid=2183229 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865589.335:21710414): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550067726F777468626F6F6B002D6400706F737467726573"}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865589.335:21710414): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:95 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865589.335:21710414): item=0 name=\"/usr/lib/postgresql/17/bin/pg_isready\" inode=3958125 dev=00:95 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865589.335:21710414): cwd=\"/\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865589.335:21710414): argc=5 a0=\"/usr/lib/postgresql/17/bin/pg_isready\" a1=\"-U\" a2=\"growthbook\" a3=\"-d\" a4=\"postgres\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865589.335:21710414): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865589.335:21710414): arch=c000003e syscall=59 success=yes exit=0 a0=568a10a8b010 a1=568a108fd630 a2=568a106f7970 a3=70bacdbdde70 items=2 ppid=2183221 pid=2183227 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/lib/postgresql/17/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865589.295:21710413): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550067726F777468626F6F6B002D6400706F737467726573"}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865589.295:21710413): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:95 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865589.295:21710413): item=1 name=\"/usr/bin/perl\" inode=6956288 dev=00:95 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865589.295:21710413): item=0 name=\"/usr/bin/pg_isready\" inode=4211279 dev=00:95 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865589.295:21710413): cwd=\"/\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865589.295:21710413): argc=6 a0=\"/usr/bin/perl\" a1=\"/usr/bin/pg_isready\" a2=\"-U\" a3=\"growthbook\" a4=\"-d\" a5=\"postgres\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865589.295:21710413): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865589.295:21710413): arch=c000003e syscall=59 success=yes exit=0 a0=55d61b410640 a1=55d6033379a8 a2=55d61b4105d8 a3=8 items=3 ppid=2183221 pid=2183227 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/bin/perl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865589.291:21710412): proctitle=2F62696E2F7368002D630070675F69737265616479202D552067726F777468626F6F6B202D6420706F737467726573"}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865589.291:21710412): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:95 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865589.291:21710412): item=0 name=\"/bin/sh\" inode=6954646 dev=00:95 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865589.291:21710412): cwd=\"/\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865589.291:21710412): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552067726F777468626F6F6B202D6420706F737467726573"}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865589.291:21710412): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865589.291:21710412): arch=c000003e syscall=59 success=yes exit=0 a0=c00018ce80 a1=c000022ac0 a2=c0000900c0 a3=0 items=2 ppid=2183209 pid=2183221 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/usr/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865589.244:21710411): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865589.244:21710411): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865589.244:21710411): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865589.244:21710411): cwd=\"/var/lib/docker/rootfs/overlayfs/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865589.244:21710411): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865589.244:21710411): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b830 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=2183209 pid=2183218 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865589.229:21710410): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F30326662356464303063653239313436373264356635333762"}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865589.229:21710410): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865589.229:21710410): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865589.229:21710410): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865589.229:21710410): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2415570912\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf/5b2a7f87454aa2b031ff3368ed41c1a64d8e0831843c19b1293f88d1048c078b.pid\" a14=\"02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865589.229:21710410): arch=c000003e syscall=59 success=yes exit=0 a0=c0005225a0 a1=c000227580 a2=c000227600 a3=0 items=2 ppid=5607 pid=2183209 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865589.111:21710409): proctitle=2F62696E2F7368002D630070675F69737265616479202D552074797065626F74"}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865589.111:21710409): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865589.111:21710409): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865589.111:21710409): cwd=\"/\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865589.111:21710409): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"typebot\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865589.111:21710409): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865589.111:21710409): arch=c000003e syscall=59 success=yes exit=0 a0=768b133de278 a1=768b133de1d8 a2=768b133de1f8 a3=8080808080808080 items=2 ppid=4511 pid=2183202 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865589.108:21710408): proctitle=2F62696E2F7368002D630070675F69737265616479202D552074797065626F74"}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865589.108:21710408): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865589.108:21710408): item=0 name=\"/bin/sh\" inode=8589166 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865589.108:21710408): cwd=\"/\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865589.108:21710408): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552074797065626F74"}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865589.108:21710408): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865589.108:21710408): arch=c000003e syscall=59 success=yes exit=0 a0=c00018af38 a1=c000022ac0 a2=c0001348c0 a3=0 items=2 ppid=2183190 pid=2183202 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865589.065:21710407): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865589.065:21710407): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865589.065:21710407): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865589.065:21710407): cwd=\"/var/lib/docker/rootfs/overlayfs/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865589.065:21710407): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865589.065:21710407): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5890 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=2183190 pid=2183199 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865589.048:21710406): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F61353866643439636235323962633263336335663434343763"}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865589.048:21710406): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865589.048:21710406): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865589.048:21710406): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865589.048:21710406): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process167159882\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b/86e1092b5fc51cc85739bba3234c3a609b85d3693eafdc9c01435a0c28f1c3d8.pid\" a14=\"a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865589.048:21710406): arch=c000003e syscall=59 success=yes exit=0 a0=c000668310 a1=c00021fb00 a2=c00021fb80 a3=0 items=2 ppid=4511 pid=2183190 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865588.761:21710405): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865588.761:21710405): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865588.761:21710405): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865588.761:21710405): cwd=\"/var/lib/docker/rootfs/overlayfs/b539c3db94427db38e2f205e13ee104b50afa8ebe28e8de6717563f9b880c08e\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865588.761:21710405): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865588.761:21710405): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b810 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=2183166 pid=2183175 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865588.746:21710404): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F62353339633364623934343237646233386532663230356531"}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865588.746:21710404): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865588.746:21710404): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865588.746:21710404): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/b539c3db94427db38e2f205e13ee104b50afa8ebe28e8de6717563f9b880c08e\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865588.746:21710404): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/b539c3db94427db38e2f205e13ee104b50afa8ebe28e8de6717563f9b880c08e/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3143125593\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/b539c3db94427db38e2f205e13ee104b50afa8ebe28e8de6717563f9b880c08e/24193d4b076271c63ac880de9019853141e63f207a78246c5179b1719367ea12.pid\" a14=\"b539c3db94427db38e2f205e13ee104b50afa8ebe28e8de6717563f9b880c08e\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865588.746:21710404): arch=c000003e syscall=59 success=yes exit=0 a0=c000416a80 a1=c0001d9200 a2=c0001d9280 a3=0 items=2 ppid=5356 pid=2183166 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865588.517:21710403): proctitle=677265700077696E646D696C6C"}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865588.517:21710402): proctitle=707300617578"}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865588.517:21710402): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:120 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865588.517:21710403): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:120 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865588.517:21710402): item=0 name=\"/usr/bin/ps\" inode=8576698 dev=00:120 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865588.517:21710403): item=0 name=\"/usr/bin/grep\" inode=8524666 dev=00:120 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865588.517:21710402): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865588.517:21710403): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865588.517:21710402): argc=2 a0=\"ps\" a1=\"aux\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865588.517:21710403): argc=2 a0=\"grep\" a1=\"windmill\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865588.517:21710403): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865588.517:21710402): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865588.517:21710403): arch=c000003e syscall=59 success=yes exit=0 a0=62268eb908a8 a1=62268eb90800 a2=62268eb90818 a3=c6b15c078df7d00c items=2 ppid=2183155 pid=2183165 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"grep\" exe=\"/usr/bin/grep\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865588.517:21710402): arch=c000003e syscall=59 success=yes exit=0 a0=62268eb90888 a1=62268eb907e0 a2=62268eb907f8 a3=c6b15c078df7d00c items=2 ppid=2183155 pid=2183164 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"ps\" exe=\"/usr/bin/ps\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865588.512:21710401): proctitle=2F62696E2F7368002D6300707320617578207C20677265702077696E646D696C6C207C7C20657869742031"}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865588.512:21710401): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:120 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865588.512:21710401): item=0 name=\"/bin/sh\" inode=8524584 dev=00:120 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865588.512:21710401): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865588.512:21710401): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=707320617578207C20677265702077696E646D696C6C207C7C20657869742031"}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865588.512:21710401): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865588.512:21710401): arch=c000003e syscall=59 success=yes exit=0 a0=c0001a8f50 a1=c000022680 a2=c00018ca20 a3=0 items=2 ppid=2183143 pid=2183155 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/usr/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865588.469:21710400): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865588.469:21710400): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865588.469:21710400): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865588.469:21710400): cwd=\"/var/lib/docker/rootfs/overlayfs/beba1a544e568fe258b36536f8a2534b89a2940ed13c0d80d5f6bf1281bee1a6\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865588.469:21710400): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865588.469:21710400): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c58a0 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=2183143 pid=2183153 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865588.455:21710399): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F62656261316135343465353638666532353862333635333666"}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865588.455:21710399): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865588.455:21710399): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865588.455:21710399): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/beba1a544e568fe258b36536f8a2534b89a2940ed13c0d80d5f6bf1281bee1a6\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865588.455:21710399): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/beba1a544e568fe258b36536f8a2534b89a2940ed13c0d80d5f6bf1281bee1a6/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1233993911\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/beba1a544e568fe258b36536f8a2534b89a2940ed13c0d80d5f6bf1281bee1a6/1d98f1fb5ba9d6794b3d73cabe5d5a51d86796381f2cde2cf4dc85b26c6573db.pid\" a14=\"beba1a544e568fe258b36536f8a2534b89a2940ed13c0d80d5f6bf1281bee1a6\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865588.455:21710399): arch=c000003e syscall=59 success=yes exit=0 a0=c00036e980 a1=c0002c1900 a2=c0002c1980 a3=0 items=2 ppid=12904 pid=2183143 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865588.147:21710398): proctitle=6D617269616462002D2D64656661756C74732D65787472612D66696C653D2F7661722F6C69622F6D7973716C2F2E6D792D6865616C7468636865636B2E636E66002D2D70726F746F636F6C00736F636B6574002D42002D2D736B69702D636F6C756D6E2D6E616D6573002D650073656C65637420312066726F6D20696E666F72"}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865588.147:21710398): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:48 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865588.147:21710398): item=0 name=\"/usr/bin/mariadb\" inode=7117817 dev=00:48 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865588.147:21710398): cwd=\"/\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865588.147:21710398): argc=8 a0=\"mariadb\" a1=\"--defaults-extra-file=/var/lib/mysql/.my-healthcheck.cnf\" a2=\"--protocol\" a3=\"socket\" a4=\"-B\" a5=\"--skip-column-names\" a6=\"-e\" a7=73656C65637420312066726F6D20696E666F726D6174696F6E5F736368656D612E454E47494E455320574845524520656E67696E653D27696E6E6F64622720414E4420737570706F727420696E202827594553272C202744454641554C54272C2027454E41424C45442729"}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865588.147:21710398): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865588.147:21710398): arch=c000003e syscall=59 success=yes exit=0 a0=580038ebd990 a1=580038edf9c0 a2=580038ebe860 a3=8 items=2 ppid=2183134 pid=2183142 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"mariadb\" exe=\"/usr/bin/mariadb\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865588.133:21710397): proctitle=6D617269616462002D2D64656661756C74732D65787472612D66696C653D2F7661722F6C69622F6D7973716C2F2E6D792D6865616C7468636865636B2E636E66002D2D70726F746F636F6C00736F636B6574002D42002D2D736B69702D636F6C756D6E2D6E616D6573002D650073656C656374204040736B69705F6E6574776F"}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865588.133:21710397): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:48 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865588.133:21710397): item=0 name=\"/usr/bin/mariadb\" inode=7117817 dev=00:48 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865588.133:21710397): cwd=\"/\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865588.133:21710397): argc=8 a0=\"mariadb\" a1=\"--defaults-extra-file=/var/lib/mysql/.my-healthcheck.cnf\" a2=\"--protocol\" a3=\"socket\" a4=\"-B\" a5=\"--skip-column-names\" a6=\"-e\" a7=73656C656374204040736B69705F6E6574776F726B696E67"}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865588.133:21710397): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865588.133:21710397): arch=c000003e syscall=59 success=yes exit=0 a0=580038ebdfe0 a1=580038edf810 a2=580038ebe4a0 a3=8 items=2 ppid=2183134 pid=2183141 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"mariadb\" exe=\"/usr/bin/mariadb\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865588.124:21710396): proctitle=2F62696E2F62617368002F7573722F6C6F63616C2F62696E2F6865616C7468636865636B2E7368002D2D636F6E6E656374002D2D696E6E6F64625F696E697469616C697A6564"}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865588.124:21710396): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:48 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865588.124:21710396): item=1 name=\"/bin/bash\" inode=6963796 dev=00:48 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865588.124:21710396): item=0 name=\"/usr/local/bin/healthcheck.sh\" inode=7348502 dev=00:48 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865588.124:21710396): cwd=\"/\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865588.124:21710396): argc=4 a0=\"/bin/bash\" a1=\"/usr/local/bin/healthcheck.sh\" a2=\"--connect\" a3=\"--innodb_initialized\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865588.124:21710396): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865588.124:21710396): arch=c000003e syscall=59 success=yes exit=0 a0=c000028760 a1=c000022660 a2=c0000de320 a3=0 items=3 ppid=2183121 pid=2183134 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"healthcheck.sh\" exe=\"/usr/bin/bash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865588.091:21710395): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865588.091:21710395): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6694357 dev=00:7e mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865588.091:21710395): item=0 name=\"/usr/local/bin/redis-cli\" inode=6703632 dev=00:7e mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865588.091:21710395): cwd=\"/data\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865588.091:21710395): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865588.091:21710395): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865588.091:21710395): arch=c000003e syscall=59 success=yes exit=0 a0=c000028760 a1=c00009f350 a2=c0001651c0 a3=0 items=2 ppid=2183103 pid=2183115 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865588.079:21710394): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865588.079:21710394): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865588.079:21710394): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:231 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865588.079:21710394): cwd=\"/var/lib/docker/rootfs/overlayfs/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865588.079:21710394): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865588.079:21710394): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5890 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=2183121 pid=2183130 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865588.063:21710393): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F37656465303139653363623065383839303138636162386266"}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865588.063:21710393): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865588.063:21710393): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865588.063:21710393): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865588.063:21710393): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2181706450\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7/0f1e9476a2093e1c61c97af0c89a47b2912bb4ccffac3c1e3724b3720d0a8c60.pid\" a14=\"7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865588.063:21710393): arch=c000003e syscall=59 success=yes exit=0 a0=c000340f80 a1=c000304e00 a2=c000304f00 a3=0 items=2 ppid=4533 pid=2183121 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865588.040:21710392): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865588.040:21710392): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865588.040:21710392): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865588.040:21710392): cwd=\"/var/lib/docker/rootfs/overlayfs/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865588.040:21710392): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865588.040:21710392): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5890 a1=c0001c9350 a2=c0001cbc00 a3=0 items=2 ppid=2183103 pid=2183112 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865588.026:21710391): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F30613638333732643666643238323031363834626539383237"}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865588.026:21710391): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865588.026:21710391): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865588.026:21710391): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865588.026:21710391): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2644046090\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748/48078be3a88820597c655a597bc1f5194626dc1585212208b8d6351a2664e760.pid\" a14=\"0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865588.026:21710391): arch=c000003e syscall=59 success=yes exit=0 a0=c0001e1e30 a1=c000121a00 a2=c000121a80 a3=0 items=2 ppid=3830339 pid=2183103 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.975:21710390): proctitle=6375726C002D6600687474703A2F2F6C6F63616C686F73743A31373137302F"}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.975:21710390): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3566853 dev=00:5c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.975:21710390): item=0 name=\"/usr/bin/curl\" inode=3574788 dev=00:5c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.975:21710390): cwd=\"/app\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865587.975:21710390): argc=3 a0=\"curl\" a1=\"-f\" a2=\"http://localhost:17170/\""}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865587.975:21710390): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.975:21710390): arch=c000003e syscall=59 success=yes exit=0 a0=c00018f0f0 a1=c000022ac0 a2=c00013ec00 a3=0 items=2 ppid=2183085 pid=2183097 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"curl\" exe=\"/usr/bin/curl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.934:21710389): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.934:21710389): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.934:21710389): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.934:21710389): cwd=\"/var/lib/docker/rootfs/overlayfs/5bd3e1d5545f7ec51999f8794a4b4d6cc0fd1d92f87a78cfdfb129e440cd0559\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865587.934:21710389): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.934:21710389): arch=c000003e syscall=59 success=yes exit=0 a0=c0001cd890 a1=c0001d1350 a2=c0001d3c80 a3=0 items=2 ppid=2183085 pid=2183095 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.919:21710388): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F35626433653164353534356637656335313939396638373934"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.919:21710388): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.919:21710388): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.919:21710388): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/5bd3e1d5545f7ec51999f8794a4b4d6cc0fd1d92f87a78cfdfb129e440cd0559\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865587.919:21710388): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/5bd3e1d5545f7ec51999f8794a4b4d6cc0fd1d92f87a78cfdfb129e440cd0559/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2985856487\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/5bd3e1d5545f7ec51999f8794a4b4d6cc0fd1d92f87a78cfdfb129e440cd0559/8430522dd6dec275466e4dfb934dd7c64fd136f7b2d81eee931cfc86790f0c64.pid\" a14=\"5bd3e1d5545f7ec51999f8794a4b4d6cc0fd1d92f87a78cfdfb129e440cd0559\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.919:21710388): arch=c000003e syscall=59 success=yes exit=0 a0=c0001bad00 a1=c000221400 a2=c000221480 a3=0 items=2 ppid=5253 pid=2183085 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.913:21710387): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.913:21710387): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:120 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.913:21710387): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:120 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.913:21710387): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865587.913:21710387): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865587.913:21710387): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.913:21710387): arch=c000003e syscall=59 success=yes exit=0 a0=7de3f471ed60 a1=7de3ad035680 a2=634e07c84a40 a3=8 items=2 ppid=13318 pid=2183084 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.913:21710386): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.913:21710386): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.913:21710386): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.913:21710386): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad035680 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2183084 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.913:21710385): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.913:21710385): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.913:21710385): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.913:21710385): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad035680 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2183084 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.912:21710384): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.912:21710384): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.912:21710384): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.912:21710384): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad035680 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2183084 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.912:21710383): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.912:21710383): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.912:21710383): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.912:21710383): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad035680 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2183084 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.912:21710382): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.912:21710382): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.912:21710382): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.912:21710382): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad035680 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2183084 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.912:21710381): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.912:21710381): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.912:21710381): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.912:21710381): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad035680 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2183084 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.910:21710380): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.910:21710380): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:120 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.910:21710380): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:120 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.910:21710380): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865587.910:21710380): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865587.910:21710380): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.910:21710380): arch=c000003e syscall=59 success=yes exit=0 a0=7de3f471ed60 a1=7de321801860 a2=634e07c84a40 a3=8 items=2 ppid=13318 pid=2183083 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.910:21710379): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.910:21710379): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.910:21710379): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.910:21710379): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de321801860 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2183083 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.910:21710378): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.910:21710378): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.910:21710378): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.910:21710378): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de321801860 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2183083 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.910:21710377): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.910:21710377): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.910:21710377): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.910:21710377): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de321801860 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2183083 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.910:21710376): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.910:21710376): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.910:21710376): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.910:21710376): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de321801860 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2183083 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.910:21710375): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.910:21710375): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.910:21710375): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.910:21710375): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de321801860 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2183083 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.910:21710374): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.910:21710374): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.910:21710374): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.910:21710374): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de321801860 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2183083 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.907:21710373): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.907:21710373): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:120 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.907:21710373): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:120 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.907:21710373): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865587.907:21710373): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865587.907:21710373): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.907:21710373): arch=c000003e syscall=59 success=yes exit=0 a0=7de3f471ed60 a1=7de3ad035780 a2=634e07c84a40 a3=8 items=2 ppid=13318 pid=2183082 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.907:21710372): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.907:21710372): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.907:21710372): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.907:21710372): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad035780 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2183082 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.907:21710371): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.907:21710371): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.907:21710371): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.907:21710371): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad035780 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2183082 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.907:21710370): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.907:21710370): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.907:21710370): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.907:21710370): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad035780 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2183082 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.907:21710369): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.907:21710369): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.907:21710369): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.907:21710369): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad035780 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2183082 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.906:21710368): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.906:21710368): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.906:21710368): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.906:21710368): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad035780 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2183082 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.906:21710367): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.906:21710367): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.906:21710367): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.906:21710367): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad035780 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2183082 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.863:21710366): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.863:21710366): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6694357 dev=00:72 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.863:21710366): item=0 name=\"/usr/local/bin/redis-cli\" inode=6703632 dev=00:72 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.863:21710366): cwd=\"/data\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865587.863:21710366): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865587.863:21710366): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.863:21710366): arch=c000003e syscall=59 success=yes exit=0 a0=c000028760 a1=c00009f350 a2=c0001551c0 a3=0 items=2 ppid=4127 pid=2183075 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.818:21710365): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.818:21710365): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.818:21710365): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.818:21710365): cwd=\"/var/lib/docker/rootfs/overlayfs/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865587.818:21710365): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.818:21710365): arch=c000003e syscall=59 success=yes exit=0 a0=c0001cd880 a1=c0001d1350 a2=c0001d3c00 a3=0 items=2 ppid=2183063 pid=2183072 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.804:21710364): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F34383062353761303034306362373564646534356436663664"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.804:21710364): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.804:21710364): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.804:21710364): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865587.804:21710364): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process415876783\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af/1a21adadc62d044d2bf5e3757b3df1082acedacd15740af9f34733f875e55922.pid\" a14=\"480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.804:21710364): arch=c000003e syscall=59 success=yes exit=0 a0=c000582a00 a1=c000168a80 a2=c000168b00 a3=0 items=2 ppid=4127 pid=2183063 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=USER_ERR msg=audit(1775865587.751:21710363): pid=2182995 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:bad_ident grantors=? acct=\"?\" exe=\"/usr/sbin/sshd\" hostname=111.26.79.159 addr=111.26.79.159 terminal=ssh res=failed'\u001dUID=\"root\" AUID=\"unset\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.567:21710362): proctitle=77676574002D2D737069646572002D2D717569657400687474703A2F2F6C6F63616C686F73743A39303030"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.567:21710362): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6690187 dev=00:52 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.567:21710362): item=0 name=\"/usr/bin/wget\" inode=6689540 dev=00:52 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.567:21710362): cwd=\"/\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865587.567:21710362): argc=4 a0=\"wget\" a1=\"--spider\" a2=\"--quiet\" a3=\"http://localhost:9000\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.567:21710362): arch=c000003e syscall=59 success=yes exit=0 a0=c0000e5e60 a1=c0000df560 a2=c0000224e0 a3=0 items=2 ppid=3912 pid=2183055 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/bin/busybox\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=USER_LOGIN msg=audit(1775865587.553:21710361): pid=2182995 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=login acct=28696E76616C6964207573657229 exe=\"/usr/sbin/sshd\" hostname=? addr=111.26.79.159 terminal=sshd res=failed'\u001dUID=\"root\" AUID=\"unset\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=USER_LOGIN msg=audit(1775865587.552:21710360): pid=2182995 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=login acct=28696E76616C6964207573657229 exe=\"/usr/sbin/sshd\" hostname=? addr=111.26.79.159 terminal=sshd res=failed'\u001dUID=\"root\" AUID=\"unset\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.548:21710359): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.548:21710359): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:102 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.548:21710359): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:102 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.548:21710359): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865587.548:21710359): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865587.548:21710359): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.548:21710359): arch=c000003e syscall=59 success=yes exit=0 a0=7e8ad4131d60 a1=7e8ac6e04da0 a2=618bc9213650 a3=8 items=2 ppid=1943853 pid=2183062 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.548:21710358): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.548:21710358): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.548:21710358): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.548:21710358): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04da0 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2183062 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.548:21710357): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.548:21710357): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.548:21710357): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.548:21710357): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04da0 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2183062 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.548:21710356): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.548:21710356): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.548:21710356): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.548:21710356): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04da0 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2183062 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.548:21710355): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.548:21710355): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.548:21710355): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.548:21710355): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04da0 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2183062 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.547:21710354): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.547:21710354): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.547:21710354): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.547:21710354): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04da0 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2183062 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.547:21710353): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.547:21710353): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.547:21710353): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.547:21710353): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04da0 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2183062 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.545:21710352): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.545:21710352): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:102 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.545:21710352): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:102 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.545:21710352): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865587.545:21710352): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865587.545:21710352): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.545:21710352): arch=c000003e syscall=59 success=yes exit=0 a0=7e8ad4131d60 a1=7e8a64e002e0 a2=618bc9213650 a3=8 items=2 ppid=1943853 pid=2183056 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.545:21710351): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.545:21710351): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.545:21710351): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.545:21710351): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8a64e002e0 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2183056 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.545:21710350): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.545:21710350): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.545:21710350): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.545:21710350): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8a64e002e0 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2183056 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.545:21710349): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.545:21710349): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.545:21710349): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.545:21710349): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8a64e002e0 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2183056 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.545:21710348): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.545:21710348): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.545:21710348): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.545:21710348): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8a64e002e0 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2183056 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.544:21710347): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.544:21710347): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.544:21710347): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.544:21710347): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8a64e002e0 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2183056 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.544:21710346): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.544:21710346): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.544:21710346): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.544:21710346): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8a64e002e0 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2183056 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.541:21710345): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.541:21710345): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:102 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.541:21710345): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:102 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.541:21710345): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865587.541:21710345): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865587.541:21710345): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.541:21710345): arch=c000003e syscall=59 success=yes exit=0 a0=7e8ad4131d60 a1=7e8a64e002a0 a2=618bc9213650 a3=8 items=2 ppid=1943853 pid=2183053 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.541:21710344): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.541:21710344): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.541:21710344): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.541:21710344): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8a64e002a0 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2183053 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.541:21710343): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.541:21710343): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.541:21710343): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.541:21710343): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8a64e002a0 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2183053 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.541:21710342): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.541:21710342): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.541:21710342): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.541:21710342): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8a64e002a0 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2183053 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.541:21710341): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.541:21710341): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.541:21710341): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.541:21710341): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8a64e002a0 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2183053 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.541:21710340): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.541:21710340): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.541:21710340): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.541:21710340): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8a64e002a0 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2183053 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.541:21710339): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.541:21710339): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.541:21710339): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.541:21710339): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8a64e002a0 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2183053 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.538:21710338): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.538:21710338): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.538:21710338): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.538:21710338): cwd=\"/var/lib/docker/rootfs/overlayfs/08ef8e2f2653a795b49f9c31d690e5615c19f87e004231b8cb85077d9147f610\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865587.538:21710338): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.538:21710338): arch=c000003e syscall=59 success=yes exit=0 a0=c00017bb20 a1=c0000a7038 a2=c0000b7bc0 a3=0 items=2 ppid=2183042 pid=2183052 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.523:21710337): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F30386566386532663236353361373935623439663963333164"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.523:21710337): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.523:21710337): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.523:21710337): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/08ef8e2f2653a795b49f9c31d690e5615c19f87e004231b8cb85077d9147f610\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865587.523:21710337): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/08ef8e2f2653a795b49f9c31d690e5615c19f87e004231b8cb85077d9147f610/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2548490644\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/08ef8e2f2653a795b49f9c31d690e5615c19f87e004231b8cb85077d9147f610/c6f7210f6d4356fa142def8bf6a4bb3d8a8413421c7d5c13f02930600fe56c2d.pid\" a14=\"08ef8e2f2653a795b49f9c31d690e5615c19f87e004231b8cb85077d9147f610\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.523:21710337): arch=c000003e syscall=59 success=yes exit=0 a0=c000195fc0 a1=c000132980 a2=c000132a00 a3=0 items=2 ppid=3912 pid=2183042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.475:21710336): proctitle=77676574002D2D6E6F2D766572626F7365002D2D74726965733D31002D2D73706964657200687474703A2F2F6C6F63616C686F73743A393039312F6170692F6865616C7468"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.475:21710336): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=3678029 dev=00:e9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.475:21710336): item=0 name=\"/usr/bin/wget\" inode=3677985 dev=00:e9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.475:21710336): cwd=\"/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865587.475:21710336): argc=5 a0=\"wget\" a1=\"--no-verbose\" a2=\"--tries=1\" a3=\"--spider\" a4=\"http://localhost:9091/api/health\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865587.475:21710336): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.475:21710336): arch=c000003e syscall=59 success=yes exit=0 a0=594875c395c0 a1=594875c39540 a2=594875c39570 a3=740472cf1b38 items=2 ppid=2183034 pid=2183041 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/usr/bin/wget\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.471:21710335): proctitle=2F62696E2F7368002D630077676574202D2D6E6F2D766572626F7365202D2D74726965733D31202D2D73706964657220687474703A2F2F6C6F63616C686F73743A393039312F6170692F6865616C7468207C7C20657869742031"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.471:21710335): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=3678029 dev=00:e9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.471:21710335): item=0 name=\"/bin/sh\" inode=3675124 dev=00:e9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.471:21710335): cwd=\"/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865587.471:21710335): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=77676574202D2D6E6F2D766572626F7365202D2D74726965733D31202D2D73706964657220687474703A2F2F6C6F63616C686F73743A393039312F6170692F6865616C7468207C7C20657869742031"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865587.471:21710335): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.471:21710335): arch=c000003e syscall=59 success=yes exit=0 a0=c00019ae78 a1=c000022aa0 a2=c0000e9200 a3=0 items=2 ppid=2183017 pid=2183034 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/sh\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.419:21710334): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.419:21710334): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.419:21710334): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.419:21710334): cwd=\"/var/lib/docker/rootfs/overlayfs/dded6b49287cffb7eb9d3e0e8fcca16ac4bcfe7f6ea4331cbfc92babc5585263\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865587.419:21710334): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.419:21710334): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3860 a1=c0001f7338 a2=c0001f9c40 a3=0 items=2 ppid=2183017 pid=2183030 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.416:21710333): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.416:21710333): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:d2 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.416:21710333): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:d2 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.416:21710333): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865587.416:21710333): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865587.416:21710333): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.416:21710333): arch=c000003e syscall=59 success=yes exit=0 a0=74bcbc1b9d60 a1=74bc78e8cdc0 a2=5f16263f7a40 a3=8 items=2 ppid=12863 pid=2183025 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.416:21710332): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.416:21710332): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.416:21710332): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.416:21710332): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8cdc0 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2183025 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.416:21710331): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.416:21710331): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.416:21710331): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.416:21710331): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8cdc0 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2183025 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.416:21710330): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.416:21710330): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.416:21710330): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.416:21710330): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8cdc0 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2183025 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.416:21710329): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.416:21710329): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.416:21710329): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.416:21710329): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8cdc0 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2183025 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.416:21710328): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.416:21710328): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.416:21710328): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.416:21710328): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8cdc0 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2183025 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.416:21710327): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.416:21710327): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.416:21710327): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.416:21710327): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8cdc0 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2183025 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.413:21710326): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.413:21710326): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:d2 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.413:21710326): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:d2 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.413:21710326): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865587.413:21710326): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865587.413:21710326): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.413:21710326): arch=c000003e syscall=59 success=yes exit=0 a0=74bcbc1b9d60 a1=74bc78e8ce20 a2=5f16263f7a40 a3=8 items=2 ppid=12863 pid=2183024 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.412:21710325): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.412:21710325): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.412:21710325): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.412:21710325): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8ce20 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2183024 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.412:21710324): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.412:21710324): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.412:21710324): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.412:21710324): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8ce20 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2183024 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.412:21710323): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.412:21710323): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.412:21710323): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.412:21710323): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8ce20 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2183024 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.412:21710322): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.412:21710322): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.412:21710322): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.412:21710322): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8ce20 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2183024 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.412:21710321): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.412:21710321): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.412:21710321): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.412:21710321): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8ce20 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2183024 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.412:21710320): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.412:21710320): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.412:21710320): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.412:21710320): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8ce20 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2183024 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.409:21710319): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.409:21710319): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:d2 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.409:21710319): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:d2 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.409:21710319): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865587.409:21710319): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865587.409:21710319): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.409:21710319): arch=c000003e syscall=59 success=yes exit=0 a0=74bcbc1b9d60 a1=74bc78e8ce00 a2=5f16263f7a40 a3=8 items=2 ppid=12863 pid=2183022 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.409:21710318): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.409:21710318): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.409:21710318): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.409:21710318): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8ce00 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2183022 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.409:21710317): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.409:21710317): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.409:21710317): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.409:21710317): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8ce00 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2183022 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.409:21710316): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.409:21710316): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.409:21710316): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.409:21710316): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8ce00 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2183022 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.409:21710315): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.409:21710315): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.409:21710315): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.409:21710315): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8ce00 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2183022 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.409:21710314): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.409:21710314): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.409:21710314): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.409:21710314): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8ce00 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2183022 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.409:21710313): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.409:21710313): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.409:21710313): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.409:21710313): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8ce00 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2183022 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865587.401:21710312): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F64646564366234393238376366666237656239643365306538"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.401:21710312): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865587.401:21710312): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865587.401:21710312): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/dded6b49287cffb7eb9d3e0e8fcca16ac4bcfe7f6ea4331cbfc92babc5585263\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865587.401:21710312): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/dded6b49287cffb7eb9d3e0e8fcca16ac4bcfe7f6ea4331cbfc92babc5585263/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process317024469\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/dded6b49287cffb7eb9d3e0e8fcca16ac4bcfe7f6ea4331cbfc92babc5585263/1b0fcecbe2d7526f6eaf3fbf37eedc325667aa4df18e5a0c30ca6a5ceca0a4a6.pid\" a14=\"dded6b49287cffb7eb9d3e0e8fcca16ac4bcfe7f6ea4331cbfc92babc5585263\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865587.401:21710312): arch=c000003e syscall=59 success=yes exit=0 a0=c0002cc460 a1=c00013a280 a2=c00013a300 a3=0 items=2 ppid=2004630 pid=2183017 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865586.851:21710311): proctitle=2F62696E2F7368002D630070675F69737265616479202D552077696E646D696C6C5F75736572202D642077696E646D696C6C5F6462"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865586.851:21710311): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:bb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865586.851:21710311): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:bb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865586.851:21710311): cwd=\"/\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865586.851:21710311): argc=5 a0=\"pg_isready\" a1=\"-U\" a2=\"windmill_user\" a3=\"-d\" a4=\"windmill_db\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865586.851:21710311): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865586.851:21710311): arch=c000003e syscall=59 success=yes exit=0 a0=74ca985b33f8 a1=74ca985b3290 a2=74ca985b3378 a3=0 items=2 ppid=2004556 pid=2183010 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865586.848:21710310): proctitle=2F62696E2F7368002D630070675F69737265616479202D552077696E646D696C6C5F75736572202D642077696E646D696C6C5F6462"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865586.848:21710310): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:bb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865586.848:21710310): item=0 name=\"/bin/sh\" inode=8589166 dev=00:bb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865586.848:21710310): cwd=\"/\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865586.848:21710310): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552077696E646D696C6C5F75736572202D642077696E646D696C6C5F6462"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865586.848:21710310): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865586.848:21710310): arch=c000003e syscall=59 success=yes exit=0 a0=c00018cf38 a1=c000022ac0 a2=c0001348c0 a3=0 items=2 ppid=2182997 pid=2183010 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865586.801:21710309): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865586.801:21710309): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865586.801:21710309): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865586.801:21710309): cwd=\"/var/lib/docker/rootfs/overlayfs/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865586.801:21710309): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865586.801:21710309): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b850 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=2182997 pid=2183006 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865586.785:21710308): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F32613336356335636263646565393463656638656238333338"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865586.785:21710308): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865586.785:21710308): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865586.785:21710308): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865586.785:21710308): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1934426468\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c/fbd6f608ae49a043b50259058c735b18351c84f085c0dd6e2d03d525e6d91d07.pid\" a14=\"2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865586.785:21710308): arch=c000003e syscall=59 success=yes exit=0 a0=c0006000d0 a1=c00010c300 a2=c00010c380 a3=0 items=2 ppid=2004556 pid=2182997 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865586.742:21710307): proctitle=2F7573722F7362696E2F73736864002D44002D52"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865586.742:21710307): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865586.742:21710307): item=0 name=\"/usr/sbin/sshd\" inode=4064199 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865586.742:21710307): cwd=\"/\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865586.742:21710307): argc=3 a0=\"/usr/sbin/sshd\" a1=\"-D\" a2=\"-R\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865586.742:21710307): arch=c000003e syscall=59 success=yes exit=0 a0=639ec3c40950 a1=639ec3c9a6e0 a2=639ec3c40990 a3=8 items=2 ppid=1838510 pid=2182995 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sshd\" exe=\"/usr/sbin/sshd\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865586.622:21710306): proctitle=6373636C69006D657472696373"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865586.622:21710306): item=0 name=\"/usr/local/bin/cscli\" inode=7117508 dev=00:99 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865586.622:21710306): cwd=\"/\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865586.622:21710306): argc=2 a0=\"cscli\" a1=\"metrics\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865586.622:21710306): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865586.622:21710306): arch=c000003e syscall=59 success=yes exit=0 a0=c000027380 a1=c0000d5350 a2=c0000c78f0 a3=0 items=1 ppid=2182946 pid=2182959 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cscli\" exe=\"/usr/local/bin/cscli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865586.607:21710305): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865586.607:21710305): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865586.607:21710305): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:231 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865586.607:21710305): cwd=\"/var/lib/docker/rootfs/overlayfs/056a09c20dcef0fe62aa8b538144973d1eea3cbffb3ac42d3a0cc1c2e4e596d5\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865586.607:21710305): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865586.607:21710305): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5870 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=2182965 pid=2182974 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865586.590:21710304): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F30353661303963323064636566306665363261613862353338"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865586.590:21710304): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865586.590:21710304): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865586.590:21710304): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/056a09c20dcef0fe62aa8b538144973d1eea3cbffb3ac42d3a0cc1c2e4e596d5\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865586.590:21710304): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/056a09c20dcef0fe62aa8b538144973d1eea3cbffb3ac42d3a0cc1c2e4e596d5/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2052280350\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/056a09c20dcef0fe62aa8b538144973d1eea3cbffb3ac42d3a0cc1c2e4e596d5/af0285362c58aa3ebb0e663fa8a308a60a31631e5a7e5cebb21773dc4a918168.pid\" a14=\"056a09c20dcef0fe62aa8b538144973d1eea3cbffb3ac42d3a0cc1c2e4e596d5\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865586.590:21710304): arch=c000003e syscall=59 success=yes exit=0 a0=c0003ddd50 a1=c0003bb080 a2=c0003bb100 a3=0 items=2 ppid=4360 pid=2182965 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865586.578:21710303): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865586.578:21710303): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865586.578:21710303): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865586.578:21710303): cwd=\"/var/lib/docker/rootfs/overlayfs/6e240b3263a20143aa4d507e566bf8e51d46fe0f910bdfa8ddefa9a2f73124d3\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865586.578:21710303): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865586.578:21710303): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b840 a1=c00017f338 a2=c000181c00 a3=0 items=2 ppid=2182946 pid=2182955 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865586.564:21710302): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36653234306233323633613230313433616134643530376535"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865586.564:21710302): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865586.564:21710302): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865586.564:21710302): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e240b3263a20143aa4d507e566bf8e51d46fe0f910bdfa8ddefa9a2f73124d3\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865586.564:21710302): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e240b3263a20143aa4d507e566bf8e51d46fe0f910bdfa8ddefa9a2f73124d3/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1302017395\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e240b3263a20143aa4d507e566bf8e51d46fe0f910bdfa8ddefa9a2f73124d3/47183f6e2c2166f3c3a5f2168f278375ae3617f07a6f8398c9bda8dad4053bf2.pid\" a14=\"6e240b3263a20143aa4d507e566bf8e51d46fe0f910bdfa8ddefa9a2f73124d3\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865586.564:21710302): arch=c000003e syscall=59 success=yes exit=0 a0=c00036e210 a1=c000324780 a2=c000324800 a3=0 items=2 ppid=5559 pid=2182946 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865586.434:21710301): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865586.434:21710301): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:50 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865586.434:21710301): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:50 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865586.434:21710301): cwd=\"/\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865586.434:21710301): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"postgres\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865586.434:21710301): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865586.434:21710301): arch=c000003e syscall=59 success=yes exit=0 a0=7a098b903288 a1=7a098b9031e8 a2=7a098b903208 a3=0 items=2 ppid=4396 pid=2182936 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865586.430:21710300): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865586.430:21710300): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:50 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865586.430:21710300): item=0 name=\"/bin/sh\" inode=8589166 dev=00:50 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865586.430:21710300): cwd=\"/\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865586.430:21710300): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865586.430:21710300): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865586.430:21710300): arch=c000003e syscall=59 success=yes exit=0 a0=c000196f78 a1=c000022680 a2=c0000d88c0 a3=0 items=2 ppid=4396 pid=2182936 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865586.403:21710299): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520646F63757365616C"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865586.403:21710299): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:32 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865586.403:21710299): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:32 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865586.403:21710299): cwd=\"/\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865586.403:21710299): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"docuseal\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865586.403:21710299): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865586.403:21710299): arch=c000003e syscall=59 success=yes exit=0 a0=709347254288 a1=7093472541e8 a2=709347254208 a3=0 items=2 ppid=3467 pid=2182918 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865586.399:21710298): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520646F63757365616C"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865586.399:21710298): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:32 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865586.399:21710298): item=0 name=\"/bin/sh\" inode=8589166 dev=00:32 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865586.399:21710298): cwd=\"/\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865586.399:21710298): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520646F63757365616C"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865586.399:21710298): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865586.399:21710298): arch=c000003e syscall=59 success=yes exit=0 a0=c00018af38 a1=c000022ac0 a2=c0001348c0 a3=0 items=2 ppid=2182905 pid=2182918 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865586.387:21710297): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865586.387:21710297): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865586.387:21710297): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:231 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865586.387:21710297): cwd=\"/var/lib/docker/rootfs/overlayfs/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865586.387:21710297): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865586.387:21710297): arch=c000003e syscall=59 success=yes exit=0 a0=c0002458a0 a1=c000249350 a2=c00024bc40 a3=0 items=2 ppid=2182924 pid=2182934 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865586.369:21710296): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36373039376639343730643235616536323333306332373865"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865586.369:21710296): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865586.369:21710296): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865586.369:21710296): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865586.369:21710296): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process166730048\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41/773fda19c5d6eba8c3e3bc7132f06e38997e836e3a2154758fba6051fd30928a.pid\" a14=\"67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865586.369:21710296): arch=c000003e syscall=59 success=yes exit=0 a0=c000601a80 a1=c000331500 a2=c000331580 a3=0 items=2 ppid=4396 pid=2182924 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865586.354:21710295): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865586.354:21710295): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865586.354:21710295): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865586.354:21710295): cwd=\"/var/lib/docker/rootfs/overlayfs/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865586.354:21710295): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865586.354:21710295): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c7890 a1=c0001cb350 a2=c0001cdc80 a3=0 items=2 ppid=2182905 pid=2182914 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865586.339:21710294): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F33363066643730616536656237636435653039353463653966"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865586.339:21710294): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865586.339:21710294): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865586.339:21710294): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865586.339:21710294): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2695846721\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a/6a27c1723e8e9940482eb0b2fd3891f2f405857eb5f723893bebb9f5095c1a3e.pid\" a14=\"360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865586.339:21710294): arch=c000003e syscall=59 success=yes exit=0 a0=c00040ada0 a1=c0002b4e80 a2=c0002b4f00 a3=0 items=2 ppid=3467 pid=2182905 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865586.194:21710293): proctitle=77676574002D71002D2D73706964657200687474703A2F2F3132372E302E302E313A353030302F6865616C7468"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865586.194:21710293): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:5e mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865586.194:21710293): item=0 name=\"/usr/bin/wget\" inode=3454556 dev=00:5e mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865586.194:21710293): cwd=\"/app\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865586.194:21710293): argc=4 a0=\"wget\" a1=\"-q\" a2=\"--spider\" a3=\"http://127.0.0.1:5000/health\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865586.194:21710293): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865586.194:21710293): arch=c000003e syscall=59 success=yes exit=0 a0=76aa21574430 a1=76aa215743b0 a2=76aa215743d8 a3=0 items=2 ppid=2182897 pid=2182903 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865586.190:21710292): proctitle=2F62696E2F7368002D630077676574202D71202D2D73706964657220687474703A2F2F3132372E302E302E313A353030302F6865616C7468207C7C20657869742031"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865586.190:21710292): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:5e mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865586.190:21710292): item=0 name=\"/bin/sh\" inode=3454556 dev=00:5e mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865586.190:21710292): cwd=\"/app\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865586.190:21710292): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=77676574202D71202D2D73706964657220687474703A2F2F3132372E302E302E313A353030302F6865616C7468207C7C20657869742031"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865586.190:21710292): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865586.190:21710292): arch=c000003e syscall=59 success=yes exit=0 a0=c000196f48 a1=c000022660 a2=c0000de320 a3=0 items=2 ppid=2182884 pid=2182897 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865586.140:21710291): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865586.140:21710291): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865586.140:21710291): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865586.140:21710291): cwd=\"/var/lib/docker/rootfs/overlayfs/d80835cb7ba62c46a5cbd03fdf5267299086c5b276258870959e4da55044b0ee\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865586.140:21710291): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865586.140:21710291): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b830 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=2182884 pid=2182894 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865586.125:21710290): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F64383038333563623762613632633436613563626430336664"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865586.125:21710290): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865586.125:21710290): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865586.125:21710290): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/d80835cb7ba62c46a5cbd03fdf5267299086c5b276258870959e4da55044b0ee\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865586.125:21710290): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/d80835cb7ba62c46a5cbd03fdf5267299086c5b276258870959e4da55044b0ee/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process414649946\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/d80835cb7ba62c46a5cbd03fdf5267299086c5b276258870959e4da55044b0ee/5cc5d7813b2d27b42f89833d5ddda219fbe3c4ff95badbd1b7ff4b18824fe095.pid\" a14=\"d80835cb7ba62c46a5cbd03fdf5267299086c5b276258870959e4da55044b0ee\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865586.125:21710290): arch=c000003e syscall=59 success=yes exit=0 a0=c0002f9910 a1=c0000fee80 a2=c0000fef00 a3=0 items=2 ppid=4808 pid=2182884 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865585.982:21710289): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865585.982:21710289): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6694357 dev=00:45 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865585.982:21710289): item=0 name=\"/usr/local/bin/redis-cli\" inode=6703632 dev=00:45 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865585.982:21710289): cwd=\"/data\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865585.982:21710289): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865585.982:21710289): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865585.982:21710289): arch=c000003e syscall=59 success=yes exit=0 a0=c0000289a0 a1=c0000e3350 a2=c0000eb1c0 a3=0 items=2 ppid=2182864 pid=2182877 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865585.933:21710288): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865585.933:21710288): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865585.933:21710288): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865585.933:21710288): cwd=\"/var/lib/docker/rootfs/overlayfs/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865585.933:21710288): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865585.933:21710288): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3830 a1=c0001f7338 a2=c0001f9c00 a3=0 items=2 ppid=2182864 pid=2182873 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865585.917:21710287): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F34636330343638363065393965643463653631636334663763"}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865585.917:21710287): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865585.917:21710287): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865585.917:21710287): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865585.917:21710287): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1386962044\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d/b8307dc9dd9e8027a5185bb82e5cdb1310b0c44b2193e495391258c824fd11cf.pid\" a14=\"4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865585.917:21710287): arch=c000003e syscall=59 success=yes exit=0 a0=c000608a20 a1=c000614180 a2=c000614200 a3=0 items=2 ppid=3439 pid=2182864 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865585.785:21710286): proctitle=77676574002D2D737069646572002D7100687474703A2F2F3132372E302E302E313A383038302F737461747573"}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865585.785:21710286): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:44 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865585.785:21710286): item=0 name=\"/usr/bin/wget\" inode=3454556 dev=00:44 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865585.785:21710286): cwd=\"/data\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865585.785:21710286): argc=4 a0=\"wget\" a1=\"--spider\" a2=\"-q\" a3=\"http://127.0.0.1:8080/status\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865585.785:21710286): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865585.785:21710286): arch=c000003e syscall=59 success=yes exit=0 a0=772bdd002408 a1=772bdd0023b0 a2=772bdd0023d8 a3=8080808080808080 items=2 ppid=2182857 pid=2182863 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865585.781:21710285): proctitle=2F62696E2F7368002D630077676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A383038302F737461747573207C7C20657869742031"}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865585.781:21710285): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:44 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865585.781:21710285): item=0 name=\"/bin/sh\" inode=3454556 dev=00:44 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865585.781:21710285): cwd=\"/data\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865585.781:21710285): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=77676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A383038302F737461747573207C7C20657869742031"}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865585.781:21710285): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865585.781:21710285): arch=c000003e syscall=59 success=yes exit=0 a0=c00018ef28 a1=c000022ac0 a2=c000022ae0 a3=0 items=2 ppid=3427 pid=2182857 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865585.744:21710284): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865585.744:21710284): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865585.744:21710284): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865585.744:21710284): cwd=\"/var/lib/docker/rootfs/overlayfs/dc584acf339b0dd02a15498b48f6353fdccfb4b26c1ae9c833c37fffce3c4bfa\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865585.744:21710284): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865585.744:21710284): arch=c000003e syscall=59 success=yes exit=0 a0=c0001eb820 a1=c0001ef338 a2=c0001f1c00 a3=0 items=2 ppid=2182845 pid=2182854 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865585.729:21710283): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F64633538346163663333396230646430326131353439386234"}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865585.729:21710283): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865585.729:21710283): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865585.729:21710283): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/dc584acf339b0dd02a15498b48f6353fdccfb4b26c1ae9c833c37fffce3c4bfa\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865585.729:21710283): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/dc584acf339b0dd02a15498b48f6353fdccfb4b26c1ae9c833c37fffce3c4bfa/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2517128373\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/dc584acf339b0dd02a15498b48f6353fdccfb4b26c1ae9c833c37fffce3c4bfa/135c86bef70ee64f4139def6c6439ee2ba5443fb189ce5b8aab9f1bd56b06bcc.pid\" a14=\"dc584acf339b0dd02a15498b48f6353fdccfb4b26c1ae9c833c37fffce3c4bfa\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865585.729:21710283): arch=c000003e syscall=59 success=yes exit=0 a0=c0003eec40 a1=c000382300 a2=c000382380 a3=0 items=2 ppid=3427 pid=2182845 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865585.648:21710282): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520617065785F75736572202D6420617065785F6462"}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865585.648:21710282): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:117 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865585.648:21710282): item=0 name=\"/usr/local/bin/pg_isready\" inode=6091069 dev=00:117 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865585.648:21710282): cwd=\"/\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865585.648:21710282): argc=5 a0=\"pg_isready\" a1=\"-U\" a2=\"apex_user\" a3=\"-d\" a4=\"apex_db\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865585.648:21710282): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865585.648:21710282): arch=c000003e syscall=59 success=yes exit=0 a0=7375858493f8 a1=737585849278 a2=737585849378 a3=0 items=2 ppid=2004566 pid=2182837 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865585.645:21710281): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520617065785F75736572202D6420617065785F6462"}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865585.645:21710281): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:117 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865585.645:21710281): item=0 name=\"/bin/sh\" inode=3454556 dev=00:117 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865585.645:21710281): cwd=\"/\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865585.645:21710281): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520617065785F75736572202D6420617065785F6462"}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865585.645:21710281): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865585.645:21710281): arch=c000003e syscall=59 success=yes exit=0 a0=c00018af38 a1=c000022ac0 a2=c0001348c0 a3=0 items=2 ppid=2182824 pid=2182837 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865585.624:21710280): proctitle=77676574002D2D7175696574002D2D6E6F2D636865636B2D6365727469666963617465002D2D74726965733D31002D2D73706964657200687474703A2F2F6C6F63616C686F73743A393039312F6170692F6865616C7468"}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865585.624:21710280): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=3678029 dev=00:124 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865585.624:21710280): item=0 name=\"/usr/bin/wget\" inode=3677985 dev=00:124 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865585.624:21710280): cwd=\"/app\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865585.624:21710280): argc=6 a0=\"wget\" a1=\"--quiet\" a2=\"--no-check-certificate\" a3=\"--tries=1\" a4=\"--spider\" a5=\"http://localhost:9091/api/health\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865585.624:21710280): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865585.624:21710280): arch=c000003e syscall=59 success=yes exit=0 a0=57b20756acb0 a1=57b20756ac28 a2=57b20756ac60 a3=7371ea05ab38 items=2 ppid=2182818 pid=2182843 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/usr/bin/wget\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865585.619:21710279): proctitle=2F62696E2F7368002F6170702F6865616C7468636865636B2E7368"}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865585.619:21710279): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=3678029 dev=00:124 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865585.619:21710279): item=1 name=\"/bin/sh\" inode=3675124 dev=00:124 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865585.619:21710279): item=0 name=\"/app/healthcheck.sh\" inode=3682079 dev=00:124 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865585.619:21710279): cwd=\"/app\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865585.619:21710279): argc=2 a0=\"/bin/sh\" a1=\"/app/healthcheck.sh\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865585.619:21710279): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865585.619:21710279): arch=c000003e syscall=59 success=yes exit=0 a0=c0000272f0 a1=c00002a800 a2=c0001651c0 a3=0 items=3 ppid=2182806 pid=2182818 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"healthcheck.sh\" exe=\"/bin/sh\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865585.602:21710278): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865585.602:21710278): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865585.602:21710278): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:231 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865585.602:21710278): cwd=\"/var/lib/docker/rootfs/overlayfs/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865585.602:21710278): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865585.602:21710278): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c58a0 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=2182824 pid=2182832 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865585.586:21710277): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F63316638663937643533353936653936373532306466353366"}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865585.586:21710277): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865585.586:21710277): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865585.586:21710277): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865585.586:21710277): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1318935634\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83/1bebc03e0a38c7e4d759c932c83a453744f59a9ee99018e8203d83702104655f.pid\" a14=\"c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865585.586:21710277): arch=c000003e syscall=59 success=yes exit=0 a0=c000530bd0 a1=c00026d600 a2=c00026d680 a3=0 items=2 ppid=2004566 pid=2182824 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865585.575:21710276): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865585.575:21710276): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865585.575:21710276): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865585.575:21710276): cwd=\"/var/lib/docker/rootfs/overlayfs/ab66ea4fa101df5daa4db29a135e222c8752757eb5ed52c6491a93f0b73700af\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865585.575:21710276): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865585.575:21710276): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b850 a1=c00017f338 a2=c000181c00 a3=0 items=2 ppid=2182806 pid=2182815 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865585.561:21710275): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F61623636656134666131303164663564616134646232396131"}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865585.561:21710275): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865585.561:21710275): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865585.561:21710275): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/ab66ea4fa101df5daa4db29a135e222c8752757eb5ed52c6491a93f0b73700af\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865585.561:21710275): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/ab66ea4fa101df5daa4db29a135e222c8752757eb5ed52c6491a93f0b73700af/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2873529067\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/ab66ea4fa101df5daa4db29a135e222c8752757eb5ed52c6491a93f0b73700af/7d2a3a12fbdcb2cb15f0517a48209095a55d3058e4255ec4ded73b039135bd65.pid\" a14=\"ab66ea4fa101df5daa4db29a135e222c8752757eb5ed52c6491a93f0b73700af\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865585.561:21710275): arch=c000003e syscall=59 success=yes exit=0 a0=c0003c1580 a1=c00018a780 a2=c00018a800 a3=0 items=2 ppid=13171 pid=2182806 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865585.272:21710274): proctitle=77676574002D2D6E6F2D766572626F7365002D2D74726965733D31002D2D73706964657200687474703A2F2F3132372E302E302E313A383132332F70696E67"}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865585.272:21710274): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6688979 dev=00:41 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865585.272:21710274): item=0 name=\"/usr/bin/wget\" inode=6699356 dev=00:41 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865585.272:21710274): cwd=\"/\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865585.272:21710274): argc=5 a0=\"wget\" a1=\"--no-verbose\" a2=\"--tries=1\" a3=\"--spider\" a4=\"http://127.0.0.1:8123/ping\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865585.272:21710274): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865585.272:21710274): arch=c000003e syscall=59 success=yes exit=0 a0=7e4535dc04c0 a1=7e4535dc0420 a2=7e4535dc0450 a3=8 items=2 ppid=2182799 pid=2182805 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865585.268:21710273): proctitle=2F62696E2F7368002D630077676574202D2D6E6F2D766572626F7365202D2D74726965733D31202D2D73706964657220687474703A2F2F3132372E302E302E313A383132332F70696E67207C7C20657869742031"}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865585.268:21710273): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6688979 dev=00:41 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865585.268:21710273): item=0 name=\"/bin/sh\" inode=6699356 dev=00:41 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865585.268:21710273): cwd=\"/\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865585.268:21710273): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=77676574202D2D6E6F2D766572626F7365202D2D74726965733D31202D2D73706964657220687474703A2F2F3132372E302E302E313A383132332F70696E67207C7C20657869742031"}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865585.268:21710273): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865585.268:21710273): arch=c000003e syscall=59 success=yes exit=0 a0=c00018cf48 a1=c000022ac0 a2=c000090060 a3=0 items=2 ppid=2004543 pid=2182799 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865585.216:21710272): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865585.216:21710272): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865585.216:21710272): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865585.216:21710272): cwd=\"/var/lib/docker/rootfs/overlayfs/0bcf4b17c85dedab788e8c9e9c1a88a006bbcf2309ef561d1c40a8ba421d79ad\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865585.216:21710272): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865585.216:21710272): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c58b0 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=2182787 pid=2182796 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865585.199:21710271): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F30626366346231376338356465646162373838653863396539"}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865585.199:21710271): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865585.199:21710271): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865585.199:21710271): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/0bcf4b17c85dedab788e8c9e9c1a88a006bbcf2309ef561d1c40a8ba421d79ad\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865585.199:21710271): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/0bcf4b17c85dedab788e8c9e9c1a88a006bbcf2309ef561d1c40a8ba421d79ad/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3240394544\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/0bcf4b17c85dedab788e8c9e9c1a88a006bbcf2309ef561d1c40a8ba421d79ad/f63fbd38a2f6e070b6ce242c05d8e704e66a4dba9e8912626a1e0ff33a5d5353.pid\" a14=\"0bcf4b17c85dedab788e8c9e9c1a88a006bbcf2309ef561d1c40a8ba421d79ad\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865585.199:21710271): arch=c000003e syscall=59 success=yes exit=0 a0=c0003d2df0 a1=c0002b4e80 a2=c0002b4f00 a3=0 items=2 ppid=2004543 pid=2182787 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865585.148:21710270): proctitle=77676574002D2D737069646572002D7100687474703A2F2F3132372E302E302E313A393333332F636C75737465722F737461747573"}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865585.148:21710270): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:94 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865585.148:21710270): item=0 name=\"/usr/bin/wget\" inode=3454556 dev=00:94 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865585.148:21710270): cwd=\"/data\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865585.148:21710270): argc=4 a0=\"wget\" a1=\"--spider\" a2=\"-q\" a3=\"http://127.0.0.1:9333/cluster/status\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865585.148:21710270): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865585.148:21710270): arch=c000003e syscall=59 success=yes exit=0 a0=7a5eec403420 a1=7a5eec4033c8 a2=7a5eec4033f0 a3=8080808080808080 items=2 ppid=2182780 pid=2182786 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865585.145:21710269): proctitle=2F62696E2F7368002D630077676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A393333332F636C75737465722F737461747573207C7C20657869742031"}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865585.145:21710269): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:94 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865585.145:21710269): item=0 name=\"/bin/sh\" inode=3454556 dev=00:94 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865585.145:21710269): cwd=\"/data\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865585.145:21710269): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=77676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A393333332F636C75737465722F737461747573207C7C20657869742031"}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865585.145:21710269): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865585.145:21710269): arch=c000003e syscall=59 success=yes exit=0 a0=c0001a8f58 a1=c000022680 a2=c0000226a0 a3=0 items=2 ppid=2182768 pid=2182780 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865585.102:21710268): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865585.102:21710268): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865585.102:21710268): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865585.102:21710268): cwd=\"/var/lib/docker/rootfs/overlayfs/9612e9a9cd05b29cb2ee3eccae08eb37ef3d57af2d60123bf141f27ea9c04205\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865585.102:21710268): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865585.102:21710268): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b820 a1=c00017f338 a2=c000201c00 a3=0 items=2 ppid=2182768 pid=2182778 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865585.088:21710267): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F39363132653961396364303562323963623265653365636361"}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865585.088:21710267): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865585.088:21710267): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865585.088:21710267): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/9612e9a9cd05b29cb2ee3eccae08eb37ef3d57af2d60123bf141f27ea9c04205\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865585.088:21710267): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/9612e9a9cd05b29cb2ee3eccae08eb37ef3d57af2d60123bf141f27ea9c04205/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1617702945\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/9612e9a9cd05b29cb2ee3eccae08eb37ef3d57af2d60123bf141f27ea9c04205/9d392abc7428eeaaac911e8375631663766d3ea536f97aa952bce2cd8dceb937.pid\" a14=\"9612e9a9cd05b29cb2ee3eccae08eb37ef3d57af2d60123bf141f27ea9c04205\""}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865585.088:21710267): arch=c000003e syscall=59 success=yes exit=0 a0=c0000f2d50 a1=c000332480 a2=c000332500 a3=0 items=2 ppid=4980 pid=2182768 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865584.630:21710266): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520666F7267656A6F"}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865584.630:21710266): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:5a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865584.630:21710266): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:5a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865584.630:21710266): cwd=\"/\""}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865584.630:21710266): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"forgejo\""}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865584.630:21710266): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865584.630:21710266): arch=c000003e syscall=59 success=yes exit=0 a0=77f07c7fd278 a1=77f07c7fd1d8 a2=77f07c7fd1f8 a3=8080808080808080 items=2 ppid=4460 pid=2182761 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865584.626:21710265): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520666F7267656A6F"}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865584.626:21710265): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:5a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865584.626:21710265): item=0 name=\"/bin/sh\" inode=8589166 dev=00:5a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865584.626:21710265): cwd=\"/\""}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865584.626:21710265): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520666F7267656A6F"}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865584.626:21710265): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865584.626:21710265): arch=c000003e syscall=59 success=yes exit=0 a0=c000196f68 a1=c000022680 a2=c0000d88c0 a3=0 items=2 ppid=4460 pid=2182761 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865584.581:21710264): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865584.581:21710264): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865584.581:21710264): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865584.581:21710264): cwd=\"/var/lib/docker/rootfs/overlayfs/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251\""}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865584.581:21710264): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865584.581:21710264): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b840 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=2182749 pid=2182759 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865584.566:21710263): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F32636464336430383963393436373631633432633763666334"}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865584.566:21710263): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865584.566:21710263): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865584.566:21710263): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251\""}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865584.566:21710263): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1070377053\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251/2a2a7228245981528381d40c411d161367ddef96811f1e062405bc0f0493ab34.pid\" a14=\"2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251\""}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865584.566:21710263): arch=c000003e syscall=59 success=yes exit=0 a0=c000562660 a1=c00009af80 a2=c00009b000 a3=0 items=2 ppid=4460 pid=2182749 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865584.505:21710262): proctitle=77676574002D2D737069646572002D7100687474703A2F2F6C6F63616C686F73742F"}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865584.505:21710262): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:56 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865584.505:21710262): item=0 name=\"/usr/bin/wget\" inode=8589166 dev=00:56 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865584.505:21710262): cwd=\"/\""}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865584.505:21710262): argc=4 a0=\"wget\" a1=\"--spider\" a2=\"-q\" a3=\"http://localhost/\""}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865584.505:21710262): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865584.505:21710262): arch=c000003e syscall=59 success=yes exit=0 a0=c0000fefb0 a1=c0000c5920 a2=c00013a320 a3=0 items=2 ppid=2182728 pid=2182741 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865584.451:21710261): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865584.451:21710261): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865584.451:21710261): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865584.451:21710261): cwd=\"/var/lib/docker/rootfs/overlayfs/c9028647dd6e7c38e14daba47c7c457dc7968b27ced9d920b9994d3ba9399ec2\""}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865584.451:21710261): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865584.451:21710261): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b860 a1=c00017f338 a2=c000201c40 a3=0 items=2 ppid=2182728 pid=2182737 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865584.435:21710260): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F63393032383634376464366537633338653134646162613437"}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865584.435:21710260): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865584.435:21710260): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865584.435:21710260): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/c9028647dd6e7c38e14daba47c7c457dc7968b27ced9d920b9994d3ba9399ec2\""}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865584.435:21710260): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/c9028647dd6e7c38e14daba47c7c457dc7968b27ced9d920b9994d3ba9399ec2/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process780482435\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/c9028647dd6e7c38e14daba47c7c457dc7968b27ced9d920b9994d3ba9399ec2/2ce21943025ba2d305d30131127e35396b4980082ec46402fc7b843153eb60e6.pid\" a14=\"c9028647dd6e7c38e14daba47c7c457dc7968b27ced9d920b9994d3ba9399ec2\""}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865584.435:21710260): arch=c000003e syscall=59 success=yes exit=0 a0=c0005763b0 a1=c000176380 a2=c000176580 a3=0 items=2 ppid=4479 pid=2182728 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865583.983:21710259): proctitle=77676574002D2D737069646572002D7100687474703A2F2F3132372E302E302E313A38383838"}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865583.983:21710259): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:f0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865583.983:21710259): item=0 name=\"/usr/bin/wget\" inode=8589166 dev=00:f0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865583.983:21710259): cwd=\"/\""}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865583.983:21710259): argc=4 a0=\"wget\" a1=\"--spider\" a2=\"-q\" a3=\"http://127.0.0.1:8888\""}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865583.983:21710259): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865583.983:21710259): arch=c000003e syscall=59 success=yes exit=0 a0=76ea78da6430 a1=76ea78da63a8 a2=76ea78da63d0 a3=0 items=2 ppid=2182721 pid=2182727 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865583.978:21710258): proctitle=2F62696E2F7368002D630077676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A38383838207C7C20657869742031"}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865583.978:21710258): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:f0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865583.978:21710258): item=0 name=\"/bin/sh\" inode=8589166 dev=00:f0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865583.978:21710258): cwd=\"/\""}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865583.978:21710258): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=77676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A38383838207C7C20657869742031"}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865583.978:21710258): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865583.978:21710258): arch=c000003e syscall=59 success=yes exit=0 a0=c00018af68 a1=c000022aa0 a2=c00013a320 a3=0 items=2 ppid=2182709 pid=2182721 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865583.939:21710257): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865583.939:21710257): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865583.939:21710257): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865583.939:21710257): cwd=\"/var/lib/docker/rootfs/overlayfs/ab2e3743421ef3813c5eceaa1eec8c8d50314508a1b02e6d87d88698f045c5f5\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865583.939:21710257): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865583.939:21710257): arch=c000003e syscall=59 success=yes exit=0 a0=c0001cd8a0 a1=c0001d1350 a2=c0001d3c80 a3=0 items=2 ppid=2182709 pid=2182719 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865583.927:21710256): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F61623265333734333432316566333831336335656365616131"}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865583.927:21710256): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865583.927:21710256): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865583.927:21710256): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/ab2e3743421ef3813c5eceaa1eec8c8d50314508a1b02e6d87d88698f045c5f5\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865583.927:21710256): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/ab2e3743421ef3813c5eceaa1eec8c8d50314508a1b02e6d87d88698f045c5f5/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3236215809\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/ab2e3743421ef3813c5eceaa1eec8c8d50314508a1b02e6d87d88698f045c5f5/5609f23c4630d3e2993d855d3c63fc5174288121bbcb830faa70537d48475b2d.pid\" a14=\"ab2e3743421ef3813c5eceaa1eec8c8d50314508a1b02e6d87d88698f045c5f5\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865583.927:21710256): arch=c000003e syscall=59 success=yes exit=0 a0=c0002ec0e0 a1=c000315200 a2=c000315280 a3=0 items=2 ppid=12613 pid=2182709 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865583.679:21710255): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550070726F6D6574686575735F61646D696E002D640070726F6D6574686575735F61646D696E"}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865583.679:21710255): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=5581428 dev=00:a7 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865583.679:21710255): item=0 name=\"/usr/lib/postgresql/17/bin/pg_isready\" inode=5809487 dev=00:a7 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865583.679:21710255): cwd=\"/\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865583.679:21710255): argc=5 a0=\"/usr/lib/postgresql/17/bin/pg_isready\" a1=\"-U\" a2=\"prometheus_admin\" a3=\"-d\" a4=\"prometheus_admin\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865583.679:21710255): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865583.679:21710255): arch=c000003e syscall=59 success=yes exit=0 a0=5b73b3afdca0 a1=5b73b3e7f310 a2=5b73b3ae0970 a3=7835ff686e70 items=2 ppid=2182662 pid=2182685 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/lib/postgresql/17/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865583.671:21710254): proctitle=77676574002D2D737069646572002D7100687474703A2F2F3132372E302E302E313A383838382F"}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865583.671:21710254): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:6d mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865583.671:21710254): item=0 name=\"/usr/bin/wget\" inode=3454556 dev=00:6d mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865583.671:21710254): cwd=\"/data\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865583.671:21710254): argc=4 a0=\"wget\" a1=\"--spider\" a2=\"-q\" a3=\"http://127.0.0.1:8888/\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865583.671:21710254): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865583.671:21710254): arch=c000003e syscall=59 success=yes exit=0 a0=72e0bab0d400 a1=72e0bab0d3a8 a2=72e0bab0d3d0 a3=8080808080808080 items=2 ppid=2182681 pid=2182707 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865583.667:21710253): proctitle=2F62696E2F7368002D630077676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A383838382F207C7C20657869742031"}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865583.667:21710253): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:6d mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865583.667:21710253): item=0 name=\"/bin/sh\" inode=3454556 dev=00:6d mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865583.667:21710253): cwd=\"/data\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865583.667:21710253): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=77676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A383838382F207C7C20657869742031"}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865583.667:21710253): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865583.667:21710253): arch=c000003e syscall=59 success=yes exit=0 a0=c000194f58 a1=c000022680 a2=c0000226a0 a3=0 items=2 ppid=2182668 pid=2182681 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865583.656:21710252): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865583.656:21710252): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865583.656:21710252): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865583.656:21710252): cwd=\"/var/lib/docker/rootfs/overlayfs/7e96c0f67233d10fc0728f922615e0e7f5d3377f41b4a6a05124441cfe955e5f\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865583.656:21710252): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865583.656:21710252): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5890 a1=c0001c9350 a2=c0001cbc40 a3=0 items=2 ppid=2182688 pid=2182698 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865583.639:21710251): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F37653936633066363732333364313066633037323866393232"}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865583.639:21710251): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865583.639:21710251): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865583.639:21710251): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/7e96c0f67233d10fc0728f922615e0e7f5d3377f41b4a6a05124441cfe955e5f\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865583.639:21710251): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/7e96c0f67233d10fc0728f922615e0e7f5d3377f41b4a6a05124441cfe955e5f/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3322523465\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/7e96c0f67233d10fc0728f922615e0e7f5d3377f41b4a6a05124441cfe955e5f/e93f4db600686b73e6900200c4a672c9fa8c55db32d042b773b5a05519b75a4c.pid\" a14=\"7e96c0f67233d10fc0728f922615e0e7f5d3377f41b4a6a05124441cfe955e5f\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865583.639:21710251): arch=c000003e syscall=59 success=yes exit=0 a0=c0003e9330 a1=c0001d1a80 a2=c0001d1b00 a3=0 items=2 ppid=4975 pid=2182688 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865583.628:21710250): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550070726F6D6574686575735F61646D696E002D640070726F6D6574686575735F61646D696E"}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865583.628:21710250): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=5581428 dev=00:a7 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865583.628:21710250): item=1 name=\"/usr/bin/perl\" inode=5580916 dev=00:a7 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865583.628:21710250): item=0 name=\"/usr/bin/pg_isready\" inode=5823482 dev=00:a7 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865583.628:21710250): cwd=\"/\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865583.628:21710250): argc=6 a0=\"/usr/bin/perl\" a1=\"/usr/bin/pg_isready\" a2=\"-U\" a3=\"prometheus_admin\" a4=\"-d\" a5=\"prometheus_admin\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865583.628:21710250): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865583.628:21710250): arch=c000003e syscall=59 success=yes exit=0 a0=5eea78a7f678 a1=5eea78a7f5e0 a2=5eea78a7f610 a3=8 items=3 ppid=2182662 pid=2182685 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/bin/perl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865583.623:21710249): proctitle=2F62696E2F7368002D630070675F69737265616479202D552070726F6D6574686575735F61646D696E202D642070726F6D6574686575735F61646D696E"}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865583.623:21710249): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=5581428 dev=00:a7 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865583.623:21710249): item=0 name=\"/bin/sh\" inode=5580787 dev=00:a7 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865583.623:21710249): cwd=\"/\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865583.623:21710249): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552070726F6D6574686575735F61646D696E202D642070726F6D6574686575735F61646D696E"}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865583.623:21710249): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865583.623:21710249): arch=c000003e syscall=59 success=yes exit=0 a0=c00017eeb0 a1=c000022680 a2=c000025140 a3=0 items=2 ppid=2182650 pid=2182662 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/usr/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865583.619:21710248): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865583.619:21710248): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865583.619:21710248): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:231 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865583.619:21710248): cwd=\"/var/lib/docker/rootfs/overlayfs/c48103391501718c1e33efc112f009053e72dcf4e7593e8a482be8a6e48d9c87\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865583.619:21710248): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865583.619:21710248): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b820 a1=c00017f338 a2=c000181c00 a3=0 items=2 ppid=2182668 pid=2182676 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865583.604:21710247): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F63343831303333393135303137313863316533336566633131"}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865583.604:21710247): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865583.604:21710247): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865583.604:21710247): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/c48103391501718c1e33efc112f009053e72dcf4e7593e8a482be8a6e48d9c87\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865583.604:21710247): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/c48103391501718c1e33efc112f009053e72dcf4e7593e8a482be8a6e48d9c87/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2159116067\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/c48103391501718c1e33efc112f009053e72dcf4e7593e8a482be8a6e48d9c87/cd71d613430fbeeb70b49c256f873941d27bd9dca689c331d1fb35ae9dc76737.pid\" a14=\"c48103391501718c1e33efc112f009053e72dcf4e7593e8a482be8a6e48d9c87\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865583.604:21710247): arch=c000003e syscall=59 success=yes exit=0 a0=c00014d950 a1=c0001b6180 a2=c0001b6200 a3=0 items=2 ppid=5269 pid=2182668 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865583.577:21710246): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865583.577:21710246): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865583.577:21710246): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865583.577:21710246): cwd=\"/var/lib/docker/rootfs/overlayfs/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865583.577:21710246): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865583.577:21710246): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b830 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=2182650 pid=2182659 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865583.563:21710245): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F39366463666130373439336431613065353531353136646432"}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865583.563:21710245): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865583.563:21710245): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865583.563:21710245): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865583.563:21710245): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process4148794188\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24/f963aa4cb380486682651eae62ce16c98b64ff1860aa65840be921ef62752bd3.pid\" a14=\"96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865583.563:21710245): arch=c000003e syscall=59 success=yes exit=0 a0=c000379ea0 a1=c0002c0600 a2=c0002c0680 a3=0 items=2 ppid=5382 pid=2182650 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865583.514:21710244): proctitle=77676574002D2D737069646572002D7100687474703A2F2F3132372E302E302E313A383038302F737461747573"}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865583.514:21710244): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:a2 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865583.514:21710244): item=0 name=\"/usr/bin/wget\" inode=3454556 dev=00:a2 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865583.514:21710244): cwd=\"/data\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865583.514:21710244): argc=4 a0=\"wget\" a1=\"--spider\" a2=\"-q\" a3=\"http://127.0.0.1:8080/status\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865583.514:21710244): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865583.514:21710244): arch=c000003e syscall=59 success=yes exit=0 a0=76e654b76408 a1=76e654b763b0 a2=76e654b763d8 a3=8080808080808080 items=2 ppid=2182642 pid=2182649 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865583.510:21710243): proctitle=2F62696E2F7368002D630077676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A383038302F737461747573207C7C20657869742031"}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865583.510:21710243): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:a2 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865583.510:21710243): item=0 name=\"/bin/sh\" inode=3454556 dev=00:a2 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865583.510:21710243): cwd=\"/data\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865583.510:21710243): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=77676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A383038302F737461747573207C7C20657869742031"}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865583.510:21710243): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865583.510:21710243): arch=c000003e syscall=59 success=yes exit=0 a0=c000194f58 a1=c000022680 a2=c0000226a0 a3=0 items=2 ppid=2182630 pid=2182642 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865583.470:21710242): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865583.470:21710242): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865583.470:21710242): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865583.470:21710242): cwd=\"/var/lib/docker/rootfs/overlayfs/9d998ef1eacb3b076ca0da4256f08add55d0bbb54d81229185d76af8553a0c77\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865583.470:21710242): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865583.470:21710242): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b820 a1=c00017f338 a2=c000181c00 a3=0 items=2 ppid=2182630 pid=2182639 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865583.455:21710241): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F39643939386566316561636233623037366361306461343235"}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865583.455:21710241): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865583.455:21710241): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865583.455:21710241): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/9d998ef1eacb3b076ca0da4256f08add55d0bbb54d81229185d76af8553a0c77\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865583.455:21710241): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/9d998ef1eacb3b076ca0da4256f08add55d0bbb54d81229185d76af8553a0c77/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process4035788516\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/9d998ef1eacb3b076ca0da4256f08add55d0bbb54d81229185d76af8553a0c77/2c1b153c8bd6ac8a4c5c940d0f908e53a199f6d462eaf16637bcaefce59056f4.pid\" a14=\"9d998ef1eacb3b076ca0da4256f08add55d0bbb54d81229185d76af8553a0c77\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865583.455:21710241): arch=c000003e syscall=59 success=yes exit=0 a0=c0002c3b20 a1=c000379680 a2=c000379880 a3=0 items=2 ppid=5818 pid=2182630 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865582.965:21710240): proctitle=2F7362696E2F6970006C696E6B"}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865582.965:21710240): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6691347 dev=00:a8 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865582.965:21710240): item=0 name=\"/sbin/ip\" inode=6690355 dev=00:a8 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865582.965:21710240): cwd=\"/ansible\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865582.965:21710240): argc=2 a0=\"/sbin/ip\" a1=\"link\""}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865582.965:21710240): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865582.965:21710240): arch=c000003e syscall=59 success=yes exit=0 a0=7aab5a062d80 a1=7aab58c56ed0 a2=7aab58c00830 a3=0 items=2 ppid=2182596 pid=2182629 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"ip\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865582.703:21710239): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865582.703:21710239): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865582.703:21710239): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865582.703:21710239): cwd=\"/var/lib/docker/rootfs/overlayfs/50c06ccc693a9a1ca5cfd013e69573fe81921d461db25d53e0c9a772d419173f\""}
{"ts": "2026-04-10T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865582.703:21710239): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865582.703:21710239): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b830 a1=c00017f338 a2=c000201c00 a3=0 items=2 ppid=2182602 pid=2182611 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865582.688:21710238): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F35306330366363633639336139613163613563666430313365"}
{"ts": "2026-04-10T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865582.688:21710238): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865582.688:21710238): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865582.688:21710238): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/50c06ccc693a9a1ca5cfd013e69573fe81921d461db25d53e0c9a772d419173f\""}
{"ts": "2026-04-10T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865582.688:21710238): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/50c06ccc693a9a1ca5cfd013e69573fe81921d461db25d53e0c9a772d419173f/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2564754484\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/50c06ccc693a9a1ca5cfd013e69573fe81921d461db25d53e0c9a772d419173f/a33d4b469def9c6d265e3de029b144210e70f0a1d69223bc3e5767cbc2388eae.pid\" a14=\"50c06ccc693a9a1ca5cfd013e69573fe81921d461db25d53e0c9a772d419173f\""}
{"ts": "2026-04-10T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865582.688:21710238): arch=c000003e syscall=59 success=yes exit=0 a0=c0000bf860 a1=c000226480 a2=c000226500 a3=0 items=2 ppid=4330 pid=2182602 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865582.631:21710237): proctitle=2F7573722F62696E2F707974686F6E33002F7573722F62696E2F616E7369626C65002D2D76657273696F6E"}
{"ts": "2026-04-10T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865582.631:21710237): item=2 name=\"/lib/ld-musl-x86_64.so.1\" inode=6691347 dev=00:a8 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865582.631:21710237): item=1 name=\"/usr/bin/python3\" inode=6867528 dev=00:a8 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865582.631:21710237): item=0 name=\"/usr/bin/ansible\" inode=6861055 dev=00:a8 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865582.631:21710237): cwd=\"/ansible\""}
{"ts": "2026-04-10T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865582.631:21710237): argc=3 a0=\"/usr/bin/python3\" a1=\"/usr/bin/ansible\" a2=\"--version\""}
{"ts": "2026-04-10T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865582.631:21710237): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865582.631:21710237): arch=c000003e syscall=59 success=yes exit=0 a0=c000027218 a1=c00009f350 a2=c0001671c0 a3=0 items=3 ppid=2182584 pid=2182596 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"ansible\" exe=\"/usr/bin/python3.12\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865582.588:21710236): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865582.588:21710236): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865582.588:21710236): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865582.588:21710236): cwd=\"/var/lib/docker/rootfs/overlayfs/9a8159a203300a4780aaf09648666255b8dfa1b9b4c5cadd8ec10b63e26015ad\""}
{"ts": "2026-04-10T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865582.588:21710236): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865582.588:21710236): arch=c000003e syscall=59 success=yes exit=0 a0=c00024d8a0 a1=c000251350 a2=c000253c40 a3=0 items=2 ppid=2182584 pid=2182593 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865582.572:21710235): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F39613831353961323033333030613437383061616630393634"}
{"ts": "2026-04-10T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865582.572:21710235): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865582.572:21710235): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865582.572:21710235): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/9a8159a203300a4780aaf09648666255b8dfa1b9b4c5cadd8ec10b63e26015ad\""}
{"ts": "2026-04-10T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865582.572:21710235): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/9a8159a203300a4780aaf09648666255b8dfa1b9b4c5cadd8ec10b63e26015ad/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process270968949\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/9a8159a203300a4780aaf09648666255b8dfa1b9b4c5cadd8ec10b63e26015ad/fed13073936099abc6bf21b79fb715fff9100f0f2ff4d4cc90a5c899e7c39297.pid\" a14=\"9a8159a203300a4780aaf09648666255b8dfa1b9b4c5cadd8ec10b63e26015ad\""}
{"ts": "2026-04-10T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865582.572:21710235): arch=c000003e syscall=59 success=yes exit=0 a0=c00022b740 a1=c000232500 a2=c000232580 a3=0 items=2 ppid=5063 pid=2182584 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.859:21710234): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.859:21710234): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:120 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.859:21710234): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:120 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.859:21710234): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865581.859:21710234): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865581.859:21710234): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.859:21710234): arch=c000003e syscall=59 success=yes exit=0 a0=7de3f471ed60 a1=7de3f420ba20 a2=634e07c84a40 a3=8 items=2 ppid=13318 pid=2182581 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.859:21710233): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.859:21710233): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.859:21710233): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.859:21710233): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3f420ba20 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2182581 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.858:21710232): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.858:21710232): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.858:21710232): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.858:21710232): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3f420ba20 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2182581 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.858:21710231): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.858:21710231): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.858:21710231): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.858:21710231): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3f420ba20 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2182581 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.858:21710230): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.858:21710230): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.858:21710230): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.858:21710230): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3f420ba20 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2182581 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.858:21710229): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.858:21710229): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.858:21710229): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.858:21710229): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3f420ba20 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2182581 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.858:21710228): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.858:21710228): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.858:21710228): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.858:21710228): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3f420ba20 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2182581 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.856:21710227): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.856:21710227): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:120 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.856:21710227): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:120 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.856:21710227): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865581.856:21710227): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865581.856:21710227): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.856:21710227): arch=c000003e syscall=59 success=yes exit=0 a0=7de3f471ed60 a1=7de3f42370a0 a2=634e07c84a40 a3=8 items=2 ppid=13318 pid=2182580 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.855:21710226): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.855:21710226): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.855:21710226): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.855:21710226): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3f42370a0 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2182580 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.855:21710225): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.855:21710225): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.855:21710225): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.855:21710225): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3f42370a0 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2182580 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.855:21710224): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.855:21710224): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.855:21710224): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.855:21710224): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3f42370a0 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2182580 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.855:21710223): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.855:21710223): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.855:21710223): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.855:21710223): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3f42370a0 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2182580 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.855:21710222): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.855:21710222): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.855:21710222): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.855:21710222): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3f42370a0 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2182580 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.855:21710221): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.855:21710221): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.855:21710221): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.855:21710221): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3f42370a0 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2182580 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.852:21710220): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.852:21710220): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:120 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.852:21710220): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:120 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.852:21710220): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865581.852:21710220): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865581.852:21710220): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.852:21710220): arch=c000003e syscall=59 success=yes exit=0 a0=7de3f471ed60 a1=7de321801860 a2=634e07c84a40 a3=8 items=2 ppid=13318 pid=2182579 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.852:21710219): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.852:21710219): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.852:21710219): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.852:21710219): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de321801860 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2182579 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.852:21710218): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.852:21710218): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.852:21710218): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.852:21710218): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de321801860 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2182579 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.852:21710217): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.852:21710217): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.852:21710217): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.852:21710217): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de321801860 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2182579 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.852:21710216): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.852:21710216): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.852:21710216): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.852:21710216): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de321801860 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2182579 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.852:21710215): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.852:21710215): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.852:21710215): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.852:21710215): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de321801860 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2182579 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.852:21710214): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.852:21710214): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.852:21710214): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.852:21710214): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de321801860 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2182579 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.676:21710213): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.676:21710213): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.676:21710213): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.676:21710213): cwd=\"/var/lib/docker/rootfs/overlayfs/531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865581.676:21710213): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.676:21710213): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3870 a1=c0001f7338 a2=c0001f9c40 a3=0 items=2 ppid=2182560 pid=2182570 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.661:21710212): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F35333161623839363863653834346231386230623365626166"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.661:21710212): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.661:21710212): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.661:21710212): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865581.661:21710212): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process960457754\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50/e81c0680371c6b760d152e2d11f24849c5ae9a11184f6a9c9ce23cc14b7709a0.pid\" a14=\"531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.661:21710212): arch=c000003e syscall=59 success=yes exit=0 a0=c000407f40 a1=c000327900 a2=c000327980 a3=0 items=2 ppid=3195716 pid=2182560 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.491:21710211): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.491:21710211): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:102 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.491:21710211): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:102 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.491:21710211): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865581.491:21710211): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865581.491:21710211): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.491:21710211): arch=c000003e syscall=59 success=yes exit=0 a0=7e8ad4131d60 a1=7e8ac6e04de0 a2=618bc9213650 a3=8 items=2 ppid=1943853 pid=2182559 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.491:21710210): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.491:21710210): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.491:21710210): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.491:21710210): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04de0 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2182559 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.491:21710209): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.491:21710209): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.491:21710209): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.491:21710209): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04de0 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2182559 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.491:21710208): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.491:21710208): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.491:21710208): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.491:21710208): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04de0 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2182559 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.491:21710207): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.491:21710207): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.491:21710207): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.491:21710207): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04de0 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2182559 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.491:21710206): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.491:21710206): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.491:21710206): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.491:21710206): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04de0 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2182559 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.491:21710205): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.491:21710205): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.491:21710205): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.491:21710205): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04de0 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2182559 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.488:21710204): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.488:21710204): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:102 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.488:21710204): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:102 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.488:21710204): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865581.488:21710204): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865581.488:21710204): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.488:21710204): arch=c000003e syscall=59 success=yes exit=0 a0=7e8ad4131d60 a1=7e8ac6e04d80 a2=618bc9213650 a3=8 items=2 ppid=1943853 pid=2182558 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.488:21710203): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.488:21710203): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.488:21710203): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.488:21710203): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04d80 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2182558 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.488:21710202): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.488:21710202): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.488:21710202): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.488:21710202): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04d80 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2182558 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.488:21710201): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.488:21710201): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.488:21710201): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.488:21710201): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04d80 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2182558 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.488:21710200): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.488:21710200): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.488:21710200): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.488:21710200): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04d80 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2182558 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.488:21710199): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.488:21710199): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.488:21710199): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.488:21710199): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04d80 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2182558 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.487:21710198): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.487:21710198): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.487:21710198): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.487:21710198): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04d80 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2182558 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.484:21710197): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.484:21710197): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:102 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.484:21710197): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:102 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.484:21710197): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865581.484:21710197): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865581.484:21710197): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.484:21710197): arch=c000003e syscall=59 success=yes exit=0 a0=7e8ad4131d60 a1=7e8ac6e00f80 a2=618bc9213650 a3=8 items=2 ppid=1943853 pid=2182557 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.484:21710196): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.484:21710196): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.484:21710196): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.484:21710196): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e00f80 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2182557 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.484:21710195): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.484:21710195): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.484:21710195): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.484:21710195): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e00f80 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2182557 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.484:21710194): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.484:21710194): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.484:21710194): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.484:21710194): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e00f80 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2182557 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.484:21710193): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.484:21710193): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.484:21710193): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.484:21710193): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e00f80 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2182557 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.484:21710192): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.484:21710192): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.484:21710192): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.484:21710192): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e00f80 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2182557 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.484:21710191): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.484:21710191): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.484:21710191): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.484:21710191): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e00f80 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2182557 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.402:21710190): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.402:21710190): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:d2 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.402:21710190): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:d2 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.402:21710190): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865581.402:21710190): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865581.402:21710190): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.402:21710190): arch=c000003e syscall=59 success=yes exit=0 a0=74bcbc1b9d60 a1=74bc78e8cde0 a2=5f16263f7a40 a3=8 items=2 ppid=12863 pid=2182556 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.402:21710189): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.402:21710189): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.402:21710189): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.402:21710189): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8cde0 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2182556 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.402:21710188): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.402:21710188): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.402:21710188): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.402:21710188): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8cde0 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2182556 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.402:21710187): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.402:21710187): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.402:21710187): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.402:21710187): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8cde0 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2182556 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.402:21710186): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.402:21710186): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.402:21710186): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.402:21710186): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8cde0 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2182556 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.401:21710185): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.401:21710185): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.401:21710185): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.401:21710185): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8cde0 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2182556 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.401:21710184): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.401:21710184): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.401:21710184): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.401:21710184): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8cde0 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2182556 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.399:21710183): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.399:21710183): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:d2 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.399:21710183): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:d2 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.399:21710183): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865581.399:21710183): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865581.399:21710183): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.399:21710183): arch=c000003e syscall=59 success=yes exit=0 a0=74bcbc1b9d60 a1=74bc78e8ce00 a2=5f16263f7a40 a3=8 items=2 ppid=12863 pid=2182555 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.399:21710182): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.399:21710182): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.399:21710182): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.399:21710182): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8ce00 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2182555 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.398:21710181): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.398:21710181): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.398:21710181): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.398:21710181): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8ce00 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2182555 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.398:21710180): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.398:21710180): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.398:21710180): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.398:21710180): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8ce00 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2182555 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.398:21710179): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.398:21710179): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.398:21710179): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.398:21710179): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8ce00 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2182555 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.398:21710178): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.398:21710178): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.398:21710178): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.398:21710178): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8ce00 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2182555 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.398:21710177): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.398:21710177): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.398:21710177): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.398:21710177): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8ce00 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2182555 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.395:21710176): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.395:21710176): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:d2 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.395:21710176): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:d2 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.395:21710176): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865581.395:21710176): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865581.395:21710176): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.395:21710176): arch=c000003e syscall=59 success=yes exit=0 a0=74bcbc1b9d60 a1=74bc78e8ce40 a2=5f16263f7a40 a3=8 items=2 ppid=12863 pid=2182554 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.395:21710175): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.395:21710175): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.395:21710175): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.395:21710175): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8ce40 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2182554 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.395:21710174): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.395:21710174): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.395:21710174): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.395:21710174): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8ce40 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2182554 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.395:21710173): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.395:21710173): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.395:21710173): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.395:21710173): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8ce40 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2182554 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.395:21710172): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.395:21710172): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.395:21710172): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.395:21710172): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8ce40 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2182554 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.395:21710171): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.395:21710171): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.395:21710171): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.395:21710171): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8ce40 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2182554 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865581.395:21710170): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865581.395:21710170): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865581.395:21710170): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865581.395:21710170): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8ce40 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2182554 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865580.492:21710169): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-10T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865580.492:21710169): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:5b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865580.492:21710169): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:5b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865580.492:21710169): cwd=\"/\""}
{"ts": "2026-04-10T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865580.492:21710169): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"postgres\""}
{"ts": "2026-04-10T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865580.492:21710169): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865580.492:21710169): arch=c000003e syscall=59 success=yes exit=0 a0=7b9898157288 a1=7b98981571e8 a2=7b9898157208 a3=0 items=2 ppid=5762 pid=2182545 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865580.488:21710168): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-10T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865580.488:21710168): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:5b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865580.488:21710168): item=0 name=\"/bin/sh\" inode=8589166 dev=00:5b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865580.488:21710168): cwd=\"/\""}
{"ts": "2026-04-10T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865580.488:21710168): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-10T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865580.488:21710168): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865580.488:21710168): arch=c000003e syscall=59 success=yes exit=0 a0=c000190f38 a1=c000022ac0 a2=c0001348c0 a3=0 items=2 ppid=5762 pid=2182545 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865580.445:21710167): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865580.445:21710167): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865580.445:21710167): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865580.445:21710167): cwd=\"/var/lib/docker/rootfs/overlayfs/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39\""}
{"ts": "2026-04-10T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865580.445:21710167): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865580.445:21710167): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b840 a1=c00017f338 a2=c000201c40 a3=0 items=2 ppid=2182533 pid=2182542 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865580.431:21710166): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36653065616135386161643139626438656463306639353565"}
{"ts": "2026-04-10T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865580.431:21710166): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865580.431:21710166): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865580.431:21710166): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39\""}
{"ts": "2026-04-10T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865580.431:21710166): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1016011502\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39/09cac577751736a4c1c9fb31d29f2d04cb9d38d8a166504906f4d01b38c1db66.pid\" a14=\"6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39\""}
{"ts": "2026-04-10T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865580.431:21710166): arch=c000003e syscall=59 success=yes exit=0 a0=c0005de940 a1=c0001de980 a2=c0001dea00 a3=0 items=2 ppid=5762 pid=2182533 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865579.373:21710165): proctitle=6E6F6465002D65007265717569726528276874747027292E6765742827687474703A2F2F27202B207265717569726528276F7327292E686F73746E616D652829202B20273A333030302F272C2072203D3E2070726F636573732E657869742828722E737461747573436F6465203D3D3D20323030207C7C20722E737461747573"}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865579.373:21710165): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6834212 dev=00:82 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865579.373:21710165): item=0 name=\"/usr/local/bin/node\" inode=6881221 dev=00:82 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865579.373:21710165): cwd=\"/app\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865579.373:21710165): argc=3 a0=\"node\" a1=\"-e\" a2=7265717569726528276874747027292E6765742827687474703A2F2F27202B207265717569726528276F7327292E686F73746E616D652829202B20273A333030302F272C2072203D3E2070726F636573732E657869742828722E737461747573436F6465203D3D3D20323030207C7C20722E737461747573436F6465203D3D3D2033303729203F2030203A203129292E6F6E28276572726F72272C202829203D3E2070726F636573732E6578697428312929"}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865579.373:21710165): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865579.373:21710165): arch=c000003e syscall=59 success=yes exit=0 a0=5fc3af007c68 a1=5fc3af0078f8 a2=5fc3af007ba8 a3=8 items=2 ppid=2182516 pid=2182522 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"node\" exe=\"/usr/local/bin/node\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865579.367:21710164): proctitle=2F62696E2F7368002D63006E6F6465202D6520227265717569726528276874747027292E6765742827687474703A2F2F27202B207265717569726528276F7327292E686F73746E616D652829202B20273A333030302F272C2072203D3E2070726F636573732E657869742828722E737461747573436F6465203D3D3D20323030"}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865579.367:21710164): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6834212 dev=00:82 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865579.367:21710164): item=0 name=\"/bin/sh\" inode=6832457 dev=00:82 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865579.367:21710164): cwd=\"/app\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865579.367:21710164): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=6E6F6465202D6520227265717569726528276874747027292E6765742827687474703A2F2F27202B207265717569726528276F7327292E686F73746E616D652829202B20273A333030302F272C2072203D3E2070726F636573732E657869742828722E737461747573436F6465203D3D3D20323030207C7C20722E737461747573436F6465203D3D3D2033303729203F2030203A203129292E6F6E28276572726F72272C202829203D3E2070726F636573732E657869742831292922"}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865579.367:21710164): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865579.367:21710164): arch=c000003e syscall=59 success=yes exit=0 a0=c000196f08 a1=c000022680 a2=c0000c4240 a3=0 items=2 ppid=3827 pid=2182516 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865579.325:21710163): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865579.325:21710163): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865579.325:21710163): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865579.325:21710163): cwd=\"/var/lib/docker/rootfs/overlayfs/62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865579.325:21710163): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865579.325:21710163): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3860 a1=c0001f7338 a2=c0001f9c40 a3=0 items=2 ppid=2182504 pid=2182514 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865579.310:21710162): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36326666313836633935353866356138376238373161616432"}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865579.310:21710162): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865579.310:21710162): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865579.310:21710162): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865579.310:21710162): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process366337866\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638/4145ec61db01937aa1f1a2224e832f3ee5cb6144e2345386e7e4272acb365067.pid\" a14=\"62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865579.310:21710162): arch=c000003e syscall=59 success=yes exit=0 a0=c0002df4b0 a1=c00025ef80 a2=c00025f000 a3=0 items=2 ppid=3827 pid=2182504 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865579.201:21710161): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550067726F777468626F6F6B002D6400706F737467726573"}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865579.201:21710161): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:95 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865579.201:21710161): item=0 name=\"/usr/lib/postgresql/17/bin/pg_isready\" inode=3958125 dev=00:95 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865579.201:21710161): cwd=\"/\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865579.201:21710161): argc=5 a0=\"/usr/lib/postgresql/17/bin/pg_isready\" a1=\"-U\" a2=\"growthbook\" a3=\"-d\" a4=\"postgres\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865579.201:21710161): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865579.201:21710161): arch=c000003e syscall=59 success=yes exit=0 a0=61ecca761540 a1=61eccaa0ef70 a2=61ecca74d970 a3=7d3413b49e70 items=2 ppid=2182494 pid=2182502 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/lib/postgresql/17/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865579.157:21710160): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550067726F777468626F6F6B002D6400706F737467726573"}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865579.157:21710160): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:95 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865579.157:21710160): item=1 name=\"/usr/bin/perl\" inode=6956288 dev=00:95 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865579.157:21710160): item=0 name=\"/usr/bin/pg_isready\" inode=4211279 dev=00:95 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865579.157:21710160): cwd=\"/\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865579.157:21710160): argc=6 a0=\"/usr/bin/perl\" a1=\"/usr/bin/pg_isready\" a2=\"-U\" a3=\"growthbook\" a4=\"-d\" a5=\"postgres\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865579.157:21710160): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865579.157:21710160): arch=c000003e syscall=59 success=yes exit=0 a0=5ff6c20b8640 a1=5ff6bb9929a8 a2=5ff6c20b85d8 a3=8 items=3 ppid=2182494 pid=2182502 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/bin/perl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865579.153:21710159): proctitle=2F62696E2F7368002D630070675F69737265616479202D552067726F777468626F6F6B202D6420706F737467726573"}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865579.153:21710159): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:95 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865579.153:21710159): item=0 name=\"/bin/sh\" inode=6954646 dev=00:95 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865579.153:21710159): cwd=\"/\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865579.153:21710159): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552067726F777468626F6F6B202D6420706F737467726573"}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865579.153:21710159): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865579.153:21710159): arch=c000003e syscall=59 success=yes exit=0 a0=c000198e80 a1=c000022ac0 a2=c0000960c0 a3=0 items=2 ppid=5607 pid=2182494 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/usr/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865579.099:21710158): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865579.099:21710158): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865579.099:21710158): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865579.099:21710158): cwd=\"/var/lib/docker/rootfs/overlayfs/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865579.099:21710158): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865579.099:21710158): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b830 a1=c00017f338 a2=c000181c80 a3=0 items=2 ppid=2182482 pid=2182491 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865579.082:21710157): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F30326662356464303063653239313436373264356635333762"}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865579.082:21710157): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865579.082:21710157): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865579.082:21710157): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865579.082:21710157): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1288856052\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf/4f869d7f5590bcd5a79863b2952e6c3827787873e29bb7e763ed53450b737d9e.pid\" a14=\"02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865579.082:21710157): arch=c000003e syscall=59 success=yes exit=0 a0=c000576060 a1=c00019af80 a2=c00019b000 a3=0 items=2 ppid=5607 pid=2182482 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865579.027:21710156): proctitle=2F62696E2F7368002D630070675F69737265616479202D552074797065626F74"}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865579.027:21710156): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865579.027:21710156): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865579.027:21710156): cwd=\"/\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865579.027:21710156): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"typebot\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865579.027:21710156): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865579.027:21710156): arch=c000003e syscall=59 success=yes exit=0 a0=7b8c0d7c5278 a1=7b8c0d7c51d8 a2=7b8c0d7c51f8 a3=8080808080808080 items=2 ppid=4511 pid=2182474 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865579.023:21710155): proctitle=2F62696E2F7368002D630070675F69737265616479202D552074797065626F74"}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865579.023:21710155): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865579.023:21710155): item=0 name=\"/bin/sh\" inode=8589166 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865579.023:21710155): cwd=\"/\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865579.023:21710155): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552074797065626F74"}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865579.023:21710155): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865579.023:21710155): arch=c000003e syscall=59 success=yes exit=0 a0=c000196f68 a1=c000022680 a2=c0000d88c0 a3=0 items=2 ppid=4511 pid=2182474 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865578.973:21710154): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865578.973:21710154): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865578.973:21710154): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:231 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865578.973:21710154): cwd=\"/var/lib/docker/rootfs/overlayfs/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865578.973:21710154): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865578.973:21710154): arch=c000003e syscall=59 success=yes exit=0 a0=c0001cd890 a1=c0001d1350 a2=c0001d3c80 a3=0 items=2 ppid=2182461 pid=2182470 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865578.957:21710153): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F61353866643439636235323962633263336335663434343763"}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865578.957:21710153): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865578.957:21710153): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865578.957:21710153): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865578.957:21710153): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1963949407\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b/2c5b638870af4e3c723ed1654398458d8d9bc52f0f82e3daea3ff2a77a9da962.pid\" a14=\"a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865578.957:21710153): arch=c000003e syscall=59 success=yes exit=0 a0=c000668100 a1=c00021f680 a2=c00021f700 a3=0 items=2 ppid=4511 pid=2182461 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865578.938:21710152): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865578.938:21710152): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865578.938:21710152): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865578.938:21710152): cwd=\"/var/lib/docker/rootfs/overlayfs/b6eef535505c5b5978589dbba58145ab00c51591158662921782e671fddde370\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865578.938:21710152): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865578.938:21710152): arch=c000003e syscall=59 success=yes exit=0 a0=c0001eb820 a1=c0001ef338 a2=c0001f1c40 a3=0 items=2 ppid=2182442 pid=2182451 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865578.924:21710151): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F62366565663533353530356335623539373835383964626261"}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865578.924:21710151): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865578.924:21710151): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865578.924:21710151): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/b6eef535505c5b5978589dbba58145ab00c51591158662921782e671fddde370\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865578.924:21710151): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/b6eef535505c5b5978589dbba58145ab00c51591158662921782e671fddde370/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1193302262\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/b6eef535505c5b5978589dbba58145ab00c51591158662921782e671fddde370/b978b5850e57f0249767b8ae55449c6ebfffbdd7208a27d40739d286d4023e12.pid\" a14=\"b6eef535505c5b5978589dbba58145ab00c51591158662921782e671fddde370\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865578.924:21710151): arch=c000003e syscall=59 success=yes exit=0 a0=c000356970 a1=c000318a80 a2=c000318b80 a3=0 items=2 ppid=12678 pid=2182442 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865578.201:21710150): proctitle=67726570003A30424238002F70726F632F6E65742F746370"}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865578.201:21710150): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6834212 dev=00:31 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865578.201:21710150): item=0 name=\"/bin/grep\" inode=6832538 dev=00:31 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865578.201:21710150): cwd=\"/app\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865578.201:21710150): argc=3 a0=\"grep\" a1=\":0BB8\" a2=\"/proc/net/tcp\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865578.201:21710150): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865578.201:21710150): arch=c000003e syscall=59 success=yes exit=0 a0=5ac357882758 a1=5ac35695b990 a2=5ac3578826e8 a3=8 items=2 ppid=2182432 pid=2182438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"grep\" exe=\"/bin/grep\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865578.196:21710149): proctitle=2F62696E2F7368002D630067726570203A30424238202F70726F632F6E65742F746370207C7C20657869742031"}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865578.196:21710149): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6834212 dev=00:31 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865578.196:21710149): item=0 name=\"/bin/sh\" inode=6832457 dev=00:31 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865578.196:21710149): cwd=\"/app\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865578.196:21710149): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=67726570203A30424238202F70726F632F6E65742F746370207C7C20657869742031"}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865578.196:21710149): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865578.196:21710149): arch=c000003e syscall=59 success=yes exit=0 a0=c000196ee8 a1=c000022680 a2=c0000d88c0 a3=0 items=2 ppid=3423 pid=2182432 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865578.156:21710148): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865578.156:21710148): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865578.156:21710148): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865578.156:21710148): cwd=\"/var/lib/docker/rootfs/overlayfs/99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865578.156:21710148): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865578.156:21710148): arch=c000003e syscall=59 success=yes exit=0 a0=c000173840 a1=c000177338 a2=c000179c80 a3=0 items=2 ppid=2182420 pid=2182429 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865578.142:21710147): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F39393735326335353431306262366163653365353739303464"}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865578.142:21710147): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865578.142:21710147): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865578.142:21710147): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865578.142:21710147): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1941020351\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2/43369b0861de6ef2650c00bfa502a69120f5b9267d60a564f656ec715f280bab.pid\" a14=\"99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865578.142:21710147): arch=c000003e syscall=59 success=yes exit=0 a0=c000462fb0 a1=c00017f700 a2=c00017f980 a3=0 items=2 ppid=3423 pid=2182420 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865578.039:21710146): proctitle=6D617269616462002D2D64656661756C74732D65787472612D66696C653D2F7661722F6C69622F6D7973716C2F2E6D792D6865616C7468636865636B2E636E66002D2D70726F746F636F6C00736F636B6574002D42002D2D736B69702D636F6C756D6E2D6E616D6573002D650073656C65637420312066726F6D20696E666F72"}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865578.039:21710146): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:48 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865578.039:21710146): item=0 name=\"/usr/bin/mariadb\" inode=7117817 dev=00:48 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865578.039:21710146): cwd=\"/\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865578.039:21710146): argc=8 a0=\"mariadb\" a1=\"--defaults-extra-file=/var/lib/mysql/.my-healthcheck.cnf\" a2=\"--protocol\" a3=\"socket\" a4=\"-B\" a5=\"--skip-column-names\" a6=\"-e\" a7=73656C65637420312066726F6D20696E666F726D6174696F6E5F736368656D612E454E47494E455320574845524520656E67696E653D27696E6E6F64622720414E4420737570706F727420696E202827594553272C202744454641554C54272C2027454E41424C45442729"}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865578.039:21710146): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865578.039:21710146): arch=c000003e syscall=59 success=yes exit=0 a0=6158eda9a990 a1=6158edabc9c0 a2=6158eda9b860 a3=8 items=2 ppid=2182412 pid=2182419 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"mariadb\" exe=\"/usr/bin/mariadb\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865578.024:21710145): proctitle=6D617269616462002D2D64656661756C74732D65787472612D66696C653D2F7661722F6C69622F6D7973716C2F2E6D792D6865616C7468636865636B2E636E66002D2D70726F746F636F6C00736F636B6574002D42002D2D736B69702D636F6C756D6E2D6E616D6573002D650073656C656374204040736B69705F6E6574776F"}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865578.024:21710145): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:48 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865578.024:21710145): item=0 name=\"/usr/bin/mariadb\" inode=7117817 dev=00:48 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865578.024:21710145): cwd=\"/\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865578.024:21710145): argc=8 a0=\"mariadb\" a1=\"--defaults-extra-file=/var/lib/mysql/.my-healthcheck.cnf\" a2=\"--protocol\" a3=\"socket\" a4=\"-B\" a5=\"--skip-column-names\" a6=\"-e\" a7=73656C656374204040736B69705F6E6574776F726B696E67"}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865578.024:21710145): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865578.024:21710145): arch=c000003e syscall=59 success=yes exit=0 a0=6158eda9afe0 a1=6158edabc810 a2=6158eda9b4a0 a3=8 items=2 ppid=2182412 pid=2182418 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"mariadb\" exe=\"/usr/bin/mariadb\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865578.013:21710144): proctitle=2F62696E2F62617368002F7573722F6C6F63616C2F62696E2F6865616C7468636865636B2E7368002D2D636F6E6E656374002D2D696E6E6F64625F696E697469616C697A6564"}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865578.013:21710144): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:48 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865578.013:21710144): item=1 name=\"/bin/bash\" inode=6963796 dev=00:48 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865578.013:21710144): item=0 name=\"/usr/local/bin/healthcheck.sh\" inode=7348502 dev=00:48 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865578.013:21710144): cwd=\"/\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865578.013:21710144): argc=4 a0=\"/bin/bash\" a1=\"/usr/local/bin/healthcheck.sh\" a2=\"--connect\" a3=\"--innodb_initialized\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865578.013:21710144): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865578.013:21710144): arch=c000003e syscall=59 success=yes exit=0 a0=c0000289a0 a1=c000022aa0 a2=c00013a320 a3=0 items=3 ppid=2182381 pid=2182412 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"healthcheck.sh\" exe=\"/usr/bin/bash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865578.009:21710143): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865578.009:21710143): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6694357 dev=00:7e mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865578.009:21710143): item=0 name=\"/usr/local/bin/redis-cli\" inode=6703632 dev=00:7e mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865578.009:21710143): cwd=\"/data\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865578.009:21710143): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865578.009:21710143): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865578.009:21710143): arch=c000003e syscall=59 success=yes exit=0 a0=c0000289a0 a1=c000143350 a2=c00014b1c0 a3=0 items=2 ppid=2182375 pid=2182404 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865577.987:21710142): proctitle=6375726C002D6600687474703A2F2F6C6F63616C686F73743A383030302F6170692F76312F686561727462656174"}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865577.987:21710142): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6817536 dev=00:4b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865577.987:21710142): item=0 name=\"/usr/bin/curl\" inode=6830784 dev=00:4b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865577.987:21710142): cwd=\"/chroma\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865577.987:21710142): argc=3 a0=\"curl\" a1=\"-f\" a2=\"http://localhost:8000/api/v1/heartbeat\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865577.987:21710142): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865577.987:21710142): arch=c000003e syscall=59 success=yes exit=0 a0=c000196ee0 a1=c000022680 a2=c0000d8930 a3=0 items=2 ppid=2182361 pid=2182374 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"curl\" exe=\"/usr/bin/curl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865577.967:21710141): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865577.967:21710141): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865577.967:21710141): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:265 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865577.967:21710141): cwd=\"/var/lib/docker/rootfs/overlayfs/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865577.967:21710141): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865577.967:21710141): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b840 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=2182381 pid=2182405 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865577.961:21710140): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865577.961:21710140): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865577.961:21710140): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:231 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865577.961:21710140): cwd=\"/var/lib/docker/rootfs/overlayfs/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865577.961:21710140): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865577.961:21710140): arch=c000003e syscall=59 success=yes exit=0 a0=c0001d7890 a1=c0001db350 a2=c0001ddc00 a3=0 items=2 ppid=2182375 pid=2182396 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865577.950:21710139): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F37656465303139653363623065383839303138636162386266"}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865577.950:21710139): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865577.950:21710139): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865577.950:21710139): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865577.950:21710139): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2255679937\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7/560477f08fc4ac8f226cc37e9523767434637a36b7285cc9fcdba92a2e600b9e.pid\" a14=\"7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865577.950:21710139): arch=c000003e syscall=59 success=yes exit=0 a0=c000511220 a1=c0001caf00 a2=c0001cb100 a3=0 items=2 ppid=4533 pid=2182381 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865577.946:21710138): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F30613638333732643666643238323031363834626539383237"}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865577.946:21710138): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865577.946:21710138): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865577.946:21710138): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865577.946:21710138): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1619157886\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748/eeacd23d7fef37342244df28423cf213dbbec17c7350cad5f8f51de24dc6681d.pid\" a14=\"0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865577.946:21710138): arch=c000003e syscall=59 success=yes exit=0 a0=c00037eb70 a1=c0002d4580 a2=c0002d4600 a3=0 items=2 ppid=3830339 pid=2182375 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865577.939:21710137): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865577.939:21710137): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865577.939:21710137): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865577.939:21710137): cwd=\"/var/lib/docker/rootfs/overlayfs/15d7c01eab750dd5d1697f885100eb074f3a5095b1e73b1cc7a531eedb613268\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865577.939:21710137): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865577.939:21710137): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3840 a1=c0001f7338 a2=c0001f9c40 a3=0 items=2 ppid=2182361 pid=2182371 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865577.924:21710136): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F31356437633031656162373530646435643136393766383835"}
{"ts": "2026-04-10T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865577.924:21710136): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865577.924:21710136): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865577.924:21710136): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/15d7c01eab750dd5d1697f885100eb074f3a5095b1e73b1cc7a531eedb613268\""}
{"ts": "2026-04-10T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865577.924:21710136): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/15d7c01eab750dd5d1697f885100eb074f3a5095b1e73b1cc7a531eedb613268/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3281067023\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/15d7c01eab750dd5d1697f885100eb074f3a5095b1e73b1cc7a531eedb613268/28b6baa7669471023b6dc1665dd0a5c3cf7cd1684e727b3207f788f5b36befd7.pid\" a14=\"15d7c01eab750dd5d1697f885100eb074f3a5095b1e73b1cc7a531eedb613268\""}
{"ts": "2026-04-10T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865577.924:21710136): arch=c000003e syscall=59 success=yes exit=0 a0=c00023b7b0 a1=c00016cd00 a2=c00016cd80 a3=0 items=2 ppid=3967 pid=2182361 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865577.790:21710135): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-04-10T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865577.790:21710135): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6694357 dev=00:72 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865577.790:21710135): item=0 name=\"/usr/local/bin/redis-cli\" inode=6703632 dev=00:72 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865577.790:21710135): cwd=\"/data\""}
{"ts": "2026-04-10T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865577.790:21710135): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-04-10T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865577.790:21710135): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865577.790:21710135): arch=c000003e syscall=59 success=yes exit=0 a0=c0000289a0 a1=c0000d3350 a2=c0000db1c0 a3=0 items=2 ppid=2182343 pid=2182355 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865577.742:21710134): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865577.742:21710134): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865577.742:21710134): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865577.742:21710134): cwd=\"/var/lib/docker/rootfs/overlayfs/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-04-10T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865577.742:21710134): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865577.742:21710134): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5880 a1=c0001c9350 a2=c0001cbc40 a3=0 items=2 ppid=2182343 pid=2182352 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865577.728:21710133): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F34383062353761303034306362373564646534356436663664"}
{"ts": "2026-04-10T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865577.728:21710133): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865577.728:21710133): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865577.728:21710133): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-04-10T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865577.728:21710133): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3786384456\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af/98c05e814262148edaeb179380f946914fc5138453b1172606c05713a00bcf5a.pid\" a14=\"480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-04-10T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865577.728:21710133): arch=c000003e syscall=59 success=yes exit=0 a0=c000582900 a1=c000168700 a2=c000168780 a3=0 items=2 ppid=4127 pid=2182343 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865577.067:21710132): proctitle=746F66750076657273696F6E"}
{"ts": "2026-04-10T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865577.067:21710132): item=0 name=\"/usr/local/bin/tofu\" inode=6721579 dev=00:6f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865577.067:21710132): cwd=\"/tofu\""}
{"ts": "2026-04-10T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865577.067:21710132): argc=2 a0=\"tofu\" a1=\"version\""}
{"ts": "2026-04-10T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865577.067:21710132): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865577.067:21710132): arch=c000003e syscall=59 success=yes exit=0 a0=c0000271d0 a1=c000117350 a2=c000022680 a3=0 items=1 ppid=4056 pid=2182327 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tofu\" exe=\"/usr/local/bin/tofu\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865577.022:21710131): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865577.022:21710131): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865577.022:21710131): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865577.022:21710131): cwd=\"/var/lib/docker/rootfs/overlayfs/10004f011cbcd1aef0e4860649cf41d88193ca12b52cd9b892a7426c383f0f44\""}
{"ts": "2026-04-10T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865577.022:21710131): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865577.022:21710131): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3850 a1=c0001f7338 a2=c0001f9bc0 a3=0 items=2 ppid=2182315 pid=2182324 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865577.006:21710130): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F31303030346630313163626364316165663065343836303634"}
{"ts": "2026-04-10T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865577.006:21710130): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865577.006:21710130): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865577.006:21710130): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/10004f011cbcd1aef0e4860649cf41d88193ca12b52cd9b892a7426c383f0f44\""}
{"ts": "2026-04-10T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865577.006:21710130): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/10004f011cbcd1aef0e4860649cf41d88193ca12b52cd9b892a7426c383f0f44/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3028508332\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/10004f011cbcd1aef0e4860649cf41d88193ca12b52cd9b892a7426c383f0f44/6813c8d6e9b05b788ee14609afa22c49aaf1e5e001e118e0f979d6643008e9c1.pid\" a14=\"10004f011cbcd1aef0e4860649cf41d88193ca12b52cd9b892a7426c383f0f44\""}
{"ts": "2026-04-10T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865577.006:21710130): arch=c000003e syscall=59 success=yes exit=0 a0=c0001bad60 a1=c0000c1400 a2=c0000c1480 a3=0 items=2 ppid=4056 pid=2182315 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865576.763:21710129): proctitle=2F62696E2F7368002D630070675F69737265616479202D552077696E646D696C6C5F75736572202D642077696E646D696C6C5F6462"}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865576.763:21710129): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:bb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865576.763:21710129): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:bb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865576.763:21710129): cwd=\"/\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865576.763:21710129): argc=5 a0=\"pg_isready\" a1=\"-U\" a2=\"windmill_user\" a3=\"-d\" a4=\"windmill_db\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865576.763:21710129): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865576.763:21710129): arch=c000003e syscall=59 success=yes exit=0 a0=722ccbee23f8 a1=722ccbee2290 a2=722ccbee2378 a3=0 items=2 ppid=2004556 pid=2182308 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865576.760:21710128): proctitle=2F62696E2F7368002D630070675F69737265616479202D552077696E646D696C6C5F75736572202D642077696E646D696C6C5F6462"}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865576.760:21710128): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:bb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865576.760:21710128): item=0 name=\"/bin/sh\" inode=8589166 dev=00:bb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865576.760:21710128): cwd=\"/\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865576.760:21710128): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552077696E646D696C6C5F75736572202D642077696E646D696C6C5F6462"}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865576.760:21710128): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865576.760:21710128): arch=c000003e syscall=59 success=yes exit=0 a0=c000194f68 a1=c000022680 a2=c0000d88c0 a3=0 items=2 ppid=2182296 pid=2182308 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865576.714:21710127): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865576.714:21710127): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865576.714:21710127): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865576.714:21710127): cwd=\"/var/lib/docker/rootfs/overlayfs/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865576.714:21710127): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865576.714:21710127): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c58a0 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=2182296 pid=2182305 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865576.698:21710126): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F32613336356335636263646565393463656638656238333338"}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865576.698:21710126): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865576.698:21710126): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865576.698:21710126): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865576.698:21710126): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process4193448971\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c/1b775fe5db20cee406dc91fcd6c9a8abff2fcfb20ad16655807f6f1a00bcc957.pid\" a14=\"2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865576.698:21710126): arch=c000003e syscall=59 success=yes exit=0 a0=c00060d350 a1=c0000ffc00 a2=c0000ffc80 a3=0 items=2 ppid=2004556 pid=2182296 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865576.350:21710125): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865576.350:21710125): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:50 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865576.350:21710125): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:50 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865576.350:21710125): cwd=\"/\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865576.350:21710125): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"postgres\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865576.350:21710125): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865576.350:21710125): arch=c000003e syscall=59 success=yes exit=0 a0=78fe38262288 a1=78fe382621e8 a2=78fe38262208 a3=0 items=2 ppid=4396 pid=2182286 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865576.346:21710124): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865576.346:21710124): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:50 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865576.346:21710124): item=0 name=\"/bin/sh\" inode=8589166 dev=00:50 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865576.346:21710124): cwd=\"/\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865576.346:21710124): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865576.346:21710124): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865576.346:21710124): arch=c000003e syscall=59 success=yes exit=0 a0=c000196f78 a1=c000022680 a2=c0000d88c0 a3=0 items=2 ppid=2182273 pid=2182286 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865576.317:21710123): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520646F63757365616C"}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865576.317:21710123): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:32 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865576.317:21710123): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:32 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865576.317:21710123): cwd=\"/\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865576.317:21710123): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"docuseal\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865576.317:21710123): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865576.317:21710123): arch=c000003e syscall=59 success=yes exit=0 a0=7828784a3288 a1=7828784a31e8 a2=7828784a3208 a3=0 items=2 ppid=3467 pid=2182266 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865576.313:21710122): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520646F63757365616C"}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865576.313:21710122): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:32 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865576.313:21710122): item=0 name=\"/bin/sh\" inode=8589166 dev=00:32 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865576.313:21710122): cwd=\"/\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865576.313:21710122): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520646F63757365616C"}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865576.313:21710122): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865576.313:21710122): arch=c000003e syscall=59 success=yes exit=0 a0=c00017cf68 a1=c000022680 a2=c0000d88c0 a3=0 items=2 ppid=2182253 pid=2182266 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865576.301:21710121): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865576.301:21710121): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865576.301:21710121): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:231 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865576.301:21710121): cwd=\"/var/lib/docker/rootfs/overlayfs/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865576.301:21710121): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865576.301:21710121): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3850 a1=c0001f7338 a2=c0001f9c40 a3=0 items=2 ppid=2182273 pid=2182282 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865576.284:21710120): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36373039376639343730643235616536323333306332373865"}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865576.284:21710120): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865576.284:21710120): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865576.284:21710120): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865576.284:21710120): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process901738905\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41/96094ababe91a74de1d625975d3a230f57ffc8eea4584054104b0ce6deef7bdf.pid\" a14=\"67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865576.284:21710120): arch=c000003e syscall=59 success=yes exit=0 a0=c00050f110 a1=c000280e80 a2=c000280f00 a3=0 items=2 ppid=4396 pid=2182273 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865576.268:21710119): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865576.268:21710119): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865576.268:21710119): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865576.268:21710119): cwd=\"/var/lib/docker/rootfs/overlayfs/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865576.268:21710119): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865576.268:21710119): arch=c000003e syscall=59 success=yes exit=0 a0=c00024d890 a1=c000251350 a2=c000253c40 a3=0 items=2 ppid=2182253 pid=2182262 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865576.251:21710118): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F33363066643730616536656237636435653039353463653966"}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865576.251:21710118): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865576.251:21710118): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865576.251:21710118): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865576.251:21710118): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2177540677\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a/7968198e4779bb5fcb70b61f7b54b485fc18a9cafcbc410ce953ec16c2c83a2d.pid\" a14=\"360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a\""}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865576.251:21710118): arch=c000003e syscall=59 success=yes exit=0 a0=c00059ad20 a1=c0000ff780 a2=c0000ff900 a3=0 items=2 ppid=3467 pid=2182253 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.902:21710117): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.902:21710117): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6694357 dev=00:45 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.902:21710117): item=0 name=\"/usr/local/bin/redis-cli\" inode=6703632 dev=00:45 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.902:21710117): cwd=\"/data\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865575.902:21710117): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865575.902:21710117): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.902:21710117): arch=c000003e syscall=59 success=yes exit=0 a0=c000028760 a1=c000117350 a2=c0000df1c0 a3=0 items=2 ppid=2182234 pid=2182246 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.859:21710116): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.859:21710116): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.859:21710116): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.859:21710116): cwd=\"/var/lib/docker/rootfs/overlayfs/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865575.859:21710116): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.859:21710116): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b830 a1=c00017f338 a2=c000181c00 a3=0 items=2 ppid=2182234 pid=2182243 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.845:21710115): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F34636330343638363065393965643463653631636334663763"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.845:21710115): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.845:21710115): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.845:21710115): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865575.845:21710115): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1212076169\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d/6ab3ab9ccd1bb28be27ad51b91b5338452733ebe46e69a5f8a339ace4753581c.pid\" a14=\"4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.845:21710115): arch=c000003e syscall=59 success=yes exit=0 a0=c00062e210 a1=c00023ab80 a2=c00023ac00 a3=0 items=2 ppid=3439 pid=2182234 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.805:21710114): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.805:21710114): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:120 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.805:21710114): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:120 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.805:21710114): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865575.805:21710114): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865575.805:21710114): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.805:21710114): arch=c000003e syscall=59 success=yes exit=0 a0=7de3f471ed60 a1=7de3f42370a0 a2=634e07c84a40 a3=8 items=2 ppid=13318 pid=2182233 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.804:21710113): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.804:21710113): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.804:21710113): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.804:21710113): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3f42370a0 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2182233 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.804:21710112): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.804:21710112): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.804:21710112): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.804:21710112): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3f42370a0 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2182233 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.804:21710111): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.804:21710111): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.804:21710111): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.804:21710111): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3f42370a0 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2182233 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.804:21710110): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.804:21710110): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.804:21710110): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.804:21710110): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3f42370a0 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2182233 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.804:21710109): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.804:21710109): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.804:21710109): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.804:21710109): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3f42370a0 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2182233 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.804:21710108): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.804:21710108): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.804:21710108): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.804:21710108): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3f42370a0 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2182233 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.801:21710107): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.801:21710107): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:120 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.801:21710107): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:120 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.801:21710107): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865575.801:21710107): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865575.801:21710107): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.801:21710107): arch=c000003e syscall=59 success=yes exit=0 a0=7de3f471ed60 a1=7de3ad032d40 a2=634e07c84a40 a3=8 items=2 ppid=13318 pid=2182232 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.801:21710106): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.801:21710106): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.801:21710106): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.801:21710106): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad032d40 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2182232 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.801:21710105): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.801:21710105): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.801:21710105): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.801:21710105): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad032d40 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2182232 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.801:21710104): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.801:21710104): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.801:21710104): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.801:21710104): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad032d40 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2182232 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.801:21710103): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.801:21710103): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.801:21710103): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.801:21710103): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad032d40 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2182232 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.801:21710102): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.801:21710102): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.801:21710102): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.801:21710102): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad032d40 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2182232 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.801:21710101): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.801:21710101): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.801:21710101): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.801:21710101): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad032d40 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2182232 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.798:21710100): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.798:21710100): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:120 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.798:21710100): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:120 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.798:21710100): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865575.798:21710100): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865575.798:21710100): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.798:21710100): arch=c000003e syscall=59 success=yes exit=0 a0=7de3f471ed60 a1=7de3ad0355c0 a2=634e07c84a40 a3=8 items=2 ppid=13318 pid=2182231 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.798:21710099): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.798:21710099): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.798:21710099): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.798:21710099): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad0355c0 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2182231 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.798:21710098): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.798:21710098): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.798:21710098): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.798:21710098): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad0355c0 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2182231 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.798:21710097): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.798:21710097): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.798:21710097): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.798:21710097): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad0355c0 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2182231 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.798:21710096): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.798:21710096): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.798:21710096): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.798:21710096): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad0355c0 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2182231 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.798:21710095): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.798:21710095): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.798:21710095): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.798:21710095): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad0355c0 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2182231 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.798:21710094): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.798:21710094): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.798:21710094): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.798:21710094): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad0355c0 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2182231 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.565:21710093): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520617065785F75736572202D6420617065785F6462"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.565:21710093): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:117 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.565:21710093): item=0 name=\"/usr/local/bin/pg_isready\" inode=6091069 dev=00:117 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.565:21710093): cwd=\"/\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865575.565:21710093): argc=5 a0=\"pg_isready\" a1=\"-U\" a2=\"apex_user\" a3=\"-d\" a4=\"apex_db\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865575.565:21710093): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.565:21710093): arch=c000003e syscall=59 success=yes exit=0 a0=7cd9872df3f8 a1=7cd9872df278 a2=7cd9872df378 a3=0 items=2 ppid=2004566 pid=2182221 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.561:21710092): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520617065785F75736572202D6420617065785F6462"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.561:21710092): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:117 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.561:21710092): item=0 name=\"/bin/sh\" inode=3454556 dev=00:117 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.561:21710092): cwd=\"/\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865575.561:21710092): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520617065785F75736572202D6420617065785F6462"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865575.561:21710092): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.561:21710092): arch=c000003e syscall=59 success=yes exit=0 a0=c00018cf38 a1=c000022ac0 a2=c0001348c0 a3=0 items=2 ppid=2004566 pid=2182221 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.542:21710091): proctitle=6A71002D2D7261772D6F7574707574002E737461747573"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.542:21710091): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.542:21710091): item=0 name=\"/usr/bin/jq\" inode=7115963 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.542:21710091): cwd=\"/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865575.542:21710091): argc=3 a0=\"jq\" a1=\"--raw-output\" a2=\".status\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865575.542:21710091): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.542:21710091): arch=c000003e syscall=59 success=yes exit=0 a0=59ed2f6e59a0 a1=59ed2f6e6280 a2=59ed2f6e2300 a3=8 items=2 ppid=2182227 pid=2182229 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"jq\" exe=\"/usr/bin/jq\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.541:21710090): proctitle=6375726C002D2D73696C656E7400687474703A2F2F3132372E302E302E313A38312F6170692F"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.541:21710090): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.541:21710090): item=0 name=\"/usr/bin/curl\" inode=7115848 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.541:21710090): cwd=\"/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865575.541:21710090): argc=3 a0=\"curl\" a1=\"--silent\" a2=\"http://127.0.0.1:81/api/\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865575.541:21710090): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.541:21710090): arch=c000003e syscall=59 success=yes exit=0 a0=59ed2f6e59d0 a1=59ed2f6e62b0 a2=59ed2f6e2300 a3=8 items=2 ppid=2182227 pid=2182228 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"curl\" exe=\"/usr/bin/curl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.534:21710089): proctitle=2F62696E2F62617368002F62696E2F636865636B2D6865616C7468"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.534:21710089): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.534:21710089): item=1 name=\"/bin/bash\" inode=6954383 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.534:21710089): item=0 name=\"/bin/check-health\" inode=8694993 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.534:21710089): cwd=\"/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865575.534:21710089): argc=2 a0=\"/bin/bash\" a1=\"/bin/check-health\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865575.534:21710089): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.534:21710089): arch=c000003e syscall=59 success=yes exit=0 a0=c000027518 a1=c00002ae00 a2=c0000e21e0 a3=0 items=3 ppid=1163673 pid=2182202 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"check-health\" exe=\"/usr/bin/bash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.511:21710088): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.511:21710088): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.511:21710088): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:231 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.511:21710088): cwd=\"/var/lib/docker/rootfs/overlayfs/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865575.511:21710088): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.511:21710088): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c58a0 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=2182200 pid=2182216 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.492:21710087): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F63316638663937643533353936653936373532306466353366"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.492:21710087): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.492:21710087): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.492:21710087): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865575.492:21710087): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1148930355\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83/7b4c837b419206ccc163b4ca47816f602e5b1e41c1ae3ef0a24b17dac9074965.pid\" a14=\"c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.492:21710087): arch=c000003e syscall=59 success=yes exit=0 a0=c000517be0 a1=c0000ed200 a2=c0000ed280 a3=0 items=2 ppid=2004566 pid=2182200 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.489:21710086): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.489:21710086): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.489:21710086): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.489:21710086): cwd=\"/var/lib/docker/rootfs/overlayfs/3d00cea9d890ac76ec9bbdca47f4d82e83b0a918911a118694314103c0f1ab42\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865575.489:21710086): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.489:21710086): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c58c0 a1=c0001c9350 a2=c0001cbc40 a3=0 items=2 ppid=2182186 pid=2182197 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.474:21710085): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.474:21710085): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:102 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.474:21710085): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:102 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.474:21710085): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865575.474:21710085): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865575.474:21710085): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.474:21710085): arch=c000003e syscall=59 success=yes exit=0 a0=7e8ad4131d60 a1=7e8a64e002a0 a2=618bc9213650 a3=8 items=2 ppid=1943853 pid=2182187 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.474:21710084): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.474:21710084): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.474:21710084): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.474:21710084): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8a64e002a0 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2182187 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.474:21710083): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.474:21710083): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.474:21710083): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.474:21710083): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8a64e002a0 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2182187 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.474:21710082): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.474:21710082): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.474:21710082): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.474:21710082): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8a64e002a0 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2182187 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.474:21710081): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.474:21710081): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.474:21710081): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.474:21710081): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8a64e002a0 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2182187 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.473:21710080): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.473:21710080): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.473:21710080): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.473:21710080): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8a64e002a0 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2182187 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.473:21710079): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.473:21710079): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.473:21710079): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.473:21710079): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8a64e002a0 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2182187 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.473:21710078): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F33643030636561396438393061633736656339626264636134"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.473:21710078): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.473:21710078): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.473:21710078): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/3d00cea9d890ac76ec9bbdca47f4d82e83b0a918911a118694314103c0f1ab42\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865575.473:21710078): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/3d00cea9d890ac76ec9bbdca47f4d82e83b0a918911a118694314103c0f1ab42/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2521234970\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/3d00cea9d890ac76ec9bbdca47f4d82e83b0a918911a118694314103c0f1ab42/17c25ec8d5038f4ddd9858c974692388edbdd3fd6a7a9e4455e7e05d723bfdd0.pid\" a14=\"3d00cea9d890ac76ec9bbdca47f4d82e83b0a918911a118694314103c0f1ab42\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.473:21710078): arch=c000003e syscall=59 success=yes exit=0 a0=c0003cefb0 a1=c0002f1780 a2=c0002f1800 a3=0 items=2 ppid=1163673 pid=2182186 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.470:21710077): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.470:21710077): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:102 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.470:21710077): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:102 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.470:21710077): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865575.470:21710077): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865575.470:21710077): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.470:21710077): arch=c000003e syscall=59 success=yes exit=0 a0=7e8ad4131d60 a1=7e8a64e00240 a2=618bc9213650 a3=8 items=2 ppid=1943853 pid=2182185 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.470:21710076): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.470:21710076): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.470:21710076): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.470:21710076): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8a64e00240 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2182185 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.470:21710075): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.470:21710075): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.470:21710075): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.470:21710075): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8a64e00240 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2182185 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.470:21710074): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.470:21710074): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.470:21710074): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.470:21710074): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8a64e00240 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2182185 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.470:21710073): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.470:21710073): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.470:21710073): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.470:21710073): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8a64e00240 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2182185 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.470:21710072): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.470:21710072): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.470:21710072): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.470:21710072): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8a64e00240 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2182185 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.470:21710071): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.470:21710071): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.470:21710071): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.470:21710071): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8a64e00240 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2182185 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.467:21710070): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.467:21710070): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:102 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.467:21710070): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:102 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.467:21710070): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865575.467:21710070): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865575.467:21710070): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.467:21710070): arch=c000003e syscall=59 success=yes exit=0 a0=7e8ad4131d60 a1=7e8ac6e04380 a2=618bc9213650 a3=8 items=2 ppid=1943853 pid=2182184 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.467:21710069): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.467:21710069): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.467:21710069): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.467:21710069): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04380 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2182184 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.467:21710068): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.467:21710068): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.467:21710068): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.467:21710068): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04380 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2182184 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.467:21710067): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.467:21710067): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.467:21710067): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.467:21710067): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04380 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2182184 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.467:21710066): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.467:21710066): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.467:21710066): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.467:21710066): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04380 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2182184 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.466:21710065): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.466:21710065): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.466:21710065): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.466:21710065): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04380 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2182184 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.466:21710064): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.466:21710064): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.466:21710064): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.466:21710064): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04380 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2182184 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.340:21710063): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.340:21710063): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:d2 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.340:21710063): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:d2 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.340:21710063): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865575.340:21710063): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865575.340:21710063): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.340:21710063): arch=c000003e syscall=59 success=yes exit=0 a0=74bcbc1b9d60 a1=74bc78e8c9e0 a2=5f16263f7a40 a3=8 items=2 ppid=12863 pid=2182183 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.340:21710062): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.340:21710062): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.340:21710062): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.340:21710062): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8c9e0 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2182183 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.340:21710061): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.340:21710061): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.340:21710061): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.340:21710061): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8c9e0 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2182183 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.340:21710060): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.340:21710060): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.340:21710060): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.340:21710060): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8c9e0 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2182183 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.340:21710059): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.340:21710059): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.340:21710059): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.340:21710059): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8c9e0 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2182183 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.340:21710058): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.340:21710058): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.340:21710058): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.340:21710058): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8c9e0 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2182183 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.340:21710057): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.340:21710057): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.340:21710057): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.340:21710057): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8c9e0 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2182183 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.337:21710056): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.337:21710056): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:d2 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.337:21710056): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:d2 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.337:21710056): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865575.337:21710056): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865575.337:21710056): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.337:21710056): arch=c000003e syscall=59 success=yes exit=0 a0=74bcbc1b9d60 a1=74bc79e1c440 a2=5f16263f7a40 a3=8 items=2 ppid=12863 pid=2182182 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.337:21710055): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.337:21710055): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.337:21710055): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.337:21710055): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc79e1c440 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2182182 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.337:21710054): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.337:21710054): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.337:21710054): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.337:21710054): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc79e1c440 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2182182 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.337:21710053): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.337:21710053): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.337:21710053): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.337:21710053): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc79e1c440 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2182182 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.337:21710052): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.337:21710052): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.337:21710052): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.337:21710052): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc79e1c440 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2182182 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.337:21710051): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.337:21710051): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.337:21710051): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.337:21710051): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc79e1c440 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2182182 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.337:21710050): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.337:21710050): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.337:21710050): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.337:21710050): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc79e1c440 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2182182 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.334:21710049): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.334:21710049): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:d2 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.334:21710049): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:d2 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.334:21710049): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865575.334:21710049): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865575.334:21710049): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.334:21710049): arch=c000003e syscall=59 success=yes exit=0 a0=74bcbc1b9d60 a1=74bc79e1c900 a2=5f16263f7a40 a3=8 items=2 ppid=12863 pid=2182181 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.334:21710048): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.334:21710048): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.334:21710048): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.334:21710048): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc79e1c900 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2182181 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.334:21710047): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.334:21710047): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.334:21710047): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.334:21710047): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc79e1c900 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2182181 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.334:21710046): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.334:21710046): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.334:21710046): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.334:21710046): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc79e1c900 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2182181 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.334:21710045): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.334:21710045): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.334:21710045): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.334:21710045): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc79e1c900 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2182181 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.334:21710044): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.334:21710044): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.334:21710044): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.334:21710044): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc79e1c900 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2182181 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865575.334:21710043): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865575.334:21710043): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865575.334:21710043): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865575.334:21710043): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc79e1c900 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2182181 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865574.546:21710042): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520666F7267656A6F"}
{"ts": "2026-04-10T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865574.546:21710042): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:5a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865574.546:21710042): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:5a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865574.546:21710042): cwd=\"/\""}
{"ts": "2026-04-10T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865574.546:21710042): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"forgejo\""}
{"ts": "2026-04-10T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865574.546:21710042): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865574.546:21710042): arch=c000003e syscall=59 success=yes exit=0 a0=76cb8ccb3278 a1=76cb8ccb31d8 a2=76cb8ccb31f8 a3=8080808080808080 items=2 ppid=4460 pid=2182174 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865574.543:21710041): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520666F7267656A6F"}
{"ts": "2026-04-10T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865574.543:21710041): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:5a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865574.543:21710041): item=0 name=\"/bin/sh\" inode=8589166 dev=00:5a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865574.543:21710041): cwd=\"/\""}
{"ts": "2026-04-10T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865574.543:21710041): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520666F7267656A6F"}
{"ts": "2026-04-10T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865574.543:21710041): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865574.543:21710041): arch=c000003e syscall=59 success=yes exit=0 a0=c00018cf38 a1=c000022ac0 a2=c0001348c0 a3=0 items=2 ppid=2182162 pid=2182174 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865574.495:21710040): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865574.495:21710040): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865574.495:21710040): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865574.495:21710040): cwd=\"/var/lib/docker/rootfs/overlayfs/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251\""}
{"ts": "2026-04-10T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865574.495:21710040): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865574.495:21710040): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5890 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=2182162 pid=2182172 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865574.479:21710039): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F32636464336430383963393436373631633432633763666334"}
{"ts": "2026-04-10T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865574.479:21710039): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865574.479:21710039): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865574.479:21710039): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251\""}
{"ts": "2026-04-10T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865574.479:21710039): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3375874411\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251/a487a8751020b5f17d7da0d3b350796871ae45629eb31ac0ee7af4d331249d89.pid\" a14=\"2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251\""}
{"ts": "2026-04-10T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865574.479:21710039): arch=c000003e syscall=59 success=yes exit=0 a0=c000518f80 a1=c0002de780 a2=c0002de800 a3=0 items=2 ppid=4460 pid=2182162 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865573.536:21710038): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550070726F6D6574686575735F61646D696E002D640070726F6D6574686575735F61646D696E"}
{"ts": "2026-04-10T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865573.536:21710038): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=5581428 dev=00:a7 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865573.536:21710038): item=0 name=\"/usr/lib/postgresql/17/bin/pg_isready\" inode=5809487 dev=00:a7 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865573.536:21710038): cwd=\"/\""}
{"ts": "2026-04-10T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865573.536:21710038): argc=5 a0=\"/usr/lib/postgresql/17/bin/pg_isready\" a1=\"-U\" a2=\"prometheus_admin\" a3=\"-d\" a4=\"prometheus_admin\""}
{"ts": "2026-04-10T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865573.536:21710038): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865573.536:21710038): arch=c000003e syscall=59 success=yes exit=0 a0=62850d785da0 a1=62850d613000 a2=62850d400970 a3=787672b6de70 items=2 ppid=2182152 pid=2182158 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/lib/postgresql/17/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865573.498:21710037): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550070726F6D6574686575735F61646D696E002D640070726F6D6574686575735F61646D696E"}
{"ts": "2026-04-10T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865573.498:21710037): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=5581428 dev=00:a7 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865573.498:21710037): item=1 name=\"/usr/bin/perl\" inode=5580916 dev=00:a7 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865573.498:21710037): item=0 name=\"/usr/bin/pg_isready\" inode=5823482 dev=00:a7 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865573.498:21710037): cwd=\"/\""}
{"ts": "2026-04-10T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865573.498:21710037): argc=6 a0=\"/usr/bin/perl\" a1=\"/usr/bin/pg_isready\" a2=\"-U\" a3=\"prometheus_admin\" a4=\"-d\" a5=\"prometheus_admin\""}
{"ts": "2026-04-10T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865573.498:21710037): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865573.498:21710037): arch=c000003e syscall=59 success=yes exit=0 a0=6078e2dc9678 a1=6078e2dc95e0 a2=6078e2dc9610 a3=8 items=3 ppid=2182152 pid=2182158 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/bin/perl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865573.494:21710036): proctitle=2F62696E2F7368002D630070675F69737265616479202D552070726F6D6574686575735F61646D696E202D642070726F6D6574686575735F61646D696E"}
{"ts": "2026-04-10T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865573.494:21710036): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=5581428 dev=00:a7 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865573.494:21710036): item=0 name=\"/bin/sh\" inode=5580787 dev=00:a7 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865573.494:21710036): cwd=\"/\""}
{"ts": "2026-04-10T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865573.494:21710036): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552070726F6D6574686575735F61646D696E202D642070726F6D6574686575735F61646D696E"}
{"ts": "2026-04-10T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865573.494:21710036): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865573.494:21710036): arch=c000003e syscall=59 success=yes exit=0 a0=c00018ae80 a1=c000022ac0 a2=c0000940c0 a3=0 items=2 ppid=5382 pid=2182152 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/usr/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865573.452:21710035): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865573.452:21710035): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865573.452:21710035): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865573.452:21710035): cwd=\"/var/lib/docker/rootfs/overlayfs/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24\""}
{"ts": "2026-04-10T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865573.452:21710035): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865573.452:21710035): arch=c000003e syscall=59 success=yes exit=0 a0=c0001ed7c0 a1=c0001f1278 a2=c0001f3bc0 a3=0 items=2 ppid=2182139 pid=2182148 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865573.438:21710034): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F39366463666130373439336431613065353531353136646432"}
{"ts": "2026-04-10T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865573.438:21710034): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865573.438:21710034): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865573.438:21710034): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24\""}
{"ts": "2026-04-10T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865573.438:21710034): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process394318824\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24/b48720d15691801e51ddd275d272e87b497efbdd553b10e1e7e98a02ed09f387.pid\" a14=\"96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24\""}
{"ts": "2026-04-10T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865573.438:21710034): arch=c000003e syscall=59 success=yes exit=0 a0=c0004acf70 a1=c000326c80 a2=c000326d00 a3=0 items=2 ppid=5382 pid=2182139 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865572.280:21710033): proctitle=636C616D647363616E002D2D76657273696F6E"}
{"ts": "2026-04-10T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865572.280:21710033): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6689254 dev=00:9e mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865572.280:21710033): item=0 name=\"/usr/bin/clamdscan\" inode=6714733 dev=00:9e mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865572.280:21710033): cwd=\"/\""}
{"ts": "2026-04-10T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865572.280:21710033): argc=2 a0=\"clamdscan\" a1=\"--version\""}
{"ts": "2026-04-10T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865572.280:21710033): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865572.280:21710033): arch=c000003e syscall=59 success=yes exit=0 a0=c0000271b8 a1=c000117350 a2=c0000cf950 a3=0 items=2 ppid=2182118 pid=2182131 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"clamdscan\" exe=\"/usr/bin/clamdscan\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865572.239:21710032): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865572.239:21710032): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865572.239:21710032): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865572.239:21710032): cwd=\"/var/lib/docker/rootfs/overlayfs/60ba518f9a5f7016add1133158f649e99ef850284ee96e9bc71f602039398291\""}
{"ts": "2026-04-10T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865572.239:21710032): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865572.239:21710032): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c58a0 a1=c0001c9350 a2=c0001cbc40 a3=0 items=2 ppid=2182118 pid=2182127 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865572.224:21710031): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36306261353138663961356637303136616464313133333135"}
{"ts": "2026-04-10T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865572.224:21710031): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865572.224:21710031): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865572.224:21710031): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/60ba518f9a5f7016add1133158f649e99ef850284ee96e9bc71f602039398291\""}
{"ts": "2026-04-10T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865572.224:21710031): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/60ba518f9a5f7016add1133158f649e99ef850284ee96e9bc71f602039398291/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1009220302\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/60ba518f9a5f7016add1133158f649e99ef850284ee96e9bc71f602039398291/5829db2de7f236669d1464b799823e93aaa484578cbaee69f4e07c420952e267.pid\" a14=\"60ba518f9a5f7016add1133158f649e99ef850284ee96e9bc71f602039398291\""}
{"ts": "2026-04-10T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865572.224:21710031): arch=c000003e syscall=59 success=yes exit=0 a0=c00016c710 a1=c0001a4500 a2=c0001a4580 a3=0 items=2 ppid=5011 pid=2182118 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=USER_ERR msg=audit(1775865571.382:21710030): pid=2182075 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:bad_ident grantors=? acct=\"?\" exe=\"/usr/sbin/sshd\" hostname=111.26.79.159 addr=111.26.79.159 terminal=ssh res=failed'\u001dUID=\"root\" AUID=\"unset\""}
{"ts": "2026-04-10T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=USER_LOGIN msg=audit(1775865571.146:21710029): pid=2182075 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=login acct=28696E76616C6964207573657229 exe=\"/usr/sbin/sshd\" hostname=? addr=111.26.79.159 terminal=sshd res=failed'\u001dUID=\"root\" AUID=\"unset\""}
{"ts": "2026-04-10T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=USER_LOGIN msg=audit(1775865571.145:21710028): pid=2182075 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=login acct=28696E76616C6964207573657229 exe=\"/usr/sbin/sshd\" hostname=? addr=111.26.79.159 terminal=sshd res=failed'\u001dUID=\"root\" AUID=\"unset\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865570.410:21710027): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865570.410:21710027): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:5b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865570.410:21710027): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:5b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865570.410:21710027): cwd=\"/\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865570.410:21710027): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"postgres\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865570.410:21710027): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865570.410:21710027): arch=c000003e syscall=59 success=yes exit=0 a0=743abcb04288 a1=743abcb041e8 a2=743abcb04208 a3=0 items=2 ppid=5762 pid=2182109 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865570.407:21710026): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865570.407:21710026): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:5b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865570.407:21710026): item=0 name=\"/bin/sh\" inode=8589166 dev=00:5b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865570.407:21710026): cwd=\"/\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865570.407:21710026): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865570.407:21710026): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865570.407:21710026): arch=c000003e syscall=59 success=yes exit=0 a0=c0000fcf68 a1=c000022680 a2=c0001508c0 a3=0 items=2 ppid=5762 pid=2182109 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865570.364:21710025): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865570.364:21710025): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865570.364:21710025): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865570.364:21710025): cwd=\"/var/lib/docker/rootfs/overlayfs/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865570.364:21710025): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865570.364:21710025): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5890 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=2182097 pid=2182107 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865570.349:21710024): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36653065616135386161643139626438656463306639353565"}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865570.349:21710024): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865570.349:21710024): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865570.349:21710024): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865570.349:21710024): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2056867752\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39/a50bbb8648b5defd3337cb7d568a31351784daa715168aa325e7c81cebca55a4.pid\" a14=\"6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865570.349:21710024): arch=c000003e syscall=59 success=yes exit=0 a0=c0005af390 a1=c000236b80 a2=c000236c00 a3=0 items=2 ppid=5762 pid=2182097 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865570.226:21710023): proctitle=77676574002D71002D2D73706964657200687474703A2F2F3132372E302E302E313A38302F76312F6865616C7468"}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865570.226:21710023): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3461249 dev=00:b5 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865570.226:21710023): item=0 name=\"/usr/bin/wget\" inode=3461048 dev=00:b5 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865570.226:21710023): cwd=\"/\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865570.226:21710023): argc=4 a0=\"wget\" a1=\"-q\" a2=\"--spider\" a3=\"http://127.0.0.1:80/v1/health\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865570.226:21710023): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865570.226:21710023): arch=c000003e syscall=59 success=yes exit=0 a0=71bf41d46400 a1=71bf41d46390 a2=71bf41d463b8 a3=8 items=2 ppid=2182090 pid=2182096 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865570.222:21710022): proctitle=2F62696E2F7368002D630077676574202D71202D2D73706964657220687474703A2F2F3132372E302E302E313A38302F76312F6865616C7468207C7C20657869742031"}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865570.222:21710022): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3461249 dev=00:b5 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865570.222:21710022): item=0 name=\"/bin/sh\" inode=3461048 dev=00:b5 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865570.222:21710022): cwd=\"/\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865570.222:21710022): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=77676574202D71202D2D73706964657220687474703A2F2F3132372E302E302E313A38302F76312F6865616C7468207C7C20657869742031"}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865570.222:21710022): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865570.222:21710022): arch=c000003e syscall=59 success=yes exit=0 a0=c0001950b8 a1=c000022660 a2=c000165200 a3=0 items=2 ppid=2182078 pid=2182090 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865570.178:21710021): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865570.178:21710021): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865570.178:21710021): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865570.178:21710021): cwd=\"/var/lib/docker/rootfs/overlayfs/999e0287888ade70d9e2f4a19da005d0fdb8f07eed0a2beb95e713a630ab3416\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865570.178:21710021): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865570.178:21710021): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3830 a1=c0001f7338 a2=c0001f9c40 a3=0 items=2 ppid=2182078 pid=2182087 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865570.161:21710020): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F39393965303238373838386164653730643965326634613139"}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865570.161:21710020): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865570.161:21710020): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865570.161:21710020): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/999e0287888ade70d9e2f4a19da005d0fdb8f07eed0a2beb95e713a630ab3416\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865570.161:21710020): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/999e0287888ade70d9e2f4a19da005d0fdb8f07eed0a2beb95e713a630ab3416/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2272106073\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/999e0287888ade70d9e2f4a19da005d0fdb8f07eed0a2beb95e713a630ab3416/e31c56bd6cdd50f006f399e4f1c9b00a4f1b02cd83d9fac2756524a02e985626.pid\" a14=\"999e0287888ade70d9e2f4a19da005d0fdb8f07eed0a2beb95e713a630ab3416\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865570.161:21710020): arch=c000003e syscall=59 success=yes exit=0 a0=c0002a50c0 a1=c00017ea80 a2=c00017f580 a3=0 items=2 ppid=5330 pid=2182078 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865570.134:21710019): proctitle=6C73002F"}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865570.134:21710019): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6952479 dev=00:a6 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865570.134:21710019): item=0 name=\"/usr/bin/ls\" inode=6837222 dev=00:a6 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865570.134:21710019): cwd=\"/project\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865570.134:21710019): argc=2 a0=\"ls\" a1=\"/\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865570.134:21710019): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865570.134:21710019): arch=c000003e syscall=59 success=yes exit=0 a0=62ab882f36f0 a1=62ab7dc48990 a2=62ab882f3698 a3=8 items=2 ppid=2182069 pid=2182077 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"ls\" exe=\"/usr/bin/ls\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865570.130:21710018): proctitle=2F62696E2F7368002D63006C73202F203E202F6465762F6E756C6C207C7C20657869742031"}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865570.130:21710018): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6952479 dev=00:a6 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865570.130:21710018): item=0 name=\"/bin/sh\" inode=6834806 dev=00:a6 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865570.130:21710018): cwd=\"/project\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865570.130:21710018): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=6C73202F203E202F6465762F6E756C6C207C7C20657869742031"}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865570.130:21710018): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865570.130:21710018): arch=c000003e syscall=59 success=yes exit=0 a0=c000196ea8 a1=c000022660 a2=c0000de320 a3=0 items=2 ppid=2182057 pid=2182069 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/usr/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865570.099:21710017): proctitle=2F7573722F7362696E2F73736864002D44002D52"}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865570.099:21710017): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865570.099:21710017): item=0 name=\"/usr/sbin/sshd\" inode=4064199 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865570.099:21710017): cwd=\"/\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865570.099:21710017): argc=3 a0=\"/usr/sbin/sshd\" a1=\"-D\" a2=\"-R\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865570.099:21710017): arch=c000003e syscall=59 success=yes exit=0 a0=639ec3c40950 a1=639ec3c9a6e0 a2=639ec3c40990 a3=8 items=2 ppid=1838510 pid=2182075 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sshd\" exe=\"/usr/sbin/sshd\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865570.083:21710016): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865570.083:21710016): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865570.083:21710016): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865570.083:21710016): cwd=\"/var/lib/docker/rootfs/overlayfs/aafc3318f2a2fddff1da5e3c92952f5057b4e21f72626d5770313f32f540051d\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865570.083:21710016): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865570.083:21710016): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3840 a1=c0001f7338 a2=c0001f9c40 a3=0 items=2 ppid=2182057 pid=2182067 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865570.067:21710015): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F61616663333331386632613266646466663164613565336339"}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865570.067:21710015): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865570.067:21710015): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865570.067:21710015): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/aafc3318f2a2fddff1da5e3c92952f5057b4e21f72626d5770313f32f540051d\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865570.067:21710015): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/aafc3318f2a2fddff1da5e3c92952f5057b4e21f72626d5770313f32f540051d/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2109563134\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/aafc3318f2a2fddff1da5e3c92952f5057b4e21f72626d5770313f32f540051d/178c08b015b84e5bc2797f540788f5ea5782cfff2a9f0f39e406efbd0cadd277.pid\" a14=\"aafc3318f2a2fddff1da5e3c92952f5057b4e21f72626d5770313f32f540051d\""}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865570.067:21710015): arch=c000003e syscall=59 success=yes exit=0 a0=c00026d1b0 a1=c0001beb00 a2=c0001beb80 a3=0 items=2 ppid=5395 pid=2182057 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.756:21710014): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.756:21710014): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:120 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.756:21710014): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:120 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.756:21710014): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865569.756:21710014): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865569.756:21710014): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.756:21710014): arch=c000003e syscall=59 success=yes exit=0 a0=7de3f471ed60 a1=7de3ad0355c0 a2=634e07c84a40 a3=8 items=2 ppid=13318 pid=2182055 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.756:21710013): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.756:21710013): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.756:21710013): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.756:21710013): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad0355c0 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2182055 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.756:21710012): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.756:21710012): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.756:21710012): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.756:21710012): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad0355c0 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2182055 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.756:21710011): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.756:21710011): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.756:21710011): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.756:21710011): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad0355c0 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2182055 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.756:21710010): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.756:21710010): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.756:21710010): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.756:21710010): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad0355c0 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2182055 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.756:21710009): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.756:21710009): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.756:21710009): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.756:21710009): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad0355c0 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2182055 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.756:21710008): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.756:21710008): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.756:21710008): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.756:21710008): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad0355c0 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2182055 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.753:21710007): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.753:21710007): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:120 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.753:21710007): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:120 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.753:21710007): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865569.753:21710007): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865569.753:21710007): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.753:21710007): arch=c000003e syscall=59 success=yes exit=0 a0=7de3f471ed60 a1=7de321801860 a2=634e07c84a40 a3=8 items=2 ppid=13318 pid=2182054 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.753:21710006): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.753:21710006): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.753:21710006): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.753:21710006): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de321801860 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2182054 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.753:21710005): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.753:21710005): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.753:21710005): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.753:21710005): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de321801860 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2182054 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.753:21710004): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.753:21710004): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.753:21710004): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.753:21710004): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de321801860 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2182054 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.753:21710003): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.753:21710003): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.753:21710003): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.753:21710003): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de321801860 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2182054 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.753:21710002): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.753:21710002): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.753:21710002): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.753:21710002): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de321801860 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2182054 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.753:21710001): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.753:21710001): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.753:21710001): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.753:21710001): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de321801860 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2182054 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.750:21710000): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.750:21710000): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:120 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.750:21710000): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:120 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.750:21710000): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865569.750:21710000): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865569.750:21710000): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.750:21710000): arch=c000003e syscall=59 success=yes exit=0 a0=7de3f471ed60 a1=7de3f42370a0 a2=634e07c84a40 a3=8 items=2 ppid=13318 pid=2182053 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.750:21709999): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.750:21709999): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.750:21709999): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.750:21709999): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3f42370a0 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2182053 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.750:21709998): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.750:21709998): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.750:21709998): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.750:21709998): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3f42370a0 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2182053 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.750:21709997): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.750:21709997): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.750:21709997): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.750:21709997): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3f42370a0 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2182053 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.750:21709996): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.750:21709996): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.750:21709996): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.750:21709996): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3f42370a0 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2182053 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.749:21709995): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.749:21709995): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.749:21709995): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.749:21709995): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3f42370a0 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2182053 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.749:21709994): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.749:21709994): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.749:21709994): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.749:21709994): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3f42370a0 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2182053 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.456:21709993): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.456:21709993): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:102 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.456:21709993): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:102 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.456:21709993): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865569.456:21709993): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865569.456:21709993): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.456:21709993): arch=c000003e syscall=59 success=yes exit=0 a0=7e8ad4131d60 a1=7e8ac6e04e20 a2=618bc9213650 a3=8 items=2 ppid=1943853 pid=2182052 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.455:21709992): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.455:21709992): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.455:21709992): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.455:21709992): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04e20 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2182052 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.455:21709991): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.455:21709991): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.455:21709991): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.455:21709991): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04e20 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2182052 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.455:21709990): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.455:21709990): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.455:21709990): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.455:21709990): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04e20 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2182052 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.455:21709989): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.455:21709989): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.455:21709989): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.455:21709989): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04e20 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2182052 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.455:21709988): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.455:21709988): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.455:21709988): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.455:21709988): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04e20 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2182052 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.455:21709987): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.455:21709987): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.455:21709987): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.455:21709987): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04e20 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2182052 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.452:21709986): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.452:21709986): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:102 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.452:21709986): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:102 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.452:21709986): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865569.452:21709986): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865569.452:21709986): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.452:21709986): arch=c000003e syscall=59 success=yes exit=0 a0=7e8ad4131d60 a1=7e8ac6e04e00 a2=618bc9213650 a3=8 items=2 ppid=1943853 pid=2182051 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.452:21709985): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.452:21709985): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.452:21709985): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.452:21709985): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04e00 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2182051 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.452:21709984): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.452:21709984): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.452:21709984): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.452:21709984): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04e00 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2182051 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.452:21709983): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.452:21709983): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.452:21709983): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.452:21709983): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04e00 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2182051 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.452:21709982): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.452:21709982): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.452:21709982): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.452:21709982): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04e00 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2182051 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.452:21709981): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.452:21709981): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.452:21709981): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.452:21709981): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04e00 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2182051 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.452:21709980): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.452:21709980): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.452:21709980): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.452:21709980): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04e00 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2182051 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.449:21709979): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.449:21709979): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:102 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.449:21709979): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:102 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.449:21709979): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865569.449:21709979): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865569.449:21709979): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.449:21709979): arch=c000003e syscall=59 success=yes exit=0 a0=7e8ad4131d60 a1=7e8ac6e04dc0 a2=618bc9213650 a3=8 items=2 ppid=1943853 pid=2182050 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.449:21709978): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.449:21709978): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.449:21709978): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.449:21709978): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04dc0 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2182050 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.449:21709977): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.449:21709977): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.449:21709977): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.449:21709977): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04dc0 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2182050 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.449:21709976): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.449:21709976): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.449:21709976): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.449:21709976): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04dc0 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2182050 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.449:21709975): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.449:21709975): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.449:21709975): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.449:21709975): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04dc0 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2182050 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.449:21709974): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.449:21709974): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.449:21709974): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.449:21709974): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04dc0 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2182050 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.449:21709973): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.449:21709973): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.449:21709973): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.449:21709973): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04dc0 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2182050 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.280:21709972): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.280:21709972): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:d2 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.280:21709972): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:d2 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.280:21709972): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865569.280:21709972): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865569.280:21709972): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.280:21709972): arch=c000003e syscall=59 success=yes exit=0 a0=74bcbc1b9d60 a1=74bc78e8cb60 a2=5f16263f7a40 a3=8 items=2 ppid=12863 pid=2182049 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.279:21709971): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.279:21709971): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.279:21709971): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.279:21709971): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8cb60 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2182049 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.279:21709970): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.279:21709970): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.279:21709970): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.279:21709970): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8cb60 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2182049 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.279:21709969): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.279:21709969): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.279:21709969): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.279:21709969): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8cb60 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2182049 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.279:21709968): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.279:21709968): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.279:21709968): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.279:21709968): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8cb60 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2182049 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.279:21709967): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.279:21709967): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.279:21709967): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.279:21709967): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8cb60 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2182049 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.279:21709966): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.279:21709966): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.279:21709966): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.279:21709966): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8cb60 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2182049 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.276:21709965): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.276:21709965): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:d2 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.276:21709965): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:d2 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.276:21709965): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865569.276:21709965): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865569.276:21709965): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.276:21709965): arch=c000003e syscall=59 success=yes exit=0 a0=74bcbc1b9d60 a1=74bc78e8cb40 a2=5f16263f7a40 a3=8 items=2 ppid=12863 pid=2182048 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.276:21709964): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.276:21709964): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.276:21709964): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.276:21709964): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8cb40 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2182048 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.276:21709963): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.276:21709963): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.276:21709963): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.276:21709963): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8cb40 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2182048 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.276:21709962): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.276:21709962): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.276:21709962): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.276:21709962): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8cb40 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2182048 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.276:21709961): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.276:21709961): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.276:21709961): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.276:21709961): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8cb40 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2182048 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.276:21709960): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.276:21709960): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.276:21709960): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.276:21709960): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8cb40 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2182048 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.276:21709959): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.276:21709959): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.276:21709959): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.276:21709959): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8cb40 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2182048 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.273:21709958): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.273:21709958): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:d2 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.273:21709958): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:d2 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.273:21709958): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865569.273:21709958): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865569.273:21709958): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.273:21709958): arch=c000003e syscall=59 success=yes exit=0 a0=74bcbc1b9d60 a1=74bc78e8cb00 a2=5f16263f7a40 a3=8 items=2 ppid=12863 pid=2182047 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.273:21709957): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.273:21709957): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.273:21709957): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.273:21709957): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8cb00 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2182047 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.273:21709956): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.273:21709956): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.273:21709956): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.273:21709956): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8cb00 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2182047 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.273:21709955): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.273:21709955): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.273:21709955): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.273:21709955): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8cb00 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2182047 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.273:21709954): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.273:21709954): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.273:21709954): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.273:21709954): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8cb00 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2182047 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.273:21709953): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.273:21709953): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.273:21709953): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.273:21709953): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8cb00 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2182047 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.272:21709952): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.272:21709952): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.272:21709952): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.272:21709952): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8cb00 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2182047 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865569.053:21709951): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550067726F777468626F6F6B002D6400706F737467726573"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.053:21709951): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:95 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865569.053:21709951): item=0 name=\"/usr/lib/postgresql/17/bin/pg_isready\" inode=3958125 dev=00:95 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865569.053:21709951): cwd=\"/\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865569.053:21709951): argc=5 a0=\"/usr/lib/postgresql/17/bin/pg_isready\" a1=\"-U\" a2=\"growthbook\" a3=\"-d\" a4=\"postgres\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865569.053:21709951): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865569.053:21709951): arch=c000003e syscall=59 success=yes exit=0 a0=57edc3973fa0 a1=57edc37e6240 a2=57edc35e0970 a3=7ef57ced0e70 items=2 ppid=2182037 pid=2182045 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/lib/postgresql/17/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865568.968:21709950): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550067726F777468626F6F6B002D6400706F737467726573"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865568.968:21709950): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:95 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865568.968:21709950): item=1 name=\"/usr/bin/perl\" inode=6956288 dev=00:95 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865568.968:21709950): item=0 name=\"/usr/bin/pg_isready\" inode=4211279 dev=00:95 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865568.968:21709950): cwd=\"/\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865568.968:21709950): argc=6 a0=\"/usr/bin/perl\" a1=\"/usr/bin/pg_isready\" a2=\"-U\" a3=\"growthbook\" a4=\"-d\" a5=\"postgres\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865568.968:21709950): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865568.968:21709950): arch=c000003e syscall=59 success=yes exit=0 a0=5738789bf640 a1=5738685b09a8 a2=5738789bf5d8 a3=8 items=3 ppid=2182037 pid=2182045 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/bin/perl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865568.964:21709949): proctitle=2F62696E2F7368002D630070675F69737265616479202D552067726F777468626F6F6B202D6420706F737467726573"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865568.964:21709949): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:95 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865568.964:21709949): item=0 name=\"/bin/sh\" inode=6954646 dev=00:95 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865568.964:21709949): cwd=\"/\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865568.964:21709949): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552067726F777468626F6F6B202D6420706F737467726573"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865568.964:21709949): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865568.964:21709949): arch=c000003e syscall=59 success=yes exit=0 a0=c00017ceb0 a1=c000022680 a2=c000025140 a3=0 items=2 ppid=5607 pid=2182037 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/usr/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865568.929:21709948): proctitle=2F62696E2F7368002D630070675F69737265616479202D552074797065626F74"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865568.929:21709948): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865568.929:21709948): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865568.929:21709948): cwd=\"/\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865568.929:21709948): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"typebot\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865568.929:21709948): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865568.929:21709948): arch=c000003e syscall=59 success=yes exit=0 a0=7ab7ded82278 a1=7ab7ded821d8 a2=7ab7ded821f8 a3=8080808080808080 items=2 ppid=2182004 pid=2182018 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865568.926:21709947): proctitle=2F62696E2F7368002D630070675F69737265616479202D552074797065626F74"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865568.926:21709947): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865568.926:21709947): item=0 name=\"/bin/sh\" inode=8589166 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865568.926:21709947): cwd=\"/\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865568.926:21709947): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552074797065626F74"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865568.926:21709947): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865568.926:21709947): arch=c000003e syscall=59 success=yes exit=0 a0=c0000fef38 a1=c000022ac0 a2=c0001348c0 a3=0 items=2 ppid=2182004 pid=2182018 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865568.901:21709946): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865568.901:21709946): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865568.901:21709946): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:231 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865568.901:21709946): cwd=\"/var/lib/docker/rootfs/overlayfs/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf\""}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865568.901:21709946): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865568.901:21709946): arch=c000003e syscall=59 success=yes exit=0 a0=c000012070 a1=c000010018 a2=c000292040 a3=0 items=2 ppid=2182017 pid=2182033 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865568.875:21709945): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F30326662356464303063653239313436373264356635333762"}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865568.875:21709945): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865568.875:21709945): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865568.875:21709945): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf\""}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865568.875:21709945): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3506448823\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf/3ba6b1769eb53a55bf53014c4c327c25615f37fcdddca38802714011d140ed37.pid\" a14=\"02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf\""}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865568.875:21709945): arch=c000003e syscall=59 success=yes exit=0 a0=c000522aa0 a1=c000377180 a2=c000377200 a3=0 items=2 ppid=5607 pid=2182017 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865568.868:21709944): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865568.868:21709944): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865568.868:21709944): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865568.868:21709944): cwd=\"/var/lib/docker/rootfs/overlayfs/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b\""}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865568.868:21709944): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865568.868:21709944): arch=c000003e syscall=59 success=yes exit=0 a0=c0002960f0 a1=c0002c0000 a2=c0002a4100 a3=0 items=2 ppid=2182004 pid=2182013 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865568.848:21709943): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F61353866643439636235323962633263336335663434343763"}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865568.848:21709943): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865568.848:21709943): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865568.848:21709943): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b\""}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865568.848:21709943): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process874233367\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b/c1634c68b50f48cfbb2a880170f00d66452bb19c73928185d6160e39a24ad6b2.pid\" a14=\"a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b\""}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865568.848:21709943): arch=c000003e syscall=59 success=yes exit=0 a0=c000668120 a1=c00021f780 a2=c00021f800 a3=0 items=2 ppid=4511 pid=2182004 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865568.683:21709942): proctitle=77676574002D2D737069646572002D7100687474703A2F2F3132372E302E302E313A383333332F6865616C74687A"}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865568.683:21709942): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:5f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865568.683:21709942): item=0 name=\"/usr/bin/wget\" inode=3454556 dev=00:5f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865568.683:21709942): cwd=\"/data\""}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865568.683:21709942): argc=4 a0=\"wget\" a1=\"--spider\" a2=\"-q\" a3=\"http://127.0.0.1:8333/healthz\""}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865568.683:21709942): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865568.683:21709942): arch=c000003e syscall=59 success=yes exit=0 a0=76d3cc95c408 a1=76d3cc95c3b0 a2=76d3cc95c3d8 a3=8080808080808080 items=2 ppid=2181996 pid=2182002 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865568.679:21709941): proctitle=2F62696E2F7368002D630077676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A383333332F6865616C74687A207C7C20657869742031"}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865568.679:21709941): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:5f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865568.679:21709941): item=0 name=\"/bin/sh\" inode=3454556 dev=00:5f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865568.679:21709941): cwd=\"/data\""}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865568.679:21709941): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=77676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A383333332F6865616C74687A207C7C20657869742031"}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865568.679:21709941): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865568.679:21709941): arch=c000003e syscall=59 success=yes exit=0 a0=c00018af38 a1=c000022ac0 a2=c000022ae0 a3=0 items=2 ppid=2181983 pid=2181996 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865568.626:21709940): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865568.626:21709940): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865568.626:21709940): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865568.626:21709940): cwd=\"/var/lib/docker/rootfs/overlayfs/38a784eb49e8778635b8fa1d44a04c342675dfae8a3a09d66ba486cc6e08b7bb\""}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865568.626:21709940): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865568.626:21709940): arch=c000003e syscall=59 success=yes exit=0 a0=c0001cd880 a1=c0001d1350 a2=c0001d3c40 a3=0 items=2 ppid=2181983 pid=2181994 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865568.603:21709939): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F33386137383465623439653837373836333562386661316434"}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865568.603:21709939): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865568.603:21709939): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865568.603:21709939): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/38a784eb49e8778635b8fa1d44a04c342675dfae8a3a09d66ba486cc6e08b7bb\""}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865568.603:21709939): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/38a784eb49e8778635b8fa1d44a04c342675dfae8a3a09d66ba486cc6e08b7bb/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2733711242\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/38a784eb49e8778635b8fa1d44a04c342675dfae8a3a09d66ba486cc6e08b7bb/1fe394841b0b42a0820a0aacf96b5bd71416bdc0120d6c1838e02f2648e130a3.pid\" a14=\"38a784eb49e8778635b8fa1d44a04c342675dfae8a3a09d66ba486cc6e08b7bb\""}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865568.603:21709939): arch=c000003e syscall=59 success=yes exit=0 a0=c000247320 a1=c00007f580 a2=c00007f600 a3=0 items=2 ppid=4048 pid=2181983 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865567.928:21709938): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865567.928:21709938): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6694357 dev=00:7e mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865567.928:21709938): item=0 name=\"/usr/local/bin/redis-cli\" inode=6703632 dev=00:7e mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865567.928:21709938): cwd=\"/data\""}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865567.928:21709938): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865567.928:21709938): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865567.928:21709938): arch=c000003e syscall=59 success=yes exit=0 a0=c0000289a0 a1=c0000e1350 a2=c0000e91c0 a3=0 items=2 ppid=3830339 pid=2181972 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865567.917:21709937): proctitle=6D617269616462002D2D64656661756C74732D65787472612D66696C653D2F7661722F6C69622F6D7973716C2F2E6D792D6865616C7468636865636B2E636E66002D2D70726F746F636F6C00736F636B6574002D42002D2D736B69702D636F6C756D6E2D6E616D6573002D650073656C65637420312066726F6D20696E666F72"}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865567.917:21709937): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:48 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865567.917:21709937): item=0 name=\"/usr/bin/mariadb\" inode=7117817 dev=00:48 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865567.917:21709937): cwd=\"/\""}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865567.917:21709937): argc=8 a0=\"mariadb\" a1=\"--defaults-extra-file=/var/lib/mysql/.my-healthcheck.cnf\" a2=\"--protocol\" a3=\"socket\" a4=\"-B\" a5=\"--skip-column-names\" a6=\"-e\" a7=73656C65637420312066726F6D20696E666F726D6174696F6E5F736368656D612E454E47494E455320574845524520656E67696E653D27696E6E6F64622720414E4420737570706F727420696E202827594553272C202744454641554C54272C2027454E41424C45442729"}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865567.917:21709937): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865567.917:21709937): arch=c000003e syscall=59 success=yes exit=0 a0=65443ff35990 a1=65443ff579c0 a2=65443ff36860 a3=8 items=2 ppid=2181954 pid=2181980 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"mariadb\" exe=\"/usr/bin/mariadb\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865567.901:21709936): proctitle=6D617269616462002D2D64656661756C74732D65787472612D66696C653D2F7661722F6C69622F6D7973716C2F2E6D792D6865616C7468636865636B2E636E66002D2D70726F746F636F6C00736F636B6574002D42002D2D736B69702D636F6C756D6E2D6E616D6573002D650073656C656374204040736B69705F6E6574776F"}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865567.901:21709936): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:48 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865567.901:21709936): item=0 name=\"/usr/bin/mariadb\" inode=7117817 dev=00:48 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865567.901:21709936): cwd=\"/\""}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865567.901:21709936): argc=8 a0=\"mariadb\" a1=\"--defaults-extra-file=/var/lib/mysql/.my-healthcheck.cnf\" a2=\"--protocol\" a3=\"socket\" a4=\"-B\" a5=\"--skip-column-names\" a6=\"-e\" a7=73656C656374204040736B69705F6E6574776F726B696E67"}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865567.901:21709936): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865567.901:21709936): arch=c000003e syscall=59 success=yes exit=0 a0=65443ff35fe0 a1=65443ff57810 a2=65443ff364a0 a3=8 items=2 ppid=2181954 pid=2181979 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"mariadb\" exe=\"/usr/bin/mariadb\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865567.892:21709935): proctitle=2F62696E2F62617368002F7573722F6C6F63616C2F62696E2F6865616C7468636865636B2E7368002D2D636F6E6E656374002D2D696E6E6F64625F696E697469616C697A6564"}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865567.892:21709935): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:48 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865567.892:21709935): item=1 name=\"/bin/bash\" inode=6963796 dev=00:48 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865567.892:21709935): item=0 name=\"/usr/local/bin/healthcheck.sh\" inode=7348502 dev=00:48 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865567.892:21709935): cwd=\"/\""}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865567.892:21709935): argc=4 a0=\"/bin/bash\" a1=\"/usr/local/bin/healthcheck.sh\" a2=\"--connect\" a3=\"--innodb_initialized\""}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865567.892:21709935): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865567.892:21709935): arch=c000003e syscall=59 success=yes exit=0 a0=c000028760 a1=c000022660 a2=c0000de320 a3=0 items=3 ppid=2181942 pid=2181954 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"healthcheck.sh\" exe=\"/usr/bin/bash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865567.883:21709934): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865567.883:21709934): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865567.883:21709934): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:231 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865567.883:21709934): cwd=\"/var/lib/docker/rootfs/overlayfs/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748\""}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865567.883:21709934): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865567.883:21709934): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3840 a1=c0001f7338 a2=c0001f9c00 a3=0 items=2 ppid=2181960 pid=2181969 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865567.868:21709933): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F30613638333732643666643238323031363834626539383237"}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865567.868:21709933): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865567.868:21709933): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865567.868:21709933): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748\""}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865567.868:21709933): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process326891800\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748/306e4ed160c5ca027138a1e8064b1517d8498d13c19c661885776dcc732f1b03.pid\" a14=\"0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748\""}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865567.868:21709933): arch=c000003e syscall=59 success=yes exit=0 a0=c0003c7190 a1=c0001e4c80 a2=c0001e5180 a3=0 items=2 ppid=3830339 pid=2181960 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865567.834:21709932): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865567.834:21709932): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865567.834:21709932): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865567.834:21709932): cwd=\"/var/lib/docker/rootfs/overlayfs/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865567.834:21709932): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865567.834:21709932): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5890 a1=c0001c9350 a2=c0001cbc40 a3=0 items=2 ppid=2181942 pid=2181951 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865567.819:21709931): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F37656465303139653363623065383839303138636162386266"}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865567.819:21709931): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865567.819:21709931): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865567.819:21709931): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865567.819:21709931): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process356445405\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7/76ae7bee8fb45b82e91c0a49182322bc28773eeb7612e3c8cf113ab51ddc9212.pid\" a14=\"7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865567.819:21709931): arch=c000003e syscall=59 success=yes exit=0 a0=c0004a79d0 a1=c0001d3880 a2=c0001d3900 a3=0 items=2 ppid=4533 pid=2181942 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865567.710:21709930): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865567.710:21709930): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6694357 dev=00:72 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865567.710:21709930): item=0 name=\"/usr/local/bin/redis-cli\" inode=6703632 dev=00:72 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865567.710:21709930): cwd=\"/data\""}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865567.710:21709930): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865567.710:21709930): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865567.710:21709930): arch=c000003e syscall=59 success=yes exit=0 a0=c0000289a0 a1=c0000d5350 a2=c0000dd1c0 a3=0 items=2 ppid=4127 pid=2181936 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865567.674:21709929): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865567.674:21709929): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865567.674:21709929): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865567.674:21709929): cwd=\"/var/lib/docker/rootfs/overlayfs/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865567.674:21709929): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865567.674:21709929): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b830 a1=c00017f338 a2=c000181c00 a3=0 items=2 ppid=2181924 pid=2181933 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865567.659:21709928): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F34383062353761303034306362373564646534356436663664"}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865567.659:21709928): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865567.659:21709928): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865567.659:21709928): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865567.659:21709928): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1500800942\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af/1075a488f3b27a9112975e185c99a596a40f2cf7b9487b00876cca967fde43dd.pid\" a14=\"480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865567.659:21709928): arch=c000003e syscall=59 success=yes exit=0 a0=c00051d750 a1=c0004b2c00 a2=c0004b2c80 a3=0 items=2 ppid=4127 pid=2181924 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865566.676:21709927): proctitle=2F62696E2F7368002D630070675F69737265616479202D552077696E646D696C6C5F75736572202D642077696E646D696C6C5F6462"}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865566.676:21709927): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:bb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865566.676:21709927): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:bb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865566.676:21709927): cwd=\"/\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865566.676:21709927): argc=5 a0=\"pg_isready\" a1=\"-U\" a2=\"windmill_user\" a3=\"-d\" a4=\"windmill_db\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865566.676:21709927): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865566.676:21709927): arch=c000003e syscall=59 success=yes exit=0 a0=74d693e5b3f8 a1=74d693e5b290 a2=74d693e5b378 a3=0 items=2 ppid=2004556 pid=2181915 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865566.672:21709926): proctitle=2F62696E2F7368002D630070675F69737265616479202D552077696E646D696C6C5F75736572202D642077696E646D696C6C5F6462"}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865566.672:21709926): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:bb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865566.672:21709926): item=0 name=\"/bin/sh\" inode=8589166 dev=00:bb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865566.672:21709926): cwd=\"/\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865566.672:21709926): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552077696E646D696C6C5F75736572202D642077696E646D696C6C5F6462"}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865566.672:21709926): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865566.672:21709926): arch=c000003e syscall=59 success=yes exit=0 a0=c0000fcf68 a1=c000022680 a2=c0001588c0 a3=0 items=2 ppid=2004556 pid=2181915 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865566.628:21709925): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865566.628:21709925): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865566.628:21709925): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:231 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865566.628:21709925): cwd=\"/var/lib/docker/rootfs/overlayfs/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865566.628:21709925): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865566.628:21709925): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3850 a1=c0001f7338 a2=c0001f9c40 a3=0 items=2 ppid=2181902 pid=2181911 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865566.611:21709924): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F32613336356335636263646565393463656638656238333338"}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865566.611:21709924): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865566.611:21709924): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865566.611:21709924): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865566.611:21709924): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3468529489\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c/9e7c14ce72e334ebab47bb0256b73d4f44703acd381bfa6e64af133148619406.pid\" a14=\"2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865566.611:21709924): arch=c000003e syscall=59 success=yes exit=0 a0=c000435be0 a1=c00032e480 a2=c00032e500 a3=0 items=2 ppid=2004556 pid=2181902 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865566.598:21709923): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865566.598:21709923): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865566.598:21709923): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865566.598:21709923): cwd=\"/var/lib/docker/rootfs/overlayfs/531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865566.598:21709923): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865566.598:21709923): arch=c000003e syscall=59 success=yes exit=0 a0=c0002458c0 a1=c000249350 a2=c00024bc80 a3=0 items=2 ppid=2181883 pid=2181892 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865566.583:21709922): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F35333161623839363863653834346231386230623365626166"}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865566.583:21709922): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865566.583:21709922): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865566.583:21709922): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865566.583:21709922): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process823193055\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50/fa97ef8f4a174717aa9191c911db369a96ad5163773069a230bb46328fc17a49.pid\" a14=\"531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865566.583:21709922): arch=c000003e syscall=59 success=yes exit=0 a0=c000407970 a1=c000326d80 a2=c000326e00 a3=0 items=2 ppid=3195716 pid=2181883 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865566.259:21709921): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865566.259:21709921): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:50 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865566.259:21709921): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:50 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865566.259:21709921): cwd=\"/\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865566.259:21709921): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"postgres\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865566.259:21709921): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865566.259:21709921): arch=c000003e syscall=59 success=yes exit=0 a0=7ffb930cf288 a1=7ffb930cf1e8 a2=7ffb930cf208 a3=0 items=2 ppid=4396 pid=2181871 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865566.256:21709920): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865566.256:21709920): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:50 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865566.256:21709920): item=0 name=\"/bin/sh\" inode=8589166 dev=00:50 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865566.256:21709920): cwd=\"/\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865566.256:21709920): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865566.256:21709920): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865566.256:21709920): arch=c000003e syscall=59 success=yes exit=0 a0=c000194f78 a1=c000022680 a2=c0000d88c0 a3=0 items=2 ppid=2181857 pid=2181871 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865566.227:21709919): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520646F63757365616C"}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865566.227:21709919): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:32 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865566.227:21709919): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:32 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865566.227:21709919): cwd=\"/\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865566.227:21709919): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"docuseal\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865566.227:21709919): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865566.227:21709919): arch=c000003e syscall=59 success=yes exit=0 a0=703a6856b288 a1=703a6856b1e8 a2=703a6856b208 a3=0 items=2 ppid=3467 pid=2181851 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865566.223:21709918): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520646F63757365616C"}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865566.223:21709918): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:32 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865566.223:21709918): item=0 name=\"/bin/sh\" inode=8589166 dev=00:32 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865566.223:21709918): cwd=\"/\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865566.223:21709918): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520646F63757365616C"}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865566.223:21709918): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865566.223:21709918): arch=c000003e syscall=59 success=yes exit=0 a0=c00018af38 a1=c000022ac0 a2=c0001348c0 a3=0 items=2 ppid=2181838 pid=2181851 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865566.205:21709917): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865566.205:21709917): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865566.205:21709917): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:231 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865566.205:21709917): cwd=\"/var/lib/docker/rootfs/overlayfs/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865566.205:21709917): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865566.205:21709917): arch=c000003e syscall=59 success=yes exit=0 a0=c0001cd8a0 a1=c0001d1350 a2=c0001d3c40 a3=0 items=2 ppid=2181857 pid=2181867 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865566.189:21709916): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36373039376639343730643235616536323333306332373865"}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865566.189:21709916): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865566.189:21709916): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865566.189:21709916): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865566.189:21709916): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3996561844\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41/ecfe238b1b4607680243e49b8d50b1b6cc397951ecf2d60ca37e302e67ca3aca.pid\" a14=\"67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865566.189:21709916): arch=c000003e syscall=59 success=yes exit=0 a0=c00055b6f0 a1=c000331580 a2=c000331600 a3=0 items=2 ppid=4396 pid=2181857 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865566.177:21709915): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865566.177:21709915): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865566.177:21709915): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865566.177:21709915): cwd=\"/var/lib/docker/rootfs/overlayfs/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865566.177:21709915): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865566.177:21709915): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5890 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=2181838 pid=2181848 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865566.163:21709914): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F33363066643730616536656237636435653039353463653966"}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865566.163:21709914): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865566.163:21709914): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865566.163:21709914): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865566.163:21709914): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process97870575\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a/ea5644e93cd79866ad9db96e477fe55d66ae3b336070d16fe46b60e268b9ea88.pid\" a14=\"360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a\""}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865566.163:21709914): arch=c000003e syscall=59 success=yes exit=0 a0=c00040b1f0 a1=c0002b4e00 a2=c0002b4e80 a3=0 items=2 ppid=3467 pid=2181838 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865565.828:21709913): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-04-10T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865565.828:21709913): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6694357 dev=00:45 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865565.828:21709913): item=0 name=\"/usr/local/bin/redis-cli\" inode=6703632 dev=00:45 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865565.828:21709913): cwd=\"/data\""}
{"ts": "2026-04-10T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865565.828:21709913): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-04-10T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865565.828:21709913): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865565.828:21709913): arch=c000003e syscall=59 success=yes exit=0 a0=c0000289a0 a1=c0000d5350 a2=c0000dd1c0 a3=0 items=2 ppid=2181820 pid=2181832 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865565.779:21709912): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865565.779:21709912): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865565.779:21709912): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865565.779:21709912): cwd=\"/var/lib/docker/rootfs/overlayfs/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d\""}
{"ts": "2026-04-10T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865565.779:21709912): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865565.779:21709912): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3830 a1=c0001f7338 a2=c0001f9c00 a3=0 items=2 ppid=2181820 pid=2181829 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865565.764:21709911): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F34636330343638363065393965643463653631636334663763"}
{"ts": "2026-04-10T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865565.764:21709911): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865565.764:21709911): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865565.764:21709911): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d\""}
{"ts": "2026-04-10T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865565.764:21709911): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process797425916\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d/a392f4e6c9d45c64a9ef7181b10349d71f4a1204bd0c65be9cb6d32522445cd4.pid\" a14=\"4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d\""}
{"ts": "2026-04-10T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865565.764:21709911): arch=c000003e syscall=59 success=yes exit=0 a0=c00053b860 a1=c0002eed00 a2=c0002ef200 a3=0 items=2 ppid=3439 pid=2181820 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865565.469:21709910): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520617065785F75736572202D6420617065785F6462"}
{"ts": "2026-04-10T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865565.469:21709910): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:117 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865565.469:21709910): item=0 name=\"/usr/local/bin/pg_isready\" inode=6091069 dev=00:117 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865565.469:21709910): cwd=\"/\""}
{"ts": "2026-04-10T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865565.469:21709910): argc=5 a0=\"pg_isready\" a1=\"-U\" a2=\"apex_user\" a3=\"-d\" a4=\"apex_db\""}
{"ts": "2026-04-10T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865565.469:21709910): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865565.469:21709910): arch=c000003e syscall=59 success=yes exit=0 a0=7dbabb5753f8 a1=7dbabb575278 a2=7dbabb575378 a3=0 items=2 ppid=2004566 pid=2181813 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865565.465:21709909): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520617065785F75736572202D6420617065785F6462"}
{"ts": "2026-04-10T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865565.465:21709909): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:117 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865565.465:21709909): item=0 name=\"/bin/sh\" inode=3454556 dev=00:117 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865565.465:21709909): cwd=\"/\""}
{"ts": "2026-04-10T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865565.465:21709909): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520617065785F75736572202D6420617065785F6462"}
{"ts": "2026-04-10T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865565.465:21709909): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865565.465:21709909): arch=c000003e syscall=59 success=yes exit=0 a0=c00018af38 a1=c000022ac0 a2=c0001348c0 a3=0 items=2 ppid=2181801 pid=2181813 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865565.425:21709908): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865565.425:21709908): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865565.425:21709908): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865565.425:21709908): cwd=\"/var/lib/docker/rootfs/overlayfs/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83\""}
{"ts": "2026-04-10T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865565.425:21709908): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865565.425:21709908): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c58a0 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=2181801 pid=2181810 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865565.411:21709907): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F63316638663937643533353936653936373532306466353366"}
{"ts": "2026-04-10T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865565.411:21709907): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865565.411:21709907): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865565.411:21709907): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83\""}
{"ts": "2026-04-10T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865565.411:21709907): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process4248408428\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83/18059173646b97e5f0a035d2e877b526825e15f9d64a50c0c51df08c3c0cc918.pid\" a14=\"c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83\""}
{"ts": "2026-04-10T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865565.411:21709907): arch=c000003e syscall=59 success=yes exit=0 a0=c000447a70 a1=c0002ac680 a2=c0002ac700 a3=0 items=2 ppid=2004566 pid=2181801 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865564.587:21709906): proctitle=62617368002D63006563686F203E202F6465762F7463702F3132372E302E302E312F3132333435"}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865564.587:21709906): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6953729 dev=00:a3 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865564.587:21709906): item=0 name=\"/usr/bin/bash\" inode=6837495 dev=00:a3 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865564.587:21709906): cwd=\"/\""}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865564.587:21709906): argc=3 a0=\"bash\" a1=\"-c\" a2=6563686F203E202F6465762F7463702F3132372E302E302E312F3132333435"}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865564.587:21709906): arch=c000003e syscall=59 success=yes exit=0 a0=62f40e3ab610 a1=62f40e3ab5c0 a2=62f40e3ab5e0 a3=8 items=2 ppid=2181793 pid=2181799 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"bash\" exe=\"/usr/bin/bash\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865564.582:21709905): proctitle=2F62696E2F7368002D630062617368202D6320276563686F203E202F6465762F7463702F3132372E302E302E312F313233343527"}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865564.582:21709905): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6953729 dev=00:a3 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865564.582:21709905): item=0 name=\"/bin/sh\" inode=6838254 dev=00:a3 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865564.582:21709905): cwd=\"/\""}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865564.582:21709905): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=62617368202D6320276563686F203E202F6465762F7463702F3132372E302E302E312F313233343527"}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865564.582:21709905): arch=c000003e syscall=59 success=yes exit=0 a0=c00016de38 a1=c0000224c0 a2=c000165500 a3=0 items=2 ppid=2181781 pid=2181793 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/usr/bin/dash\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865564.563:21709904): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865564.563:21709904): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865564.563:21709904): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865564.563:21709904): cwd=\"/var/lib/docker/rootfs/overlayfs/704f47db7340fbf202e52c09aed8fcab63894411801fa550e7c197945447cbcc\""}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865564.563:21709904): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865564.563:21709904): arch=c000003e syscall=59 success=yes exit=0 a0=c00017bba0 a1=c0000a7038 a2=c0000b7c00 a3=0 items=2 ppid=2181781 pid=2181790 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865564.547:21709903): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F37303466343764623733343066626632303265353263303961"}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865564.547:21709903): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865564.547:21709903): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865564.547:21709903): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/704f47db7340fbf202e52c09aed8fcab63894411801fa550e7c197945447cbcc\""}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865564.547:21709903): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/704f47db7340fbf202e52c09aed8fcab63894411801fa550e7c197945447cbcc/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3160847594\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/704f47db7340fbf202e52c09aed8fcab63894411801fa550e7c197945447cbcc/65637f7b8b065f4ee88b3c6fc688ab0356c858318b787273e5182a3d62887236.pid\" a14=\"704f47db7340fbf202e52c09aed8fcab63894411801fa550e7c197945447cbcc\""}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865564.547:21709903): arch=c000003e syscall=59 success=yes exit=0 a0=c00017ae80 a1=c00013ac00 a2=c00013ac80 a3=0 items=2 ppid=5299 pid=2181781 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865564.456:21709902): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520666F7267656A6F"}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865564.456:21709902): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:5a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865564.456:21709902): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:5a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865564.456:21709902): cwd=\"/\""}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865564.456:21709902): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"forgejo\""}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865564.456:21709902): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865564.456:21709902): arch=c000003e syscall=59 success=yes exit=0 a0=7b8fbbf0c278 a1=7b8fbbf0c1d8 a2=7b8fbbf0c1f8 a3=8080808080808080 items=2 ppid=4460 pid=2181773 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865564.453:21709901): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520666F7267656A6F"}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865564.453:21709901): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:5a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865564.453:21709901): item=0 name=\"/bin/sh\" inode=8589166 dev=00:5a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865564.453:21709901): cwd=\"/\""}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865564.453:21709901): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520666F7267656A6F"}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865564.453:21709901): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865564.453:21709901): arch=c000003e syscall=59 success=yes exit=0 a0=c00019ef68 a1=c000022680 a2=c0000d88c0 a3=0 items=2 ppid=2181760 pid=2181773 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865564.410:21709900): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865564.410:21709900): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865564.410:21709900): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865564.410:21709900): cwd=\"/var/lib/docker/rootfs/overlayfs/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251\""}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865564.410:21709900): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865564.410:21709900): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3840 a1=c0001f7338 a2=c0001f9c40 a3=0 items=2 ppid=2181760 pid=2181769 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865564.395:21709899): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F32636464336430383963393436373631633432633763666334"}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865564.395:21709899): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865564.395:21709899): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865564.395:21709899): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251\""}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865564.395:21709899): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3072358057\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251/5ea053d57a281c9b037d7a8215a9b62bea76cbb82cfc74058a11c72500b271dd.pid\" a14=\"2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251\""}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865564.395:21709899): arch=c000003e syscall=59 success=yes exit=0 a0=c00055c960 a1=c00056e080 a2=c00056e100 a3=0 items=2 ppid=4460 pid=2181760 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865564.172:21709898): proctitle=6E6F6465002D65007265717569726528276874747027292E6765742827687474703A2F2F27202B207265717569726528276F7327292E686F73746E616D652829202B20273A333030302F272C2072203D3E2070726F636573732E657869742828722E737461747573436F6465203D3D3D20323030207C7C20722E737461747573"}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865564.172:21709898): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6834212 dev=00:82 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865564.172:21709898): item=0 name=\"/usr/local/bin/node\" inode=6881221 dev=00:82 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865564.172:21709898): cwd=\"/app\""}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865564.172:21709898): argc=3 a0=\"node\" a1=\"-e\" a2=7265717569726528276874747027292E6765742827687474703A2F2F27202B207265717569726528276F7327292E686F73746E616D652829202B20273A333030302F272C2072203D3E2070726F636573732E657869742828722E737461747573436F6465203D3D3D20323030207C7C20722E737461747573436F6465203D3D3D2033303729203F2030203A203129292E6F6E28276572726F72272C202829203D3E2070726F636573732E6578697428312929"}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865564.172:21709898): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865564.172:21709898): arch=c000003e syscall=59 success=yes exit=0 a0=5af1a4ed6c68 a1=5af1a4ed68f8 a2=5af1a4ed6ba8 a3=8 items=2 ppid=2181741 pid=2181747 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"node\" exe=\"/usr/local/bin/node\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865564.168:21709897): proctitle=2F62696E2F7368002D63006E6F6465202D6520227265717569726528276874747027292E6765742827687474703A2F2F27202B207265717569726528276F7327292E686F73746E616D652829202B20273A333030302F272C2072203D3E2070726F636573732E657869742828722E737461747573436F6465203D3D3D20323030"}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865564.168:21709897): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6834212 dev=00:82 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865564.168:21709897): item=0 name=\"/bin/sh\" inode=6832457 dev=00:82 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865564.168:21709897): cwd=\"/app\""}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865564.168:21709897): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=6E6F6465202D6520227265717569726528276874747027292E6765742827687474703A2F2F27202B207265717569726528276F7327292E686F73746E616D652829202B20273A333030302F272C2072203D3E2070726F636573732E657869742828722E737461747573436F6465203D3D3D20323030207C7C20722E737461747573436F6465203D3D3D2033303729203F2030203A203129292E6F6E28276572726F72272C202829203D3E2070726F636573732E657869742831292922"}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865564.168:21709897): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865564.168:21709897): arch=c000003e syscall=59 success=yes exit=0 a0=c000198f08 a1=c000022680 a2=c0000c4240 a3=0 items=2 ppid=2181729 pid=2181741 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865564.121:21709896): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865564.121:21709896): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865564.121:21709896): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865564.121:21709896): cwd=\"/var/lib/docker/rootfs/overlayfs/62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638\""}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865564.121:21709896): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865564.121:21709896): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c58b0 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=2181729 pid=2181738 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865564.106:21709895): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36326666313836633935353866356138376238373161616432"}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865564.106:21709895): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865564.106:21709895): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865564.106:21709895): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638\""}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865564.106:21709895): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3827215261\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638/78ccec967283e2f0c3502249e55c41a33c5fb3173462d0737627e741db35f2bf.pid\" a14=\"62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638\""}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865564.106:21709895): arch=c000003e syscall=59 success=yes exit=0 a0=c00033b850 a1=c00017fa00 a2=c00017fa80 a3=0 items=2 ppid=3827 pid=2181729 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.767:21709894): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.767:21709894): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.767:21709894): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.767:21709894): cwd=\"/var/lib/docker/rootfs/overlayfs/59582f7591559088714ccdef6fbea6ce773505523dcc785ab3c861f1c9a990ae\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865563.767:21709894): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.767:21709894): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5870 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=2181710 pid=2181719 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.752:21709893): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F35393538326637353931353539303838373134636364656636"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.752:21709893): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.752:21709893): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.752:21709893): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/59582f7591559088714ccdef6fbea6ce773505523dcc785ab3c861f1c9a990ae\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865563.752:21709893): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/59582f7591559088714ccdef6fbea6ce773505523dcc785ab3c861f1c9a990ae/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2301353908\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/59582f7591559088714ccdef6fbea6ce773505523dcc785ab3c861f1c9a990ae/8142c5b855fc6904df1031d3e94169362066f4d04f83049d3beb207fd181f018.pid\" a14=\"59582f7591559088714ccdef6fbea6ce773505523dcc785ab3c861f1c9a990ae\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.752:21709893): arch=c000003e syscall=59 success=yes exit=0 a0=c0002a9340 a1=c0002ee580 a2=c0002ee600 a3=0 items=2 ppid=3833039 pid=2181710 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.700:21709892): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.700:21709892): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:120 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.700:21709892): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:120 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.700:21709892): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865563.700:21709892): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865563.700:21709892): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.700:21709892): arch=c000003e syscall=59 success=yes exit=0 a0=7de3f471ed60 a1=7de321801800 a2=634e07c84a40 a3=8 items=2 ppid=13318 pid=2181709 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.700:21709891): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.700:21709891): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.700:21709891): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.700:21709891): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de321801800 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2181709 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.700:21709890): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.700:21709890): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.700:21709890): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.700:21709890): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de321801800 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2181709 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.700:21709889): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.700:21709889): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.700:21709889): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.700:21709889): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de321801800 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2181709 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.699:21709888): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.699:21709888): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.699:21709888): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.699:21709888): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de321801800 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2181709 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.699:21709887): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.699:21709887): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.699:21709887): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.699:21709887): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de321801800 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2181709 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.699:21709886): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.699:21709886): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.699:21709886): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.699:21709886): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de321801800 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2181709 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.697:21709885): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.697:21709885): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:120 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.697:21709885): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:120 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.697:21709885): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865563.697:21709885): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865563.697:21709885): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.697:21709885): arch=c000003e syscall=59 success=yes exit=0 a0=7de3f471ed60 a1=7de3218017c0 a2=634e07c84a40 a3=8 items=2 ppid=13318 pid=2181708 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.697:21709884): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.697:21709884): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.697:21709884): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.697:21709884): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3218017c0 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2181708 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.697:21709883): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.697:21709883): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.697:21709883): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.697:21709883): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3218017c0 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2181708 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.697:21709882): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.697:21709882): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.697:21709882): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.697:21709882): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3218017c0 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2181708 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.696:21709881): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.696:21709881): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.696:21709881): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.696:21709881): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3218017c0 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2181708 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.696:21709880): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.696:21709880): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.696:21709880): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.696:21709880): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3218017c0 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2181708 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.696:21709879): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.696:21709879): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.696:21709879): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.696:21709879): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3218017c0 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2181708 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.693:21709878): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.693:21709878): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:120 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.693:21709878): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:120 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.693:21709878): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865563.693:21709878): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865563.693:21709878): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.693:21709878): arch=c000003e syscall=59 success=yes exit=0 a0=7de3f471ed60 a1=7de3ad035be0 a2=634e07c84a40 a3=8 items=2 ppid=13318 pid=2181707 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.693:21709877): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.693:21709877): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.693:21709877): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.693:21709877): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad035be0 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2181707 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.693:21709876): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.693:21709876): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.693:21709876): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.693:21709876): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad035be0 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2181707 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.693:21709875): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.693:21709875): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.693:21709875): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.693:21709875): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad035be0 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2181707 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.693:21709874): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.693:21709874): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.693:21709874): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.693:21709874): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad035be0 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2181707 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.693:21709873): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.693:21709873): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.693:21709873): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.693:21709873): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad035be0 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2181707 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.693:21709872): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.693:21709872): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.693:21709872): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.693:21709872): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad035be0 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2181707 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.490:21709871): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.490:21709871): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.490:21709871): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:231 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.490:21709871): cwd=\"/var/lib/docker/rootfs/overlayfs/04efabc7efa1ef0696fc1ddf37374caf6f847fbace13975d2e988fdae156939e\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865563.490:21709871): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.490:21709871): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5870 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=2181685 pid=2181694 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.475:21709870): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F30346566616263376566613165663036393666633164646633"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.475:21709870): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.475:21709870): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.475:21709870): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/04efabc7efa1ef0696fc1ddf37374caf6f847fbace13975d2e988fdae156939e\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865563.475:21709870): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/04efabc7efa1ef0696fc1ddf37374caf6f847fbace13975d2e988fdae156939e/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process4265347635\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/04efabc7efa1ef0696fc1ddf37374caf6f847fbace13975d2e988fdae156939e/ecc66c1438ca9eca740d60d2e6d95ae1929ccbf44e32239e6a76a0238da1b0f4.pid\" a14=\"04efabc7efa1ef0696fc1ddf37374caf6f847fbace13975d2e988fdae156939e\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.475:21709870): arch=c000003e syscall=59 success=yes exit=0 a0=c0002315f0 a1=c000322500 a2=c000322580 a3=0 items=2 ppid=5453 pid=2181685 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.456:21709869): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.456:21709869): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.456:21709869): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.456:21709869): cwd=\"/var/lib/docker/rootfs/overlayfs/d8657209894f56f3640212d72fbd7b3cd015708249d96b584cbbea09abc6e165\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865563.456:21709869): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.456:21709869): arch=c000003e syscall=59 success=yes exit=0 a0=c0001cd880 a1=c0001d1350 a2=c0001d3c80 a3=0 items=2 ppid=2181666 pid=2181675 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.441:21709868): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F64383635373230393839346635366633363430323132643732"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.441:21709868): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.441:21709868): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.441:21709868): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/d8657209894f56f3640212d72fbd7b3cd015708249d96b584cbbea09abc6e165\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865563.441:21709868): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/d8657209894f56f3640212d72fbd7b3cd015708249d96b584cbbea09abc6e165/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process4087898550\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/d8657209894f56f3640212d72fbd7b3cd015708249d96b584cbbea09abc6e165/29db5a5364626714b7a3c6d60a8e4c0fab09f9813d4fbb5b0665c37f24172dbb.pid\" a14=\"d8657209894f56f3640212d72fbd7b3cd015708249d96b584cbbea09abc6e165\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.441:21709868): arch=c000003e syscall=59 success=yes exit=0 a0=c0002b4920 a1=c0000c9c80 a2=c0000c9d00 a3=0 items=2 ppid=3831998 pid=2181666 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.439:21709867): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.439:21709867): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:102 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.439:21709867): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:102 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.439:21709867): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865563.439:21709867): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865563.439:21709867): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.439:21709867): arch=c000003e syscall=59 success=yes exit=0 a0=7e8ad4131d60 a1=7e8ac6e04360 a2=618bc9213650 a3=8 items=2 ppid=1943853 pid=2181665 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.438:21709866): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.438:21709866): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.438:21709866): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.438:21709866): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04360 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2181665 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.438:21709865): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.438:21709865): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.438:21709865): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.438:21709865): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04360 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2181665 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.438:21709864): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.438:21709864): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.438:21709864): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.438:21709864): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04360 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2181665 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.438:21709863): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.438:21709863): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.438:21709863): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.438:21709863): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04360 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2181665 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.438:21709862): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.438:21709862): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.438:21709862): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.438:21709862): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04360 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2181665 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.438:21709861): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.438:21709861): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.438:21709861): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.438:21709861): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04360 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2181665 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.435:21709860): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.435:21709860): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:102 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.435:21709860): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:102 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.435:21709860): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865563.435:21709860): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865563.435:21709860): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.435:21709860): arch=c000003e syscall=59 success=yes exit=0 a0=7e8ad4131d60 a1=7e8ac6e04da0 a2=618bc9213650 a3=8 items=2 ppid=1943853 pid=2181664 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.435:21709859): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.435:21709859): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.435:21709859): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.435:21709859): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04da0 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2181664 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.435:21709858): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.435:21709858): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.435:21709858): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.435:21709858): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04da0 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2181664 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.435:21709857): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.435:21709857): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.435:21709857): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.435:21709857): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04da0 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2181664 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.435:21709856): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.435:21709856): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.435:21709856): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.435:21709856): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04da0 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2181664 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.435:21709855): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.435:21709855): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.435:21709855): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.435:21709855): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04da0 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2181664 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.435:21709854): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.435:21709854): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.435:21709854): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.435:21709854): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04da0 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2181664 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.432:21709853): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.432:21709853): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:102 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.432:21709853): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:102 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.432:21709853): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865563.432:21709853): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865563.432:21709853): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.432:21709853): arch=c000003e syscall=59 success=yes exit=0 a0=7e8ad4131d60 a1=7e8ac6e04d80 a2=618bc9213650 a3=8 items=2 ppid=1943853 pid=2181663 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.432:21709852): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.432:21709852): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.432:21709852): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.432:21709852): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04d80 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2181663 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.432:21709851): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.432:21709851): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.432:21709851): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.432:21709851): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04d80 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2181663 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.432:21709850): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.432:21709850): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.432:21709850): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.432:21709850): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04d80 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2181663 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.431:21709849): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.431:21709849): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.431:21709849): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.431:21709849): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04d80 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2181663 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.431:21709848): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.431:21709848): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.431:21709848): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.431:21709848): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04d80 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2181663 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.431:21709847): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.431:21709847): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.431:21709847): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.431:21709847): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04d80 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2181663 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.409:21709846): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550070726F6D6574686575735F61646D696E002D640070726F6D6574686575735F61646D696E"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.409:21709846): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=5581428 dev=00:a7 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.409:21709846): item=0 name=\"/usr/lib/postgresql/17/bin/pg_isready\" inode=5809487 dev=00:a7 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.409:21709846): cwd=\"/\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865563.409:21709846): argc=5 a0=\"/usr/lib/postgresql/17/bin/pg_isready\" a1=\"-U\" a2=\"prometheus_admin\" a3=\"-d\" a4=\"prometheus_admin\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865563.409:21709846): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.409:21709846): arch=c000003e syscall=59 success=yes exit=0 a0=5d04f470c6a0 a1=5d04f4aa1d00 a2=5d04f4705970 a3=7c35795c5e70 items=2 ppid=2181655 pid=2181661 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/lib/postgresql/17/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.363:21709845): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550070726F6D6574686575735F61646D696E002D640070726F6D6574686575735F61646D696E"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.363:21709845): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=5581428 dev=00:a7 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.363:21709845): item=1 name=\"/usr/bin/perl\" inode=5580916 dev=00:a7 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.363:21709845): item=0 name=\"/usr/bin/pg_isready\" inode=5823482 dev=00:a7 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.363:21709845): cwd=\"/\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865563.363:21709845): argc=6 a0=\"/usr/bin/perl\" a1=\"/usr/bin/pg_isready\" a2=\"-U\" a3=\"prometheus_admin\" a4=\"-d\" a5=\"prometheus_admin\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865563.363:21709845): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.363:21709845): arch=c000003e syscall=59 success=yes exit=0 a0=56949cd43678 a1=56949cd435e0 a2=56949cd43610 a3=8 items=3 ppid=2181655 pid=2181661 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/bin/perl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.359:21709844): proctitle=2F62696E2F7368002D630070675F69737265616479202D552070726F6D6574686575735F61646D696E202D642070726F6D6574686575735F61646D696E"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.359:21709844): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=5581428 dev=00:a7 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.359:21709844): item=0 name=\"/bin/sh\" inode=5580787 dev=00:a7 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.359:21709844): cwd=\"/\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865563.359:21709844): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552070726F6D6574686575735F61646D696E202D642070726F6D6574686575735F61646D696E"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865563.359:21709844): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.359:21709844): arch=c000003e syscall=59 success=yes exit=0 a0=c000194eb0 a1=c000022680 a2=c000025200 a3=0 items=2 ppid=2181642 pid=2181655 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/usr/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.312:21709843): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.312:21709843): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.312:21709843): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.312:21709843): cwd=\"/var/lib/docker/rootfs/overlayfs/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865563.312:21709843): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.312:21709843): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3830 a1=c0001f7338 a2=c0001f9c40 a3=0 items=2 ppid=2181642 pid=2181652 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.295:21709842): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F39366463666130373439336431613065353531353136646432"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.295:21709842): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.295:21709842): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.295:21709842): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865563.295:21709842): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3032545254\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24/7d1417dfdb28a5b2fc58d64e4a94f62716e69bdb50c5b90a307af4c05830f3bd.pid\" a14=\"96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.295:21709842): arch=c000003e syscall=59 success=yes exit=0 a0=c0005216b0 a1=c00017fb00 a2=c00017fb80 a3=0 items=2 ppid=5382 pid=2181642 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.230:21709841): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.230:21709841): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:d2 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.230:21709841): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:d2 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.230:21709841): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865563.230:21709841): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865563.230:21709841): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.230:21709841): arch=c000003e syscall=59 success=yes exit=0 a0=74bcbc1b9d60 a1=74bc78e8ca80 a2=5f16263f7a40 a3=8 items=2 ppid=12863 pid=2181641 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.230:21709840): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.230:21709840): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.230:21709840): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.230:21709840): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8ca80 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2181641 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.230:21709839): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.230:21709839): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.230:21709839): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.230:21709839): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8ca80 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2181641 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.230:21709838): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.230:21709838): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.230:21709838): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.230:21709838): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8ca80 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2181641 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.230:21709837): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.230:21709837): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.230:21709837): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.230:21709837): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8ca80 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2181641 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.230:21709836): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.230:21709836): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.230:21709836): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.230:21709836): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8ca80 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2181641 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.230:21709835): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.230:21709835): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.230:21709835): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.230:21709835): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8ca80 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2181641 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.226:21709834): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.226:21709834): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:d2 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.226:21709834): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:d2 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.226:21709834): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865563.226:21709834): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865563.226:21709834): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.226:21709834): arch=c000003e syscall=59 success=yes exit=0 a0=74bcbc1b9d60 a1=74bc79e01e60 a2=5f16263f7a40 a3=8 items=2 ppid=12863 pid=2181640 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.226:21709833): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.226:21709833): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.226:21709833): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.226:21709833): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc79e01e60 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2181640 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.226:21709832): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.226:21709832): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.226:21709832): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.226:21709832): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc79e01e60 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2181640 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.226:21709831): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.226:21709831): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.226:21709831): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.226:21709831): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc79e01e60 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2181640 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.226:21709830): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.226:21709830): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.226:21709830): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.226:21709830): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc79e01e60 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2181640 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.226:21709829): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.226:21709829): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.226:21709829): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.226:21709829): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc79e01e60 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2181640 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.226:21709828): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.226:21709828): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.226:21709828): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.226:21709828): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc79e01e60 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2181640 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.223:21709827): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.223:21709827): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:d2 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.223:21709827): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:d2 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.223:21709827): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865563.223:21709827): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865563.223:21709827): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.223:21709827): arch=c000003e syscall=59 success=yes exit=0 a0=74bcbc1b9d60 a1=74bc78e8c620 a2=5f16263f7a40 a3=8 items=2 ppid=12863 pid=2181639 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.223:21709826): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.223:21709826): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.223:21709826): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.223:21709826): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8c620 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2181639 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.223:21709825): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.223:21709825): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.223:21709825): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.223:21709825): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8c620 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2181639 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.223:21709824): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.223:21709824): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.223:21709824): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.223:21709824): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8c620 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2181639 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.223:21709823): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.223:21709823): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.223:21709823): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.223:21709823): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8c620 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2181639 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.223:21709822): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.223:21709822): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.223:21709822): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.223:21709822): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8c620 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2181639 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.222:21709821): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.222:21709821): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.222:21709821): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.222:21709821): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8c620 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2181639 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.120:21709820): proctitle=67726570003A30424238002F70726F632F6E65742F746370"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.120:21709820): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6834212 dev=00:31 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.120:21709820): item=0 name=\"/bin/grep\" inode=6832538 dev=00:31 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.120:21709820): cwd=\"/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865563.120:21709820): argc=3 a0=\"grep\" a1=\":0BB8\" a2=\"/proc/net/tcp\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865563.120:21709820): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.120:21709820): arch=c000003e syscall=59 success=yes exit=0 a0=60698328c758 a1=60696cee8990 a2=60698328c6e8 a3=8 items=2 ppid=2181632 pid=2181638 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"grep\" exe=\"/bin/grep\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.116:21709819): proctitle=2F62696E2F7368002D630067726570203A30424238202F70726F632F6E65742F746370207C7C20657869742031"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.116:21709819): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6834212 dev=00:31 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.116:21709819): item=0 name=\"/bin/sh\" inode=6832457 dev=00:31 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.116:21709819): cwd=\"/app\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865563.116:21709819): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=67726570203A30424238202F70726F632F6E65742F746370207C7C20657869742031"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865563.116:21709819): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.116:21709819): arch=c000003e syscall=59 success=yes exit=0 a0=c00018ceb8 a1=c000022ac0 a2=c0001348c0 a3=0 items=2 ppid=2181619 pid=2181632 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.060:21709818): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.060:21709818): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.060:21709818): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.060:21709818): cwd=\"/var/lib/docker/rootfs/overlayfs/99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865563.060:21709818): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.060:21709818): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3840 a1=c0001f7338 a2=c0001f9c40 a3=0 items=2 ppid=2181619 pid=2181628 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865563.044:21709817): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F39393735326335353431306262366163653365353739303464"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.044:21709817): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865563.044:21709817): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865563.044:21709817): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865563.044:21709817): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1324680284\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2/12749c9d9295c26ffb8a51d101db78aa921f4cddd8423d5a81a98349f4e3226a.pid\" a14=\"99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865563.044:21709817): arch=c000003e syscall=59 success=yes exit=0 a0=c000475f40 a1=c00041c380 a2=c00041c400 a3=0 items=2 ppid=3423 pid=2181619 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865562.986:21709816): proctitle=7067726570002D6600666F7267656A6F2D72756E6E6572"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865562.986:21709816): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6684896 dev=00:3a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865562.986:21709816): item=0 name=\"/usr/bin/pgrep\" inode=6684714 dev=00:3a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865562.986:21709816): cwd=\"/data\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865562.986:21709816): argc=3 a0=\"pgrep\" a1=\"-f\" a2=\"forgejo-runner\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865562.986:21709816): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865562.986:21709816): arch=c000003e syscall=59 success=yes exit=0 a0=c00018cd10 a1=c000022aa0 a2=c0000dd200 a3=0 items=2 ppid=33444 pid=2181613 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pgrep\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865562.937:21709815): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865562.937:21709815): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865562.937:21709815): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865562.937:21709815): cwd=\"/var/lib/docker/rootfs/overlayfs/9d00dc896875eb8becacbaa3ef315bdc1193341f14d07a47fa12198d679b0798\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865562.937:21709815): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865562.937:21709815): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c58a0 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=2181600 pid=2181610 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865562.921:21709814): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F39643030646338393638373565623862656361636261613365"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865562.921:21709814): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865562.921:21709814): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865562.921:21709814): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/9d00dc896875eb8becacbaa3ef315bdc1193341f14d07a47fa12198d679b0798\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865562.921:21709814): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/9d00dc896875eb8becacbaa3ef315bdc1193341f14d07a47fa12198d679b0798/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1246569457\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/9d00dc896875eb8becacbaa3ef315bdc1193341f14d07a47fa12198d679b0798/a66cf8023143424f0d0180222ad1d7f00bd19d6f553083fa54de9f528753f105.pid\" a14=\"9d00dc896875eb8becacbaa3ef315bdc1193341f14d07a47fa12198d679b0798\""}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865562.921:21709814): arch=c000003e syscall=59 success=yes exit=0 a0=c00032f740 a1=c0001ef500 a2=c0001ef580 a3=0 items=2 ppid=33444 pid=2181600 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865562.734:21709813): proctitle=6375726C002D6600687474703A2F2F6C6F63616C686F73743A383030302F6865616C74687A"}
{"ts": "2026-04-10T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865562.734:21709813): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:d2 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865562.734:21709813): item=0 name=\"/usr/bin/curl\" inode=8530521 dev=00:d2 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865562.734:21709813): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865562.734:21709813): argc=3 a0=\"curl\" a1=\"-f\" a2=\"http://localhost:8000/healthz\""}
{"ts": "2026-04-10T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865562.734:21709813): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865562.734:21709813): arch=c000003e syscall=59 success=yes exit=0 a0=c00018cf50 a1=c000022ac0 a2=c000170a20 a3=0 items=2 ppid=2181579 pid=2181594 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"curl\" exe=\"/usr/bin/curl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865562.687:21709812): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865562.687:21709812): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865562.687:21709812): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865562.687:21709812): cwd=\"/var/lib/docker/rootfs/overlayfs/85b545c504cd648e96e62b4ba6066cca7e4a8b207e2cdfa5efa782d8a3e3241b\""}
{"ts": "2026-04-10T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865562.687:21709812): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865562.687:21709812): arch=c000003e syscall=59 success=yes exit=0 a0=c00014d8a0 a1=c000151350 a2=c000153c80 a3=0 items=2 ppid=2181579 pid=2181587 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865562.669:21709811): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F38356235343563353034636436343865393665363262346261"}
{"ts": "2026-04-10T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865562.669:21709811): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865562.669:21709811): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865562.669:21709811): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/85b545c504cd648e96e62b4ba6066cca7e4a8b207e2cdfa5efa782d8a3e3241b\""}
{"ts": "2026-04-10T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865562.669:21709811): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/85b545c504cd648e96e62b4ba6066cca7e4a8b207e2cdfa5efa782d8a3e3241b/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process144367910\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/85b545c504cd648e96e62b4ba6066cca7e4a8b207e2cdfa5efa782d8a3e3241b/a3a4647dec19de7f351b54e3eea8046022fbcedb70cffc975baa5bedba7d7eb3.pid\" a14=\"85b545c504cd648e96e62b4ba6066cca7e4a8b207e2cdfa5efa782d8a3e3241b\""}
{"ts": "2026-04-10T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865562.669:21709811): arch=c000003e syscall=59 success=yes exit=0 a0=c000275260 a1=c0002ee880 a2=c0002ee900 a3=0 items=2 ppid=12647 pid=2181579 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865562.580:21709810): proctitle=77676574002D2D73706964657200687474703A2F2F6C6F63616C686F73743A333130302F7265616479"}
{"ts": "2026-04-10T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865562.580:21709810): item=0 name=\"/busybox/wget\" inode=6701653 dev=00:96 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865562.580:21709810): cwd=\"/\""}
{"ts": "2026-04-10T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865562.580:21709810): argc=3 a0=\"wget\" a1=\"--spider\" a2=\"http://localhost:3100/ready\""}
{"ts": "2026-04-10T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865562.580:21709810): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865562.580:21709810): arch=c000003e syscall=59 success=yes exit=0 a0=c00018ae30 a1=c000022aa0 a2=c0000c59e0 a3=0 items=1 ppid=2181561 pid=2181573 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/busybox/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865562.540:21709809): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865562.540:21709809): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865562.540:21709809): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865562.540:21709809): cwd=\"/var/lib/docker/rootfs/overlayfs/c390a7335ba8d816c119db0362dee085991e5e82d658167c5921656c90a30307\""}
{"ts": "2026-04-10T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865562.540:21709809): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865562.540:21709809): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b850 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=2181561 pid=2181571 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865562.526:21709808): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F63333930613733333562613864383136633131396462303336"}
{"ts": "2026-04-10T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865562.526:21709808): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865562.526:21709808): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865562.526:21709808): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/c390a7335ba8d816c119db0362dee085991e5e82d658167c5921656c90a30307\""}
{"ts": "2026-04-10T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865562.526:21709808): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/c390a7335ba8d816c119db0362dee085991e5e82d658167c5921656c90a30307/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1023785706\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/c390a7335ba8d816c119db0362dee085991e5e82d658167c5921656c90a30307/1608c22962c0ba04cb49e512a1d25811d1fc8cf27a059046ac92ec0397b789d8.pid\" a14=\"c390a7335ba8d816c119db0362dee085991e5e82d658167c5921656c90a30307\""}
{"ts": "2026-04-10T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865562.526:21709808): arch=c000003e syscall=59 success=yes exit=0 a0=c000290ae0 a1=c0002e2980 a2=c0002e2a00 a3=0 items=2 ppid=3818337 pid=2181561 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865560.509:21709807): proctitle=6375726C002D6600687474703A2F2F6C6F63616C686F73743A383434332F6865616C74687A"}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865560.509:21709807): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8277530 dev=00:7a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865560.509:21709807): item=0 name=\"/usr/bin/curl\" inode=8272239 dev=00:7a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865560.509:21709807): cwd=\"/\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865560.509:21709807): argc=3 a0=\"curl\" a1=\"-f\" a2=\"http://localhost:8443/healthz\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865560.509:21709807): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865560.509:21709807): arch=c000003e syscall=59 success=yes exit=0 a0=c0000fcdb0 a1=c000022680 a2=c000194ab0 a3=0 items=2 ppid=2181539 pid=2181552 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"curl\" exe=\"/usr/bin/curl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865560.461:21709806): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865560.461:21709806): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865560.461:21709806): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865560.461:21709806): cwd=\"/var/lib/docker/rootfs/overlayfs/39100183abc56a19c2ae07206cdab399444cf7fa09e4b9d16d02b58b22eb293c\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865560.461:21709806): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865560.461:21709806): arch=c000003e syscall=59 success=yes exit=0 a0=c000245910 a1=c000249350 a2=c00024bc80 a3=0 items=2 ppid=2181539 pid=2181549 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865560.446:21709805): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F33393130303138336162633536613139633261653037323036"}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865560.446:21709805): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865560.446:21709805): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865560.446:21709805): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/39100183abc56a19c2ae07206cdab399444cf7fa09e4b9d16d02b58b22eb293c\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865560.446:21709805): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/39100183abc56a19c2ae07206cdab399444cf7fa09e4b9d16d02b58b22eb293c/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2227942691\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/39100183abc56a19c2ae07206cdab399444cf7fa09e4b9d16d02b58b22eb293c/f61782aa18f802d2d95b7e991838ff6db83507df62dd59ba9db20057ff31214d.pid\" a14=\"39100183abc56a19c2ae07206cdab399444cf7fa09e4b9d16d02b58b22eb293c\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865560.446:21709805): arch=c000003e syscall=59 success=yes exit=0 a0=c000264920 a1=c0000fe800 a2=c0000ff300 a3=0 items=2 ppid=5322 pid=2181539 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865560.419:21709804): proctitle=6A71002D2D7261772D6F7574707574002E737461747573"}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865560.419:21709804): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865560.419:21709804): item=0 name=\"/usr/bin/jq\" inode=7115963 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865560.419:21709804): cwd=\"/app\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865560.419:21709804): argc=3 a0=\"jq\" a1=\"--raw-output\" a2=\".status\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865560.419:21709804): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865560.419:21709804): arch=c000003e syscall=59 success=yes exit=0 a0=5b9fb87249a0 a1=5b9fb8725280 a2=5b9fb8721300 a3=8 items=2 ppid=2181536 pid=2181538 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"jq\" exe=\"/usr/bin/jq\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865560.418:21709803): proctitle=6375726C002D2D73696C656E7400687474703A2F2F3132372E302E302E313A38312F6170692F"}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865560.418:21709803): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865560.418:21709803): item=0 name=\"/usr/bin/curl\" inode=7115848 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865560.418:21709803): cwd=\"/app\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865560.418:21709803): argc=3 a0=\"curl\" a1=\"--silent\" a2=\"http://127.0.0.1:81/api/\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865560.418:21709803): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865560.418:21709803): arch=c000003e syscall=59 success=yes exit=0 a0=5b9fb87249d0 a1=5b9fb87252b0 a2=5b9fb8721300 a3=8 items=2 ppid=2181536 pid=2181537 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"curl\" exe=\"/usr/bin/curl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865560.411:21709802): proctitle=2F62696E2F62617368002F62696E2F636865636B2D6865616C7468"}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865560.411:21709802): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865560.411:21709802): item=1 name=\"/bin/bash\" inode=6954383 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865560.411:21709802): item=0 name=\"/bin/check-health\" inode=8694993 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865560.411:21709802): cwd=\"/app\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865560.411:21709802): argc=2 a0=\"/bin/bash\" a1=\"/bin/check-health\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865560.411:21709802): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865560.411:21709802): arch=c000003e syscall=59 success=yes exit=0 a0=c000027350 a1=c00002a7e0 a2=c0000d0780 a3=0 items=3 ppid=2181516 pid=2181530 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"check-health\" exe=\"/usr/bin/bash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865560.365:21709801): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865560.365:21709801): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865560.365:21709801): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865560.365:21709801): cwd=\"/var/lib/docker/rootfs/overlayfs/3d00cea9d890ac76ec9bbdca47f4d82e83b0a918911a118694314103c0f1ab42\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865560.365:21709801): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865560.365:21709801): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3870 a1=c0001f7338 a2=c0001f9c00 a3=0 items=2 ppid=2181516 pid=2181526 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865560.349:21709800): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F33643030636561396438393061633736656339626264636134"}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865560.349:21709800): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865560.349:21709800): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865560.349:21709800): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/3d00cea9d890ac76ec9bbdca47f4d82e83b0a918911a118694314103c0f1ab42\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865560.349:21709800): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/3d00cea9d890ac76ec9bbdca47f4d82e83b0a918911a118694314103c0f1ab42/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1524496911\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/3d00cea9d890ac76ec9bbdca47f4d82e83b0a918911a118694314103c0f1ab42/7f75cc50b7c4e093ac8efe7bfe6ecc8cc88e863f9a18346dcca8bcb37ec0f88e.pid\" a14=\"3d00cea9d890ac76ec9bbdca47f4d82e83b0a918911a118694314103c0f1ab42\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865560.349:21709800): arch=c000003e syscall=59 success=yes exit=0 a0=c000257e60 a1=c000170900 a2=c000170980 a3=0 items=2 ppid=1163673 pid=2181516 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865560.330:21709799): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865560.330:21709799): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:5b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865560.330:21709799): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:5b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865560.330:21709799): cwd=\"/\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865560.330:21709799): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"postgres\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865560.330:21709799): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865560.330:21709799): arch=c000003e syscall=59 success=yes exit=0 a0=79990db31288 a1=79990db311e8 a2=79990db31208 a3=0 items=2 ppid=5762 pid=2181508 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865560.326:21709798): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865560.326:21709798): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:5b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865560.326:21709798): item=0 name=\"/bin/sh\" inode=8589166 dev=00:5b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865560.326:21709798): cwd=\"/\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865560.326:21709798): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865560.326:21709798): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865560.326:21709798): arch=c000003e syscall=59 success=yes exit=0 a0=c000198f68 a1=c000022680 a2=c0000d88c0 a3=0 items=2 ppid=2181496 pid=2181508 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865560.279:21709797): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865560.279:21709797): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865560.279:21709797): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865560.279:21709797): cwd=\"/var/lib/docker/rootfs/overlayfs/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865560.279:21709797): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865560.279:21709797): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5890 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=2181496 pid=2181506 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865560.264:21709796): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36653065616135386161643139626438656463306639353565"}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865560.264:21709796): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865560.264:21709796): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865560.264:21709796): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865560.264:21709796): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1182041578\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39/3144d7a72f323f24174f29aefbc77a71c059ca176d583e17cb1f180502da8627.pid\" a14=\"6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865560.264:21709796): arch=c000003e syscall=59 success=yes exit=0 a0=c0005de970 a1=c0001dec80 a2=c0001ded00 a3=0 items=2 ppid=5762 pid=2181496 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865559.780:21709795): proctitle=636174002F746D702F66616C636F5F6865616C7468"}
{"ts": "2026-04-10T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865559.780:21709795): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8279763 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865559.780:21709795): item=0 name=\"/bin/cat\" inode=8279592 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865559.780:21709795): cwd=\"/\""}
{"ts": "2026-04-10T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865559.780:21709795): argc=2 a0=\"cat\" a1=\"/tmp/falco_health\""}
{"ts": "2026-04-10T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865559.780:21709795): arch=c000003e syscall=59 success=yes exit=0 a0=61c8a9da5c50 a1=61c8a9da4758 a2=61c8a9da5bb8 a3=4 items=2 ppid=2181489 pid=2181495 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/bin/busybox\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865559.776:21709794): proctitle=2F62696E2F7368002D6300636174202F746D702F66616C636F5F6865616C7468207C7C20657869742030"}
{"ts": "2026-04-10T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865559.776:21709794): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8279763 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865559.776:21709794): item=0 name=\"/bin/sh\" inode=8279592 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865559.776:21709794): cwd=\"/\""}
{"ts": "2026-04-10T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865559.776:21709794): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=636174202F746D702F66616C636F5F6865616C7468207C7C20657869742030"}
{"ts": "2026-04-10T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865559.776:21709794): arch=c000003e syscall=59 success=yes exit=0 a0=c0000ddca8 a1=c000022920 a2=c000170e10 a3=0 items=2 ppid=2181477 pid=2181489 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865559.755:21709793): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865559.755:21709793): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865559.755:21709793): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865559.755:21709793): cwd=\"/var/lib/docker/rootfs/overlayfs/293239633a2ddf31b93206215b8746aa165b26f8930bdc103230de7930321e5e\""}
{"ts": "2026-04-10T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865559.755:21709793): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865559.755:21709793): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5c70 a1=c000011050 a2=c00007bc40 a3=0 items=2 ppid=2181477 pid=2181486 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865559.740:21709792): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F32393332333936333361326464663331623933323036323135"}
{"ts": "2026-04-10T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865559.740:21709792): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865559.740:21709792): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865559.740:21709792): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/293239633a2ddf31b93206215b8746aa165b26f8930bdc103230de7930321e5e\""}
{"ts": "2026-04-10T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865559.740:21709792): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/293239633a2ddf31b93206215b8746aa165b26f8930bdc103230de7930321e5e/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3519661363\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/293239633a2ddf31b93206215b8746aa165b26f8930bdc103230de7930321e5e/d505229997ac8aa6a1f4c463be62fef34b18e7094b56049228074c9ff0142f9d.pid\" a14=\"293239633a2ddf31b93206215b8746aa165b26f8930bdc103230de7930321e5e\""}
{"ts": "2026-04-10T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865559.740:21709792): arch=c000003e syscall=59 success=yes exit=0 a0=c000346400 a1=c0002dc580 a2=c0002dc600 a3=0 items=2 ppid=5318 pid=2181477 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865558.840:21709791): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550067726F777468626F6F6B002D6400706F737467726573"}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865558.840:21709791): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:95 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865558.840:21709791): item=0 name=\"/usr/lib/postgresql/17/bin/pg_isready\" inode=3958125 dev=00:95 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865558.840:21709791): cwd=\"/\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865558.840:21709791): argc=5 a0=\"/usr/lib/postgresql/17/bin/pg_isready\" a1=\"-U\" a2=\"growthbook\" a3=\"-d\" a4=\"postgres\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865558.840:21709791): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865558.840:21709791): arch=c000003e syscall=59 success=yes exit=0 a0=5c4f340bd0b0 a1=5c4f3406d3f0 a2=5c4f33d9c970 a3=750313ef2e70 items=2 ppid=2181446 pid=2181472 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/lib/postgresql/17/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865558.818:21709790): proctitle=2F62696E2F7368002D630070675F69737265616479202D552074797065626F74"}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865558.818:21709790): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865558.818:21709790): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865558.818:21709790): cwd=\"/\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865558.818:21709790): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"typebot\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865558.818:21709790): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865558.818:21709790): arch=c000003e syscall=59 success=yes exit=0 a0=765d151bb278 a1=765d151bb1d8 a2=765d151bb1f8 a3=8080808080808080 items=2 ppid=4511 pid=2181466 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865558.815:21709789): proctitle=2F62696E2F7368002D630070675F69737265616479202D552074797065626F74"}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865558.815:21709789): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865558.815:21709789): item=0 name=\"/bin/sh\" inode=8589166 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865558.815:21709789): cwd=\"/\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865558.815:21709789): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552074797065626F74"}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865558.815:21709789): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865558.815:21709789): arch=c000003e syscall=59 success=yes exit=0 a0=c00018cf38 a1=c000022ac0 a2=c0001348c0 a3=0 items=2 ppid=2181452 pid=2181466 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865558.796:21709788): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550067726F777468626F6F6B002D6400706F737467726573"}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865558.796:21709788): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:95 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865558.796:21709788): item=1 name=\"/usr/bin/perl\" inode=6956288 dev=00:95 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865558.796:21709788): item=0 name=\"/usr/bin/pg_isready\" inode=4211279 dev=00:95 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865558.796:21709788): cwd=\"/\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865558.796:21709788): argc=6 a0=\"/usr/bin/perl\" a1=\"/usr/bin/pg_isready\" a2=\"-U\" a3=\"growthbook\" a4=\"-d\" a5=\"postgres\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865558.796:21709788): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865558.796:21709788): arch=c000003e syscall=59 success=yes exit=0 a0=58e56b231640 a1=58e55d9a39a8 a2=58e56b2315d8 a3=8 items=3 ppid=2181446 pid=2181472 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/bin/perl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865558.792:21709787): proctitle=2F62696E2F7368002D630070675F69737265616479202D552067726F777468626F6F6B202D6420706F737467726573"}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865558.792:21709787): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:95 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865558.792:21709787): item=0 name=\"/bin/sh\" inode=6954646 dev=00:95 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865558.792:21709787): cwd=\"/\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865558.792:21709787): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552067726F777468626F6F6B202D6420706F737467726573"}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865558.792:21709787): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865558.792:21709787): arch=c000003e syscall=59 success=yes exit=0 a0=c00018ae80 a1=c000022ac0 a2=c0000900c0 a3=0 items=2 ppid=2181433 pid=2181446 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/usr/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865558.773:21709786): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865558.773:21709786): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865558.773:21709786): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:231 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865558.773:21709786): cwd=\"/var/lib/docker/rootfs/overlayfs/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865558.773:21709786): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865558.773:21709786): arch=c000003e syscall=59 success=yes exit=0 a0=c0001cd890 a1=c0001d1350 a2=c0001d3c80 a3=0 items=2 ppid=2181452 pid=2181462 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865558.758:21709785): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F61353866643439636235323962633263336335663434343763"}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865558.758:21709785): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865558.758:21709785): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865558.758:21709785): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865558.758:21709785): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1274865121\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b/e4605a78133ad16c50fbf38882f58fe37472af24a933f742aaa759bc1f2b51bd.pid\" a14=\"a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865558.758:21709785): arch=c000003e syscall=59 success=yes exit=0 a0=c000583480 a1=c000133680 a2=c000133780 a3=0 items=2 ppid=4511 pid=2181452 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865558.744:21709784): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865558.744:21709784): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865558.744:21709784): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865558.744:21709784): cwd=\"/var/lib/docker/rootfs/overlayfs/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865558.744:21709784): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865558.744:21709784): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5880 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=2181433 pid=2181443 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865558.729:21709783): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F30326662356464303063653239313436373264356635333762"}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865558.729:21709783): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865558.729:21709783): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865558.729:21709783): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865558.729:21709783): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2112697536\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf/ae98c903a04096fdf5936ffb248e395b10bf2560c15a99f8b9c0cf5d6cde98ab.pid\" a14=\"02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865558.729:21709783): arch=c000003e syscall=59 success=yes exit=0 a0=c0005762d0 a1=c000227800 a2=c000227880 a3=0 items=2 ppid=5607 pid=2181433 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865558.675:21709782): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865558.675:21709782): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865558.675:21709782): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865558.675:21709782): cwd=\"/var/lib/docker/rootfs/overlayfs/b539c3db94427db38e2f205e13ee104b50afa8ebe28e8de6717563f9b880c08e\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865558.675:21709782): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865558.675:21709782): arch=c000003e syscall=59 success=yes exit=0 a0=c0001eb810 a1=c0001ef338 a2=c0001f1c40 a3=0 items=2 ppid=2181413 pid=2181422 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865558.660:21709781): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F62353339633364623934343237646233386532663230356531"}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865558.660:21709781): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865558.660:21709781): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865558.660:21709781): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/b539c3db94427db38e2f205e13ee104b50afa8ebe28e8de6717563f9b880c08e\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865558.660:21709781): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/b539c3db94427db38e2f205e13ee104b50afa8ebe28e8de6717563f9b880c08e/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2572642006\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/b539c3db94427db38e2f205e13ee104b50afa8ebe28e8de6717563f9b880c08e/3387dede66d091eebda8b401d3bcaaf507b581d7ea71d31732b4ebe07508741b.pid\" a14=\"b539c3db94427db38e2f205e13ee104b50afa8ebe28e8de6717563f9b880c08e\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865558.660:21709781): arch=c000003e syscall=59 success=yes exit=0 a0=c000359c80 a1=c0001d9280 a2=c0001d9300 a3=0 items=2 ppid=5356 pid=2181413 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865558.436:21709780): proctitle=677265700077696E646D696C6C"}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865558.436:21709780): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:120 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865558.436:21709780): item=0 name=\"/usr/bin/grep\" inode=8524666 dev=00:120 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865558.436:21709780): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865558.436:21709780): argc=2 a0=\"grep\" a1=\"windmill\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865558.436:21709780): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865558.436:21709780): arch=c000003e syscall=59 success=yes exit=0 a0=5b3b504738a8 a1=5b3b50473800 a2=5b3b50473818 a3=654cf83fe3c5a40d items=2 ppid=2181404 pid=2181411 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"grep\" exe=\"/usr/bin/grep\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865558.435:21709779): proctitle=707300617578"}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865558.435:21709779): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:120 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865558.435:21709779): item=0 name=\"/usr/bin/ps\" inode=8576698 dev=00:120 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865558.435:21709779): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865558.435:21709779): argc=2 a0=\"ps\" a1=\"aux\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865558.435:21709779): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865558.435:21709779): arch=c000003e syscall=59 success=yes exit=0 a0=5b3b50473888 a1=5b3b504737e0 a2=5b3b504737f8 a3=654cf83fe3c5a40d items=2 ppid=2181404 pid=2181410 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"ps\" exe=\"/usr/bin/ps\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865558.430:21709778): proctitle=2F62696E2F7368002D6300707320617578207C20677265702077696E646D696C6C207C7C20657869742031"}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865558.430:21709778): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:120 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865558.430:21709778): item=0 name=\"/bin/sh\" inode=8524584 dev=00:120 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865558.430:21709778): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865558.430:21709778): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=707320617578207C20677265702077696E646D696C6C207C7C20657869742031"}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865558.430:21709778): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865558.430:21709778): arch=c000003e syscall=59 success=yes exit=0 a0=c00017cf50 a1=c000022680 a2=c000194a20 a3=0 items=2 ppid=12904 pid=2181404 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/usr/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865558.374:21709777): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865558.374:21709777): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865558.374:21709777): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865558.374:21709777): cwd=\"/var/lib/docker/rootfs/overlayfs/beba1a544e568fe258b36536f8a2534b89a2940ed13c0d80d5f6bf1281bee1a6\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865558.374:21709777): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865558.374:21709777): arch=c000003e syscall=59 success=yes exit=0 a0=c0002458a0 a1=c000249350 a2=c00024bc40 a3=0 items=2 ppid=2181392 pid=2181401 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865558.359:21709776): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F62656261316135343465353638666532353862333635333666"}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865558.359:21709776): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865558.359:21709776): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865558.359:21709776): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/beba1a544e568fe258b36536f8a2534b89a2940ed13c0d80d5f6bf1281bee1a6\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865558.359:21709776): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/beba1a544e568fe258b36536f8a2534b89a2940ed13c0d80d5f6bf1281bee1a6/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2665200728\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/beba1a544e568fe258b36536f8a2534b89a2940ed13c0d80d5f6bf1281bee1a6/d182de5469b69508f80f8e09240ce03b8cb53fc075f9134dcc14b1d196ffc332.pid\" a14=\"beba1a544e568fe258b36536f8a2534b89a2940ed13c0d80d5f6bf1281bee1a6\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865558.359:21709776): arch=c000003e syscall=59 success=yes exit=0 a0=c00036e980 a1=c0001bed00 a2=c0001bed80 a3=0 items=2 ppid=12904 pid=2181392 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.896:21709775): proctitle=6375726C002D6600687474703A2F2F6C6F63616C686F73743A31373137302F"}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.896:21709775): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3566853 dev=00:5c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.896:21709775): item=0 name=\"/usr/bin/curl\" inode=3574788 dev=00:5c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.896:21709775): cwd=\"/app\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865557.896:21709775): argc=3 a0=\"curl\" a1=\"-f\" a2=\"http://localhost:17170/\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865557.896:21709775): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.896:21709775): arch=c000003e syscall=59 success=yes exit=0 a0=c00018d0f0 a1=c000022ac0 a2=c00013ec00 a3=0 items=2 ppid=2181371 pid=2181384 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"curl\" exe=\"/usr/bin/curl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.848:21709774): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.848:21709774): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6694357 dev=00:7e mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.848:21709774): item=0 name=\"/usr/local/bin/redis-cli\" inode=6703632 dev=00:7e mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.848:21709774): cwd=\"/data\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865557.848:21709774): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865557.848:21709774): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.848:21709774): arch=c000003e syscall=59 success=yes exit=0 a0=c000028760 a1=c00009f350 a2=c0001651c0 a3=0 items=2 ppid=2181351 pid=2181365 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.848:21709773): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.848:21709773): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.848:21709773): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:231 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.848:21709773): cwd=\"/var/lib/docker/rootfs/overlayfs/5bd3e1d5545f7ec51999f8794a4b4d6cc0fd1d92f87a78cfdfb129e440cd0559\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865557.848:21709773): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.848:21709773): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b840 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=2181371 pid=2181381 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.834:21709772): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F35626433653164353534356637656335313939396638373934"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.834:21709772): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.834:21709772): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.834:21709772): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/5bd3e1d5545f7ec51999f8794a4b4d6cc0fd1d92f87a78cfdfb129e440cd0559\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865557.834:21709772): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/5bd3e1d5545f7ec51999f8794a4b4d6cc0fd1d92f87a78cfdfb129e440cd0559/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3299374630\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/5bd3e1d5545f7ec51999f8794a4b4d6cc0fd1d92f87a78cfdfb129e440cd0559/612eb5ab4398d3c3be61a367e80cf3e2aa5944476ea7e3b9d5fa66eb4aef005a.pid\" a14=\"5bd3e1d5545f7ec51999f8794a4b4d6cc0fd1d92f87a78cfdfb129e440cd0559\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.834:21709772): arch=c000003e syscall=59 success=yes exit=0 a0=c0001bad20 a1=c000297980 a2=c0000fe800 a3=0 items=2 ppid=5253 pid=2181371 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.806:21709771): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.806:21709771): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.806:21709771): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.806:21709771): cwd=\"/var/lib/docker/rootfs/overlayfs/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865557.806:21709771): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.806:21709771): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b840 a1=c00017f338 a2=c000181c00 a3=0 items=2 ppid=2181351 pid=2181362 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.794:21709770): proctitle=6D617269616462002D2D64656661756C74732D65787472612D66696C653D2F7661722F6C69622F6D7973716C2F2E6D792D6865616C7468636865636B2E636E66002D2D70726F746F636F6C00736F636B6574002D42002D2D736B69702D636F6C756D6E2D6E616D6573002D650073656C65637420312066726F6D20696E666F72"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.794:21709770): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:48 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.794:21709770): item=0 name=\"/usr/bin/mariadb\" inode=7117817 dev=00:48 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.794:21709770): cwd=\"/\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865557.794:21709770): argc=8 a0=\"mariadb\" a1=\"--defaults-extra-file=/var/lib/mysql/.my-healthcheck.cnf\" a2=\"--protocol\" a3=\"socket\" a4=\"-B\" a5=\"--skip-column-names\" a6=\"-e\" a7=73656C65637420312066726F6D20696E666F726D6174696F6E5F736368656D612E454E47494E455320574845524520656E67696E653D27696E6E6F64622720414E4420737570706F727420696E202827594553272C202744454641554C54272C2027454E41424C45442729"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865557.794:21709770): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.794:21709770): arch=c000003e syscall=59 success=yes exit=0 a0=55d99e18a990 a1=55d99e1ac9c0 a2=55d99e18b860 a3=8 items=2 ppid=2181344 pid=2181352 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"mariadb\" exe=\"/usr/bin/mariadb\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.790:21709769): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F30613638333732643666643238323031363834626539383237"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.790:21709769): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.790:21709769): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.790:21709769): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865557.790:21709769): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2749824752\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748/933ee77262aa320d8ad14c084a5b8334bf205d6391c8ae6e130d7abce598addd.pid\" a14=\"0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.790:21709769): arch=c000003e syscall=59 success=yes exit=0 a0=c0003c71f0 a1=c0001e5380 a2=c0001e5500 a3=0 items=2 ppid=3830339 pid=2181351 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.777:21709768): proctitle=6D617269616462002D2D64656661756C74732D65787472612D66696C653D2F7661722F6C69622F6D7973716C2F2E6D792D6865616C7468636865636B2E636E66002D2D70726F746F636F6C00736F636B6574002D42002D2D736B69702D636F6C756D6E2D6E616D6573002D650073656C656374204040736B69705F6E6574776F"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.777:21709768): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:48 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.777:21709768): item=0 name=\"/usr/bin/mariadb\" inode=7117817 dev=00:48 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.777:21709768): cwd=\"/\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865557.777:21709768): argc=8 a0=\"mariadb\" a1=\"--defaults-extra-file=/var/lib/mysql/.my-healthcheck.cnf\" a2=\"--protocol\" a3=\"socket\" a4=\"-B\" a5=\"--skip-column-names\" a6=\"-e\" a7=73656C656374204040736B69705F6E6574776F726B696E67"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865557.777:21709768): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.777:21709768): arch=c000003e syscall=59 success=yes exit=0 a0=55d99e18afe0 a1=55d99e1ac810 a2=55d99e18b4a0 a3=8 items=2 ppid=2181344 pid=2181350 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"mariadb\" exe=\"/usr/bin/mariadb\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.769:21709767): proctitle=2F62696E2F62617368002F7573722F6C6F63616C2F62696E2F6865616C7468636865636B2E7368002D2D636F6E6E656374002D2D696E6E6F64625F696E697469616C697A6564"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.769:21709767): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:48 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.769:21709767): item=1 name=\"/bin/bash\" inode=6963796 dev=00:48 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.769:21709767): item=0 name=\"/usr/local/bin/healthcheck.sh\" inode=7348502 dev=00:48 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.769:21709767): cwd=\"/\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865557.769:21709767): argc=4 a0=\"/bin/bash\" a1=\"/usr/local/bin/healthcheck.sh\" a2=\"--connect\" a3=\"--innodb_initialized\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865557.769:21709767): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.769:21709767): arch=c000003e syscall=59 success=yes exit=0 a0=c0000289a0 a1=c000022aa0 a2=c00013a320 a3=0 items=3 ppid=2181331 pid=2181344 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"healthcheck.sh\" exe=\"/usr/bin/bash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.721:21709766): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.721:21709766): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.721:21709766): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.721:21709766): cwd=\"/var/lib/docker/rootfs/overlayfs/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865557.721:21709766): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.721:21709766): arch=c000003e syscall=59 success=yes exit=0 a0=c000173840 a1=c000177338 a2=c000179c80 a3=0 items=2 ppid=2181331 pid=2181341 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.707:21709765): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F37656465303139653363623065383839303138636162386266"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.707:21709765): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.707:21709765): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.707:21709765): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865557.707:21709765): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3906261792\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7/eb3b570ed8b5bb128e6cee18cc65f419c4eed7800e1ea200630e3fee182aa14d.pid\" a14=\"7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.707:21709765): arch=c000003e syscall=59 success=yes exit=0 a0=c0004a7750 a1=c0001d3500 a2=c0001d3580 a3=0 items=2 ppid=4533 pid=2181331 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.646:21709764): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.646:21709764): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:120 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.646:21709764): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:120 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.646:21709764): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865557.646:21709764): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865557.646:21709764): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.646:21709764): arch=c000003e syscall=59 success=yes exit=0 a0=7de3f471ed60 a1=7de3ad0355c0 a2=634e07c84a40 a3=8 items=2 ppid=13318 pid=2181330 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.642:21709763): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.642:21709763): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6694357 dev=00:72 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.642:21709763): item=0 name=\"/usr/local/bin/redis-cli\" inode=6703632 dev=00:72 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.642:21709763): cwd=\"/data\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865557.642:21709763): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865557.642:21709763): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.643:21709762): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.642:21709763): arch=c000003e syscall=59 success=yes exit=0 a0=c0000289a0 a1=c0000d5350 a2=c0000dd1c0 a3=0 items=2 ppid=2181309 pid=2181322 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.643:21709762): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.643:21709762): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.643:21709762): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad0355c0 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2181330 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.643:21709761): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.643:21709761): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.643:21709761): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.643:21709761): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad0355c0 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2181330 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.643:21709760): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.643:21709760): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.643:21709760): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.643:21709760): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad0355c0 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2181330 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.643:21709759): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.643:21709759): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.643:21709759): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.643:21709759): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad0355c0 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2181330 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.643:21709758): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.643:21709758): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.643:21709758): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.643:21709758): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad0355c0 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2181330 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.643:21709757): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.643:21709757): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.643:21709757): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.643:21709757): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad0355c0 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2181330 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.641:21709756): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.641:21709756): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:120 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.641:21709756): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:120 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.641:21709756): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865557.641:21709756): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865557.641:21709756): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.641:21709756): arch=c000003e syscall=59 success=yes exit=0 a0=7de3f471ed60 a1=7de3ad032d60 a2=634e07c84a40 a3=8 items=2 ppid=13318 pid=2181329 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.641:21709755): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.641:21709755): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.641:21709755): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.641:21709755): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad032d60 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2181329 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.641:21709754): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.641:21709754): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.641:21709754): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.641:21709754): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad032d60 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2181329 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.641:21709753): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.641:21709753): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.641:21709753): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.641:21709753): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad032d60 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2181329 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.641:21709752): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.641:21709752): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.641:21709752): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.641:21709752): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad032d60 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2181329 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.641:21709751): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.641:21709751): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.641:21709751): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.641:21709751): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad032d60 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2181329 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.641:21709750): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.641:21709750): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.641:21709750): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.641:21709750): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3ad032d60 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2181329 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.637:21709749): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.637:21709749): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:120 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.637:21709749): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:120 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.637:21709749): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865557.637:21709749): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865557.637:21709749): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.637:21709749): arch=c000003e syscall=59 success=yes exit=0 a0=7de3f471ed60 a1=7de3f4201d20 a2=634e07c84a40 a3=8 items=2 ppid=13318 pid=2181328 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.637:21709748): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.637:21709748): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.637:21709748): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.637:21709748): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3f4201d20 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2181328 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.637:21709747): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.637:21709747): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.637:21709747): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.637:21709747): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3f4201d20 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2181328 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.637:21709746): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.637:21709746): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.637:21709746): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.637:21709746): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3f4201d20 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2181328 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.637:21709745): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.637:21709745): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.637:21709745): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.637:21709745): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3f4201d20 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2181328 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.637:21709744): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.637:21709744): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.637:21709744): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.637:21709744): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3f4201d20 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2181328 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.637:21709743): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.637:21709743): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.637:21709743): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.637:21709743): arch=c000003e syscall=59 success=no exit=-2 a0=7de3f471ed60 a1=7de3f4201d20 a2=634e07c84a40 a3=8 items=1 ppid=13318 pid=2181328 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.601:21709742): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.601:21709742): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.601:21709742): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.601:21709742): cwd=\"/var/lib/docker/rootfs/overlayfs/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865557.601:21709742): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.601:21709742): arch=c000003e syscall=59 success=yes exit=0 a0=c00024d880 a1=c000251350 a2=c000253c00 a3=0 items=2 ppid=2181309 pid=2181318 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.586:21709741): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F34383062353761303034306362373564646534356436663664"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.586:21709741): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.586:21709741): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.586:21709741): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865557.586:21709741): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process436615422\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af/a32cd7cf7e5b173594293975cfa125bc6c6fc76730932fbb1e6c39f6f6b31463.pid\" a14=\"480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.586:21709741): arch=c000003e syscall=59 success=yes exit=0 a0=c00051d680 a1=c0004b2880 a2=c0004b2900 a3=0 items=2 ppid=4127 pid=2181309 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.385:21709740): proctitle=77676574002D2D6E6F2D766572626F7365002D2D74726965733D31002D2D73706964657200687474703A2F2F6C6F63616C686F73743A393039312F6170692F6865616C7468"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.385:21709740): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=3678029 dev=00:e9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.385:21709740): item=0 name=\"/usr/bin/wget\" inode=3677985 dev=00:e9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.385:21709740): cwd=\"/app\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865557.385:21709740): argc=5 a0=\"wget\" a1=\"--no-verbose\" a2=\"--tries=1\" a3=\"--spider\" a4=\"http://localhost:9091/api/health\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865557.385:21709740): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.385:21709740): arch=c000003e syscall=59 success=yes exit=0 a0=5a84821775c0 a1=5a8482177540 a2=5a8482177570 a3=78a3d7d3eb38 items=2 ppid=2181299 pid=2181308 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/usr/bin/wget\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.379:21709739): proctitle=2F62696E2F7368002D630077676574202D2D6E6F2D766572626F7365202D2D74726965733D31202D2D73706964657220687474703A2F2F6C6F63616C686F73743A393039312F6170692F6865616C7468207C7C20657869742031"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.379:21709739): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=3678029 dev=00:e9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.379:21709739): item=0 name=\"/bin/sh\" inode=3675124 dev=00:e9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.379:21709739): cwd=\"/app\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865557.379:21709739): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=77676574202D2D6E6F2D766572626F7365202D2D74726965733D31202D2D73706964657220687474703A2F2F6C6F63616C686F73743A393039312F6170692F6865616C7468207C7C20657869742031"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865557.379:21709739): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.379:21709739): arch=c000003e syscall=59 success=yes exit=0 a0=c0001a8ea8 a1=c000022660 a2=c0000df200 a3=0 items=2 ppid=2181287 pid=2181299 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/sh\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.370:21709738): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.370:21709738): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:102 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.370:21709738): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:102 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.370:21709738): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865557.370:21709738): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865557.370:21709738): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.370:21709738): arch=c000003e syscall=59 success=yes exit=0 a0=7e8ad4131d60 a1=7e8a64a00d40 a2=618bc9213650 a3=8 items=2 ppid=1943853 pid=2181307 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.370:21709737): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.370:21709737): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.370:21709737): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.370:21709737): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8a64a00d40 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2181307 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.370:21709736): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.370:21709736): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.370:21709736): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.370:21709736): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8a64a00d40 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2181307 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.370:21709735): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.370:21709735): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.370:21709735): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.370:21709735): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8a64a00d40 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2181307 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.369:21709734): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.369:21709734): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.369:21709734): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.369:21709734): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8a64a00d40 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2181307 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.369:21709733): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.369:21709733): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.369:21709733): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.369:21709733): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8a64a00d40 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2181307 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.369:21709732): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.369:21709732): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.369:21709732): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.369:21709732): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8a64a00d40 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2181307 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.366:21709731): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.366:21709731): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:102 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.366:21709731): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:102 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.366:21709731): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865557.366:21709731): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865557.366:21709731): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.366:21709731): arch=c000003e syscall=59 success=yes exit=0 a0=7e8ad4131d60 a1=7e8ac6e04aa0 a2=618bc9213650 a3=8 items=2 ppid=1943853 pid=2181306 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.366:21709730): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.366:21709730): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.366:21709730): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.366:21709730): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04aa0 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2181306 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.366:21709729): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.366:21709729): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.366:21709729): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.366:21709729): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04aa0 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2181306 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.365:21709728): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.365:21709728): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.365:21709728): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.365:21709728): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04aa0 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2181306 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.365:21709727): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.365:21709727): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.365:21709727): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.365:21709727): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04aa0 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2181306 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.365:21709726): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.365:21709726): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.365:21709726): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.365:21709726): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04aa0 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2181306 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.365:21709725): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.365:21709725): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.365:21709725): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.365:21709725): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04aa0 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2181306 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.361:21709724): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.361:21709724): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:102 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.361:21709724): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:102 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.361:21709724): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865557.361:21709724): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865557.361:21709724): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.361:21709724): arch=c000003e syscall=59 success=yes exit=0 a0=7e8ad4131d60 a1=7e8ac6e04360 a2=618bc9213650 a3=8 items=2 ppid=1943853 pid=2181305 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.361:21709723): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.361:21709723): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.361:21709723): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.361:21709723): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04360 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2181305 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.361:21709722): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.361:21709722): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.361:21709722): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.361:21709722): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04360 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2181305 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.361:21709721): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.361:21709721): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.361:21709721): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.361:21709721): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04360 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2181305 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.361:21709720): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.361:21709720): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.361:21709720): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.361:21709720): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04360 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2181305 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.361:21709719): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.361:21709719): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.361:21709719): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.361:21709719): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04360 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2181305 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.361:21709718): proctitle=\"windmill\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.361:21709718): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.361:21709718): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.361:21709718): arch=c000003e syscall=59 success=no exit=-2 a0=7e8ad4131d60 a1=7e8ac6e04360 a2=618bc9213650 a3=8 items=1 ppid=1943853 pid=2181305 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.329:21709717): proctitle=72756E6300696E6974"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.329:21709717): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.329:21709717): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.329:21709717): cwd=\"/var/lib/docker/rootfs/overlayfs/dded6b49287cffb7eb9d3e0e8fcca16ac4bcfe7f6ea4331cbfc92babc5585263\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865557.329:21709717): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.329:21709717): arch=c000003e syscall=59 success=yes exit=0 a0=c0001eb860 a1=c0001ef338 a2=c0001f1c40 a3=0 items=2 ppid=2181287 pid=2181296 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.314:21709716): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F64646564366234393238376366666237656239643365306538"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.314:21709716): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.314:21709716): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.314:21709716): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/dded6b49287cffb7eb9d3e0e8fcca16ac4bcfe7f6ea4331cbfc92babc5585263\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865557.314:21709716): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/dded6b49287cffb7eb9d3e0e8fcca16ac4bcfe7f6ea4331cbfc92babc5585263/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2292646593\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/dded6b49287cffb7eb9d3e0e8fcca16ac4bcfe7f6ea4331cbfc92babc5585263/d1320bef2590c5f8bf1b86bbf104d1f4f04aa3ca11d8221956154619af54ae60.pid\" a14=\"dded6b49287cffb7eb9d3e0e8fcca16ac4bcfe7f6ea4331cbfc92babc5585263\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.314:21709716): arch=c000003e syscall=59 success=yes exit=0 a0=c0002cc460 a1=c00013a300 a2=c00013a680 a3=0 items=2 ppid=2004630 pid=2181287 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.208:21709715): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.208:21709715): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:d2 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.208:21709715): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:d2 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.208:21709715): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865557.208:21709715): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865557.208:21709715): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.208:21709715): arch=c000003e syscall=59 success=yes exit=0 a0=74bcbc1b9d60 a1=74bc78e8c9e0 a2=5f16263f7a40 a3=8 items=2 ppid=12863 pid=2181286 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.208:21709714): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.208:21709714): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.208:21709714): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.208:21709714): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8c9e0 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2181286 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.208:21709713): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.208:21709713): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.208:21709713): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.208:21709713): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8c9e0 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2181286 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.208:21709712): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.208:21709712): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.208:21709712): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.208:21709712): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8c9e0 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2181286 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.208:21709711): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.208:21709711): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.208:21709711): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.208:21709711): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8c9e0 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2181286 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.208:21709710): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.208:21709710): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.208:21709710): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.208:21709710): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8c9e0 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2181286 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.208:21709709): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.208:21709709): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.208:21709709): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.208:21709709): arch=c000003e syscall=59 success=no exit=-2 a0=74bcbc1b9d60 a1=74bc78e8c9e0 a2=5f16263f7a40 a3=8 items=1 ppid=12863 pid=2181286 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.205:21709708): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.205:21709708): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:d2 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.205:21709708): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:d2 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1775865557.205:21709708): cwd=\"/usr/src/app\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1775865557.205:21709708): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1775865557.205:21709708): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1775865557.205:21709708): arch=c000003e syscall=59 success=yes exit=0 a0=74bcbc1b9d60 a1=74bc78e8ca00 a2=5f16263f7a40 a3=8 items=2 ppid=12863 pid=2181285 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1775865557.205:21709707): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1775865557.205:21709707): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-os-backend", "detected_level": "info", "service_name": "/prometheus-os-backend"}, "msg": "{\"time\":\"2026-04-10T23:59:56.809878884Z\",\"level\":\"INFO\",\"msg\":\"http request\",\"method\":\"GET\",\"path\":\"/health\",\"status\":200,\"duration_ms\":0,\"remote_addr\":\"[::1]:34916\"}"}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-os-backend", "detected_level": "info", "service_name": "/prometheus-os-backend"}, "msg": "{\"time\":\"2026-04-10T23:59:49.188009002Z\",\"level\":\"INFO\",\"msg\":\"http request\",\"method\":\"GET\",\"path\":\"/metrics\",\"status\":200,\"duration_ms\":0,\"remote_addr\":\"172.18.0.46:52058\"}"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-os-backend", "detected_level": "info", "service_name": "/prometheus-os-backend"}, "msg": "{\"time\":\"2026-04-10T23:59:41.725003573Z\",\"level\":\"INFO\",\"msg\":\"http request\",\"method\":\"GET\",\"path\":\"/health\",\"status\":200,\"duration_ms\":0,\"remote_addr\":\"[::1]:42592\"}"}
{"ts": "2026-04-10T23:59:34Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-os-backend", "detected_level": "info", "service_name": "/prometheus-os-backend"}, "msg": "{\"time\":\"2026-04-10T23:59:34.187362512Z\",\"level\":\"INFO\",\"msg\":\"http request\",\"method\":\"GET\",\"path\":\"/metrics\",\"status\":200,\"duration_ms\":0,\"remote_addr\":\"172.18.0.46:52058\"}"}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-os-backend", "detected_level": "info", "service_name": "/prometheus-os-backend"}, "msg": "{\"time\":\"2026-04-10T23:59:26.648216335Z\",\"level\":\"INFO\",\"msg\":\"http request\",\"method\":\"GET\",\"path\":\"/health\",\"status\":200,\"duration_ms\":0,\"remote_addr\":\"[::1]:58094\"}"}
{"ts": "2026-04-10T23:59:21Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-os-backend", "detected_level": "info", "service_name": "/prometheus-os-backend"}, "msg": "{\"time\":\"2026-04-10T23:59:21.543546196Z\",\"level\":\"INFO\",\"msg\":\"[Scheduler] Checking for scheduled AI Agent runs...\"}"}
{"ts": "2026-04-10T23:59:19Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-os-backend", "detected_level": "info", "service_name": "/prometheus-os-backend"}, "msg": "{\"time\":\"2026-04-10T23:59:19.18757907Z\",\"level\":\"INFO\",\"msg\":\"http request\",\"method\":\"GET\",\"path\":\"/metrics\",\"status\":200,\"duration_ms\":0,\"remote_addr\":\"172.18.0.46:52058\"}"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-windmill-worker-1", "detected_level": "info", "service_name": "/prometheus-holding-windmill-worker-1"}, "msg": "\u001b[2m2026-04-10T23:59:53.975842Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2mwindmill-worker/src/worker_utils.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m84\u001b[0m\u001b[2m:\u001b[0m ping update, memory: container=103MB, windmill=238MB \u001b[3mworker\u001b[0m\u001b[2m=\u001b[0mwk-default-beba1a544e56-B1OqD \u001b[3mhostname\u001b[0m\u001b[2m=\u001b[0mbeba1a544e56"}
{"ts": "2026-04-10T23:59:52Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-windmill-worker-1", "detected_level": "info", "service_name": "/prometheus-holding-windmill-worker-1"}, "msg": "\u001b[2m2026-04-10T23:59:52.617733Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2msrc/main.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m1541\u001b[0m\u001b[2m:\u001b[0m monitor task finished"}
{"ts": "2026-04-10T23:59:52Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-windmill-worker-1", "detected_level": "info", "service_name": "/prometheus-holding-windmill-worker-1"}, "msg": "\u001b[2m2026-04-10T23:59:52.469322Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2msrc/main.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m1522\u001b[0m\u001b[2m:\u001b[0m monitor task started"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-windmill-worker-1", "detected_level": "info", "service_name": "/prometheus-holding-windmill-worker-1"}, "msg": "\u001b[2m2026-04-10T23:59:47.921030Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2mwindmill-worker/src/worker_utils.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m84\u001b[0m\u001b[2m:\u001b[0m ping update, memory: container=103MB, windmill=238MB \u001b[3mworker\u001b[0m\u001b[2m=\u001b[0mwk-default-beba1a544e56-B1OqD \u001b[3mhostname\u001b[0m\u001b[2m=\u001b[0mbeba1a544e56"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-windmill-worker-1", "detected_level": "info", "service_name": "/prometheus-holding-windmill-worker-1"}, "msg": "\u001b[2m2026-04-10T23:59:41.864088Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2mwindmill-worker/src/worker_utils.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m84\u001b[0m\u001b[2m:\u001b[0m ping update, memory: container=103MB, windmill=238MB \u001b[3mworker\u001b[0m\u001b[2m=\u001b[0mwk-default-beba1a544e56-B1OqD \u001b[3mhostname\u001b[0m\u001b[2m=\u001b[0mbeba1a544e56"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-windmill-worker-1", "detected_level": "info", "service_name": "/prometheus-holding-windmill-worker-1"}, "msg": "\u001b[2m2026-04-10T23:59:35.810033Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2mwindmill-worker/src/worker_utils.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m84\u001b[0m\u001b[2m:\u001b[0m ping update, memory: container=103MB, windmill=238MB \u001b[3mworker\u001b[0m\u001b[2m=\u001b[0mwk-default-beba1a544e56-B1OqD \u001b[3mhostname\u001b[0m\u001b[2m=\u001b[0mbeba1a544e56"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-windmill-worker-1", "detected_level": "info", "service_name": "/prometheus-holding-windmill-worker-1"}, "msg": "\u001b[2m2026-04-10T23:59:29.762747Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2mwindmill-worker/src/worker_utils.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m84\u001b[0m\u001b[2m:\u001b[0m ping update, memory: container=103MB, windmill=238MB \u001b[3mworker\u001b[0m\u001b[2m=\u001b[0mwk-default-beba1a544e56-B1OqD \u001b[3mhostname\u001b[0m\u001b[2m=\u001b[0mbeba1a544e56"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-windmill-worker-1", "detected_level": "info", "service_name": "/prometheus-holding-windmill-worker-1"}, "msg": "\u001b[2m2026-04-10T23:59:23.705916Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2mwindmill-worker/src/worker_utils.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m84\u001b[0m\u001b[2m:\u001b[0m ping update, memory: container=103MB, windmill=238MB \u001b[3mworker\u001b[0m\u001b[2m=\u001b[0mwk-default-beba1a544e56-B1OqD \u001b[3mhostname\u001b[0m\u001b[2m=\u001b[0mbeba1a544e56"}
{"ts": "2026-04-10T23:59:22Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-windmill-worker-1", "detected_level": "info", "service_name": "/prometheus-holding-windmill-worker-1"}, "msg": "\u001b[2m2026-04-10T23:59:22.467562Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2msrc/main.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m1541\u001b[0m\u001b[2m:\u001b[0m monitor task finished"}
{"ts": "2026-04-10T23:59:22Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-windmill-worker-1", "detected_level": "info", "service_name": "/prometheus-holding-windmill-worker-1"}, "msg": "\u001b[2m2026-04-10T23:59:22.325713Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2msrc/main.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m1522\u001b[0m\u001b[2m:\u001b[0m monitor task started"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-windmill-worker-1", "detected_level": "info", "service_name": "/prometheus-holding-windmill-worker-1"}, "msg": "\u001b[2m2026-04-10T23:59:17.651909Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2mwindmill-worker/src/worker_utils.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m84\u001b[0m\u001b[2m:\u001b[0m ping update, memory: container=103MB, windmill=238MB \u001b[3mworker\u001b[0m\u001b[2m=\u001b[0mwk-default-beba1a544e56-B1OqD \u001b[3mhostname\u001b[0m\u001b[2m=\u001b[0mbeba1a544e56"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-windmill-server-1", "detected_level": "info", "service_name": "/prometheus-holding-windmill-server-1"}, "msg": "\u001b[2m2026-04-10T23:59:53.541008Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2msrc/main.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m1541\u001b[0m\u001b[2m:\u001b[0m monitor task finished"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-windmill-server-1", "detected_level": "info", "service_name": "/prometheus-holding-windmill-server-1"}, "msg": "\u001b[2m2026-04-10T23:59:53.482492Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2mwindmill-worker/src/worker_utils.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m84\u001b[0m\u001b[2m:\u001b[0m ping update, memory: container=119MB, windmill=233MB \u001b[3mworker\u001b[0m\u001b[2m=\u001b[0mwk-default-85b545c504cd-fiCpF \u001b[3mhostname\u001b[0m\u001b[2m=\u001b[0m85b545c504cd"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-windmill-server-1", "detected_level": "info", "service_name": "/prometheus-holding-windmill-server-1"}, "msg": "\u001b[2m2026-04-10T23:59:53.391780Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2msrc/main.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m1522\u001b[0m\u001b[2m:\u001b[0m monitor task started"}
{"ts": "2026-04-10T23:59:52Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-windmill-server-1", "detected_level": "info", "service_name": "/prometheus-holding-windmill-server-1"}, "msg": "\u001b[2m2026-04-10T23:59:52.849219Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[1mrequest\u001b[0m: \u001b[2mwindmill-api/src/tracing_init.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m35\u001b[0m\u001b[2m:\u001b[0m response \u001b[3mlatency\u001b[0m\u001b[2m=\u001b[0m0 \u001b[3mstatus\u001b[0m\u001b[2m=\u001b[0m200 \u001b[2m\u001b[3mmethod\u001b[0m\u001b[2m=\u001b[0mGET \u001b[3muri\u001b[0m\u001b[2m=\u001b[0m/healthz \u001b[3mtraceId\u001b[0m\u001b[2m=\u001b[0m\"90270579-c630-4dfa-a1da-61bec707c650\"\u001b[0m"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-windmill-server-1", "detected_level": "info", "service_name": "/prometheus-holding-windmill-server-1"}, "msg": "\u001b[2m2026-04-10T23:59:47.423175Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2mwindmill-worker/src/worker_utils.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m84\u001b[0m\u001b[2m:\u001b[0m ping update, memory: container=119MB, windmill=233MB \u001b[3mworker\u001b[0m\u001b[2m=\u001b[0mwk-default-85b545c504cd-fiCpF \u001b[3mhostname\u001b[0m\u001b[2m=\u001b[0m85b545c504cd"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-windmill-server-1", "detected_level": "info", "service_name": "/prometheus-holding-windmill-server-1"}, "msg": "\u001b[2m2026-04-10T23:59:41.407774Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2mwindmill-worker/src/worker_utils.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m84\u001b[0m\u001b[2m:\u001b[0m ping update, memory: container=119MB, windmill=233MB \u001b[3mworker\u001b[0m\u001b[2m=\u001b[0mwk-default-85b545c504cd-fiCpF \u001b[3mhostname\u001b[0m\u001b[2m=\u001b[0m85b545c504cd"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-windmill-server-1", "detected_level": "info", "service_name": "/prometheus-holding-windmill-server-1"}, "msg": "\u001b[2m2026-04-10T23:59:35.346455Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2mwindmill-worker/src/worker_utils.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m84\u001b[0m\u001b[2m:\u001b[0m ping update, memory: container=119MB, windmill=233MB \u001b[3mworker\u001b[0m\u001b[2m=\u001b[0mwk-default-85b545c504cd-fiCpF \u001b[3mhostname\u001b[0m\u001b[2m=\u001b[0m85b545c504cd"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-windmill-server-1", "detected_level": "info", "service_name": "/prometheus-holding-windmill-server-1"}, "msg": "\u001b[2m2026-04-10T23:59:29.286145Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2mwindmill-worker/src/worker_utils.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m84\u001b[0m\u001b[2m:\u001b[0m ping update, memory: container=119MB, windmill=233MB \u001b[3mworker\u001b[0m\u001b[2m=\u001b[0mwk-default-85b545c504cd-fiCpF \u001b[3mhostname\u001b[0m\u001b[2m=\u001b[0m85b545c504cd"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-windmill-server-1", "detected_level": "info", "service_name": "/prometheus-holding-windmill-server-1"}, "msg": "\u001b[2m2026-04-10T23:59:23.390065Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2msrc/main.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m1541\u001b[0m\u001b[2m:\u001b[0m monitor task finished"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-windmill-server-1", "detected_level": "info", "service_name": "/prometheus-holding-windmill-server-1"}, "msg": "\u001b[2m2026-04-10T23:59:23.236751Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2mwindmill-worker/src/worker_utils.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m84\u001b[0m\u001b[2m:\u001b[0m ping update, memory: container=119MB, windmill=233MB \u001b[3mworker\u001b[0m\u001b[2m=\u001b[0mwk-default-85b545c504cd-fiCpF \u001b[3mhostname\u001b[0m\u001b[2m=\u001b[0m85b545c504cd"}
{"ts": "2026-04-10T23:59:22Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-windmill-server-1", "detected_level": "info", "service_name": "/prometheus-holding-windmill-server-1"}, "msg": "\u001b[2m2026-04-10T23:59:22.756879Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[1mrequest\u001b[0m: \u001b[2mwindmill-api/src/tracing_init.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m35\u001b[0m\u001b[2m:\u001b[0m response \u001b[3mlatency\u001b[0m\u001b[2m=\u001b[0m0 \u001b[3mstatus\u001b[0m\u001b[2m=\u001b[0m200 \u001b[2m\u001b[3mmethod\u001b[0m\u001b[2m=\u001b[0mGET \u001b[3muri\u001b[0m\u001b[2m=\u001b[0m/healthz \u001b[3mtraceId\u001b[0m\u001b[2m=\u001b[0m\"9efb9627-018e-4d38-8799-321929d63c70\"\u001b[0m"}
{"ts": "2026-04-10T23:59:22Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-windmill-server-1", "detected_level": "info", "service_name": "/prometheus-holding-windmill-server-1"}, "msg": "\u001b[2m2026-04-10T23:59:22.690735Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2mwindmill-api/src/native_triggers/sync.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m87\u001b[0m\u001b[2m:\u001b[0m Completed native triggers sync: 0 updated, 0 errors"}
{"ts": "2026-04-10T23:59:22Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-windmill-server-1", "detected_level": "info", "service_name": "/prometheus-holding-windmill-server-1"}, "msg": "\u001b[2m2026-04-10T23:59:22.674984Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2mwindmill-api/src/native_triggers/sync.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m48\u001b[0m\u001b[2m:\u001b[0m Starting native triggers sync"}
{"ts": "2026-04-10T23:59:22Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-windmill-server-1", "detected_level": "info", "service_name": "/prometheus-holding-windmill-server-1"}, "msg": "\u001b[2m2026-04-10T23:59:22.674032Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2msrc/main.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m1522\u001b[0m\u001b[2m:\u001b[0m monitor task started"}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-windmill-db-1", "detected_level": "unknown", "service_name": "/prometheus-holding-windmill-db-1"}, "msg": "2026-04-10 23:59:50.589 UTC [683118] FATAL:  role \"postgres\" does not exist"}
{"ts": "2026-04-10T23:59:40Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-windmill-db-1", "detected_level": "unknown", "service_name": "/prometheus-holding-windmill-db-1"}, "msg": "2026-04-10 23:59:40.501 UTC [683112] FATAL:  role \"postgres\" does not exist"}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-windmill-db-1", "detected_level": "unknown", "service_name": "/prometheus-holding-windmill-db-1"}, "msg": "2026-04-10 23:59:30.421 UTC [683104] FATAL:  role \"postgres\" does not exist"}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-windmill-db-1", "detected_level": "unknown", "service_name": "/prometheus-holding-windmill-db-1"}, "msg": "2026-04-10 23:59:20.340 UTC [683096] FATAL:  role \"postgres\" does not exist"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-10T23:59:47.894508029Z caller=checkpoint.go:569 msg=\"checkpoint done\" time=4m30.015877202s"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-10T23:59:47.888514585Z caller=checkpoint.go:498 msg=\"atomic checkpoint finished\" old=/loki/wal/checkpoint.029977.tmp new=/loki/wal/checkpoint.029977"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-10T23:59:47.877935855Z caller=recalculate_owned_streams.go:52 msg=\"completed recalculate owned streams job\""}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-10T23:59:47.877830052Z caller=recalculate_owned_streams.go:49 msg=\"starting recalculate owned streams job\""}
{"ts": "2026-04-10T23:59:32Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-10T23:59:32.787006728Z caller=flush.go:304 component=ingester msg=\"flushing stream\" user=fake fp=2d17c99ed15e1b5e immediate=false num_chunks=1 total_comp=\"71 B\" avg_comp=\"71 B\" total_uncomp=\"26 kB\" avg_uncomp=\"26 kB\" max_age=1 labels=\"{cluster=\\\"docker-compose\\\", container=\\\"/prometheus-holding-erpnext-frontend-1\\\", service_name=\\\"/prometheus-holding-erpnext-frontend-1\\\"}\""}
{"ts": "2026-04-10T23:59:22Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-10T23:59:22.502916042Z caller=marker.go:202 msg=\"no marks file found\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-10T23:59:17.878536444Z caller=recalculate_owned_streams.go:52 msg=\"completed recalculate owned streams job\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-10T23:59:17.878372319Z caller=recalculate_owned_streams.go:49 msg=\"starting recalculate owned streams job\""}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:58.582 UTC [32] LOG:  cron job 3 COMMAND completed: CALL "}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:58.567 UTC [32] LOG:  cron job 3 starting: CALL documentdb_api_internal.build_index_concurrently(2);"}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:58.566 UTC [32] LOG:  cron job 2 COMMAND completed: CALL "}
{"ts": "2026-04-10T23:59:58Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:58.553 UTC [32] LOG:  cron job 2 starting: CALL documentdb_api_internal.build_index_concurrently(1);"}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:56.569 UTC [32] LOG:  cron job 3 COMMAND completed: CALL "}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:56.557 UTC [32] LOG:  cron job 3 starting: CALL documentdb_api_internal.build_index_concurrently(2);"}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:56.555 UTC [32] LOG:  cron job 2 COMMAND completed: CALL "}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:56.542 UTC [32] LOG:  cron job 2 starting: CALL documentdb_api_internal.build_index_concurrently(1);"}
{"ts": "2026-04-10T23:59:54Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:54.559 UTC [32] LOG:  cron job 3 COMMAND completed: CALL "}
{"ts": "2026-04-10T23:59:54Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:54.547 UTC [32] LOG:  cron job 3 starting: CALL documentdb_api_internal.build_index_concurrently(2);"}
{"ts": "2026-04-10T23:59:54Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:54.546 UTC [32] LOG:  cron job 2 COMMAND completed: CALL "}
{"ts": "2026-04-10T23:59:54Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:54.532 UTC [32] LOG:  cron job 2 starting: CALL documentdb_api_internal.build_index_concurrently(1);"}
{"ts": "2026-04-10T23:59:52Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:52.550 UTC [32] LOG:  cron job 3 COMMAND completed: CALL "}
{"ts": "2026-04-10T23:59:52Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:52.536 UTC [32] LOG:  cron job 3 starting: CALL documentdb_api_internal.build_index_concurrently(2);"}
{"ts": "2026-04-10T23:59:52Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:52.535 UTC [32] LOG:  cron job 2 COMMAND completed: CALL "}
{"ts": "2026-04-10T23:59:52Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:52.520 UTC [32] LOG:  cron job 2 starting: CALL documentdb_api_internal.build_index_concurrently(1);"}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:50.541 UTC [32] LOG:  cron job 3 COMMAND completed: CALL "}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:50.525 UTC [32] LOG:  cron job 3 starting: CALL documentdb_api_internal.build_index_concurrently(2);"}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:50.523 UTC [32] LOG:  cron job 2 COMMAND completed: CALL "}
{"ts": "2026-04-10T23:59:50Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:50.508 UTC [32] LOG:  cron job 2 starting: CALL documentdb_api_internal.build_index_concurrently(1);"}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:48.528 UTC [32] LOG:  cron job 3 COMMAND completed: CALL "}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:48.511 UTC [32] LOG:  cron job 3 starting: CALL documentdb_api_internal.build_index_concurrently(2);"}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:48.510 UTC [32] LOG:  cron job 2 COMMAND completed: CALL "}
{"ts": "2026-04-10T23:59:48Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:48.497 UTC [32] LOG:  cron job 2 starting: CALL documentdb_api_internal.build_index_concurrently(1);"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:46.515 UTC [32] LOG:  cron job 3 COMMAND completed: CALL "}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:46.503 UTC [32] LOG:  cron job 3 starting: CALL documentdb_api_internal.build_index_concurrently(2);"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:46.500 UTC [32] LOG:  cron job 2 COMMAND completed: CALL "}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:46.487 UTC [32] LOG:  cron job 2 starting: CALL documentdb_api_internal.build_index_concurrently(1);"}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:44.509 UTC [32] LOG:  cron job 3 COMMAND completed: CALL "}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:44.490 UTC [32] LOG:  cron job 2 COMMAND completed: CALL "}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:44.486 UTC [32] LOG:  cron job 3 starting: CALL documentdb_api_internal.build_index_concurrently(2);"}
{"ts": "2026-04-10T23:59:44Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:44.475 UTC [32] LOG:  cron job 2 starting: CALL documentdb_api_internal.build_index_concurrently(1);"}
{"ts": "2026-04-10T23:59:42Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:42.489 UTC [32] LOG:  cron job 3 COMMAND completed: CALL "}
{"ts": "2026-04-10T23:59:42Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:42.480 UTC [32] LOG:  cron job 2 COMMAND completed: CALL "}
{"ts": "2026-04-10T23:59:42Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:42.477 UTC [32] LOG:  cron job 3 starting: CALL documentdb_api_internal.build_index_concurrently(2);"}
{"ts": "2026-04-10T23:59:42Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:42.464 UTC [32] LOG:  cron job 2 starting: CALL documentdb_api_internal.build_index_concurrently(1);"}
{"ts": "2026-04-10T23:59:40Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:40.480 UTC [32] LOG:  cron job 3 COMMAND completed: CALL "}
{"ts": "2026-04-10T23:59:40Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:40.470 UTC [32] LOG:  cron job 2 COMMAND completed: CALL "}
{"ts": "2026-04-10T23:59:40Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:40.467 UTC [32] LOG:  cron job 3 starting: CALL documentdb_api_internal.build_index_concurrently(2);"}
{"ts": "2026-04-10T23:59:40Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:40.453 UTC [32] LOG:  cron job 2 starting: CALL documentdb_api_internal.build_index_concurrently(1);"}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:38.470 UTC [32] LOG:  cron job 3 COMMAND completed: CALL "}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:38.457 UTC [32] LOG:  cron job 3 starting: CALL documentdb_api_internal.build_index_concurrently(2);"}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:38.456 UTC [32] LOG:  cron job 2 COMMAND completed: CALL "}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:38.443 UTC [32] LOG:  cron job 2 starting: CALL documentdb_api_internal.build_index_concurrently(1);"}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:36.458 UTC [32] LOG:  cron job 3 COMMAND completed: CALL "}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:36.446 UTC [32] LOG:  cron job 3 starting: CALL documentdb_api_internal.build_index_concurrently(2);"}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:36.445 UTC [32] LOG:  cron job 2 COMMAND completed: CALL "}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:36.432 UTC [32] LOG:  cron job 2 starting: CALL documentdb_api_internal.build_index_concurrently(1);"}
{"ts": "2026-04-10T23:59:34Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:34.449 UTC [32] LOG:  cron job 3 COMMAND completed: CALL "}
{"ts": "2026-04-10T23:59:34Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:34.436 UTC [32] LOG:  cron job 3 starting: CALL documentdb_api_internal.build_index_concurrently(2);"}
{"ts": "2026-04-10T23:59:34Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:34.434 UTC [32] LOG:  cron job 2 COMMAND completed: CALL "}
{"ts": "2026-04-10T23:59:34Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:34.421 UTC [32] LOG:  cron job 2 starting: CALL documentdb_api_internal.build_index_concurrently(1);"}
{"ts": "2026-04-10T23:59:32Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:32.440 UTC [32] LOG:  cron job 3 COMMAND completed: CALL "}
{"ts": "2026-04-10T23:59:32Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:32.427 UTC [32] LOG:  cron job 3 starting: CALL documentdb_api_internal.build_index_concurrently(2);"}
{"ts": "2026-04-10T23:59:32Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:32.425 UTC [32] LOG:  cron job 2 COMMAND completed: CALL "}
{"ts": "2026-04-10T23:59:32Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:32.409 UTC [32] LOG:  cron job 2 starting: CALL documentdb_api_internal.build_index_concurrently(1);"}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:30.431 UTC [32] LOG:  cron job 3 COMMAND completed: CALL "}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:30.416 UTC [32] LOG:  cron job 3 starting: CALL documentdb_api_internal.build_index_concurrently(2);"}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:30.411 UTC [32] LOG:  cron job 2 COMMAND completed: CALL "}
{"ts": "2026-04-10T23:59:30Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:30.397 UTC [32] LOG:  cron job 2 starting: CALL documentdb_api_internal.build_index_concurrently(1);"}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:28.419 UTC [32] LOG:  cron job 3 COMMAND completed: CALL "}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:28.406 UTC [32] LOG:  cron job 2 COMMAND completed: CALL "}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:28.402 UTC [32] LOG:  cron job 3 starting: CALL documentdb_api_internal.build_index_concurrently(2);"}
{"ts": "2026-04-10T23:59:28Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:28.387 UTC [32] LOG:  cron job 2 starting: CALL documentdb_api_internal.build_index_concurrently(1);"}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:26.404 UTC [32] LOG:  cron job 3 COMMAND completed: CALL "}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:26.392 UTC [32] LOG:  cron job 3 starting: CALL documentdb_api_internal.build_index_concurrently(2);"}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:26.390 UTC [32] LOG:  cron job 2 COMMAND completed: CALL "}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:26.377 UTC [32] LOG:  cron job 2 starting: CALL documentdb_api_internal.build_index_concurrently(1);"}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:24.396 UTC [32] LOG:  cron job 3 COMMAND completed: CALL "}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:24.383 UTC [32] LOG:  cron job 3 starting: CALL documentdb_api_internal.build_index_concurrently(2);"}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:24.379 UTC [32] LOG:  cron job 2 COMMAND completed: CALL "}
{"ts": "2026-04-10T23:59:24Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:24.367 UTC [32] LOG:  cron job 2 starting: CALL documentdb_api_internal.build_index_concurrently(1);"}
{"ts": "2026-04-10T23:59:22Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:22.386 UTC [32] LOG:  cron job 3 COMMAND completed: CALL "}
{"ts": "2026-04-10T23:59:22Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:22.372 UTC [32] LOG:  cron job 3 starting: CALL documentdb_api_internal.build_index_concurrently(2);"}
{"ts": "2026-04-10T23:59:22Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:22.370 UTC [32] LOG:  cron job 2 COMMAND completed: CALL "}
{"ts": "2026-04-10T23:59:22Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:22.356 UTC [32] LOG:  cron job 2 starting: CALL documentdb_api_internal.build_index_concurrently(1);"}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:20.375 UTC [32] LOG:  cron job 3 COMMAND completed: CALL "}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:20.360 UTC [32] LOG:  cron job 2 COMMAND completed: CALL "}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:20.356 UTC [32] LOG:  cron job 3 starting: CALL documentdb_api_internal.build_index_concurrently(2);"}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:20.344 UTC [32] LOG:  cron job 2 starting: CALL documentdb_api_internal.build_index_concurrently(1);"}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:18.358 UTC [32] LOG:  cron job 3 COMMAND completed: CALL "}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:18.347 UTC [32] LOG:  cron job 2 COMMAND completed: CALL "}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:18.345 UTC [32] LOG:  cron job 3 starting: CALL documentdb_api_internal.build_index_concurrently(2);"}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-10 23:59:18.334 UTC [32] LOG:  cron job 2 starting: CALL documentdb_api_internal.build_index_concurrently(1);"}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:56.832Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"hello\",\"duration\":\"102.023\u00b5s\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:56.163Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"4.033063ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:56.162Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.912311ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:56.162Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.329119ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:56.162Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.267275ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:56.162Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.390083ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:56.162Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.597153ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:56.162Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.695142ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:56.161Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.14181ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:56.161Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.343232ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:56.160Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.715673ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:56.160Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.665067ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:56.160Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.269415ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:56.159Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.728928ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:56.159Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.267984ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:56.159Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.208763ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:56.159Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.346482ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:56.158Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.836429ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:56.158Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.057173ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:56.158Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.081873ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:56.158Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.801965ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:56.158Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.623157ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:51Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:51.156Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.885278ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:51Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:51.156Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.178257ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:51Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:51.155Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.25921ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:51Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:51.154Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.358263ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:51Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:51.155Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.274144ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:51Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:51.155Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.422446ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:51Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:51.154Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.489238ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:51Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:51.154Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.150885ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:51Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:51.154Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.960905ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:51Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:51.154Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.552498ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:51Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:51.153Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.028053ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:51Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:51.153Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.532757ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:51Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:51.153Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.594409ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:51Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:51.152Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.073438ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:51Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:51.152Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.514508ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:51Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:51.152Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.909209ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:51Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:51.151Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.95338ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:51Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:51.151Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.24595ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:51Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:51.151Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.710942ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:51Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:51.151Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.874372ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:51Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:51.151Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.663757ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:46.830Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"hello\",\"duration\":\"155.475\u00b5s\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:46.157Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.078904ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:46.156Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.830168ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:46.156Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.715828ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:46.156Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.980541ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:46.155Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.494277ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:46.155Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.483627ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:46.155Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.239892ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:46.153Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.824073ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:46.153Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.503758ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:46.152Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.915811ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:46.151Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.194425ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:46.151Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.823847ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:46.151Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.899203ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:46.151Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.989637ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:46.151Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.829297ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:46.151Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.361123ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:46.150Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.96044ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:46.148Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.210278ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:46.148Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.018428ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:46.149Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.554468ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:46.148Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.211491ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:42Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:42.771Z\tINFO\tclientconn/listener.go:322\tConnection stopped\t{\"conn\":\"127.0.0.1:50536 -> 127.0.0.1:27017\",\"name\":\"listener\"}"}
{"ts": "2026-04-10T23:59:42Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:42.770Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"ping\",\"duration\":\"1.146135ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:42Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:42.769Z\tINFO\tclientconn/listener.go:316\tConnection started\t{\"conn\":\"127.0.0.1:50536 -> 127.0.0.1:27017\",\"name\":\"listener\"}"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:41.147Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"4.94445ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:41.148Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"5.122568ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:41.147Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"4.456802ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:41.147Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.277405ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:41.147Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"4.409049ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:41.147Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"5.888159ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:41.147Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"4.221794ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:41.147Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.823706ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:41.146Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.509395ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:41.146Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"4.182279ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:41.145Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"4.59335ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:41.145Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.982239ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:41.145Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"5.08932ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:41.145Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.91466ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:41.145Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.045531ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:41.143Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.362664ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:41.143Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.371085ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:41.143Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.397676ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:41.142Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.675442ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:41.142Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.530007ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:41.142Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.232308ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:39.199Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.058649ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:39.194Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"find\",\"duration\":\"853.866\u00b5s\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:39.192Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"find\",\"duration\":\"1.135135ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:39.188Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"find\",\"duration\":\"1.044352ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:39.185Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"find\",\"duration\":\"846.087\u00b5s\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:39.182Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"find\",\"duration\":\"1.028952ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:39.179Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"find\",\"duration\":\"1.279678ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:39.175Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.607484ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:38.794Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.243276ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:38.790Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"find\",\"duration\":\"1.024307ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:38Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:38.787Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.048094ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:36.828Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"hello\",\"duration\":\"84.682\u00b5s\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:36.153Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.043462ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:36.152Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.340527ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:36.149Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"6.600961ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:36.147Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.152366ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:36.147Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"6.817049ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:36.146Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.995583ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:36.146Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.988371ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:36.146Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.836876ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:36.145Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.144017ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:36.145Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.780465ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:36.145Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.843776ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:36.145Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"976.56\u00b5s\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:36.145Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.163526ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:36.144Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"918.159\u00b5s\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:36.144Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.740126ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:36.143Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.527857ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:36.143Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.770195ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:36.143Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.745583ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:36.143Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.138656ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:36.143Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.350941ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:36.143Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.231548ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:36.142Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.725554ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:36.142Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.517897ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:31Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:31.143Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.386645ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:31Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:31.142Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.570789ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:31Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:31.142Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.61781ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:31Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:31.142Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.510057ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:31Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:31.142Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.548438ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:31Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:31.142Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.756494ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:31Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:31.141Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.93974ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:31Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:31.140Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.482365ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:31Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:31.139Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.438764ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:31Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:31.139Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.637861ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:31Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:31.140Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"993.471\u00b5s\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:31Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:31.140Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"754.613\u00b5s\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:31Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:31.140Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.60489ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:31Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:31.139Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.734692ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:31Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:31.139Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.243879ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:31Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:31.138Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.00306ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:31Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:31.136Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.419513ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:31Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:31.136Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.653062ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:31Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:31.136Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.484046ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:31Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:31.136Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.914569ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:31Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:31.136Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.745244ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:26.826Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"hello\",\"duration\":\"85.442\u00b5s\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:26.141Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.397854ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:26.140Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.992842ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:26.140Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.561119ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:26.139Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"960.412\u00b5s\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:26.139Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.532067ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:26.139Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.292151ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:26.138Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.721944ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:26.138Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.179239ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:26.138Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.213814ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:26.138Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.251792ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:26.138Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.688863ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:26.138Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.824389ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:26.138Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.314452ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:26.137Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.969811ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:26.136Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.206408ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:26.136Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.841826ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:26.135Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.068622ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:26.135Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.172967ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:26.135Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.546271ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:26.135Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.783494ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:26.135Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.972331ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:21Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:21.134Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.668681ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:21Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:21.134Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.176226ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:21Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:21.134Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"897.757\u00b5s\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:21Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:21.134Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.404433ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:21Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:21.133Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.015812ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:21Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:21.133Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.681062ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:21Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:21.133Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.338162ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:21Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:21.133Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.915621ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:21Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:21.133Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.700522ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:21Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:21.133Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.548589ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:21Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:21.133Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.332351ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:21Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:21.132Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.38443ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:21Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:21.132Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.762595ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:21Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:21.132Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.338132ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:21Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:21.131Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.594859ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:21Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:21.130Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.364022ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:21Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:21.131Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.62123ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:21Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:21.130Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.61837ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:21Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:21.131Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.796854ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:21Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:21.131Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.436405ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:21Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-10T23:59:21.130Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.764734ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-10T23:59:21Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-grafana-1", "detected_level": "info", "service_name": "/prometheus-holding-grafana-1"}, "msg": "logger=ngalert.sender.router rule_uid=ffd10vkgv6xvke org_id=1 t=2026-04-10T23:59:21.783469017Z level=info msg=\"Sending alerts to local notifier\" count=1"}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-grafana-1", "detected_level": "info", "service_name": "/prometheus-holding-grafana-1"}, "msg": "logger=ngalert.sender.router rule_uid=ffd10vhdvpcsgb org_id=1 t=2026-04-10T23:59:20.705836525Z level=info msg=\"Sending alerts to local notifier\" count=1"}
{"ts": "2026-04-10T23:59:19Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-grafana-1", "detected_level": "info", "service_name": "/prometheus-holding-grafana-1"}, "msg": "logger=ngalert.sender.router rule_uid=efd10vjayw934f org_id=1 t=2026-04-10T23:59:19.643127754Z level=info msg=\"Sending alerts to local notifier\" count=1"}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-grafana-1", "detected_level": "info", "service_name": "/prometheus-holding-grafana-1"}, "msg": "logger=ngalert.sender.router rule_uid=efd10vi287q4gc org_id=1 t=2026-04-10T23:59:18.844943654Z level=info msg=\"Sending alerts to local notifier\" count=1"}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-grafana-1", "detected_level": "info", "service_name": "/prometheus-holding-grafana-1"}, "msg": "logger=ngalert.sender.router rule_uid=dfd10vlfjs6psa org_id=1 t=2026-04-10T23:59:18.150919571Z level=info msg=\"Sending alerts to local notifier\" count=1"}
{"ts": "2026-04-10T23:59:21Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-grafana-1", "detected_level": "error", "service_name": "/prometheus-holding-grafana-1"}, "msg": "logger=ngalert.scheduler rule_uid=ffd10vkgv6xvke org_id=1 version=1 fingerprint=99a002851c21c2da now=2026-04-10T23:59:10Z traceID=964c87badc93278a417b02f6535a0c87 rule_uid=ffd10vkgv6xvke org_id=1 t=2026-04-10T23:59:21.775811402Z level=error msg=\"Failed to build rule evaluator\" error=\"failed to build query 'A': data source not found\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-grafana-1", "detected_level": "error", "service_name": "/prometheus-holding-grafana-1"}, "msg": "logger=ngalert.scheduler rule_uid=ffd10vhdvpcsgb org_id=1 version=1 fingerprint=13e71251a4364f0a now=2026-04-10T23:59:10Z traceID=93f067be1ad2ab4b3887a5ecae9194b7 rule_uid=ffd10vhdvpcsgb org_id=1 t=2026-04-10T23:59:20.699029208Z level=error msg=\"Failed to build rule evaluator\" error=\"failed to build query 'A': data source not found\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-grafana-1", "detected_level": "error", "service_name": "/prometheus-holding-grafana-1"}, "msg": "logger=ngalert.scheduler rule_uid=ffd10vkgv6xvke org_id=1 version=1 fingerprint=99a002851c21c2da now=2026-04-10T23:59:10Z traceID=256b82843cce05e433924df4430987f3 rule_uid=ffd10vkgv6xvke org_id=1 t=2026-04-10T23:59:20.12525253Z level=error msg=\"Failed to evaluate rule\" attempt=2 max_attempts=3 next_attempt_in=1.648406551s error=\"server side expressions pipeline returned an error: failed to build query 'A': data source not found\""}
{"ts": "2026-04-10T23:59:20Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-grafana-1", "detected_level": "error", "service_name": "/prometheus-holding-grafana-1"}, "msg": "logger=ngalert.scheduler rule_uid=ffd10vkgv6xvke org_id=1 version=1 fingerprint=99a002851c21c2da now=2026-04-10T23:59:10Z traceID=256b82843cce05e433924df4430987f3 rule_uid=ffd10vkgv6xvke org_id=1 t=2026-04-10T23:59:20.125166608Z level=error msg=\"Failed to build rule evaluator\" error=\"failed to build query 'A': data source not found\""}
{"ts": "2026-04-10T23:59:19Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-grafana-1", "detected_level": "error", "service_name": "/prometheus-holding-grafana-1"}, "msg": "logger=ngalert.scheduler rule_uid=efd10vjayw934f org_id=1 version=1 fingerprint=5f12d71bd4a98f4f now=2026-04-10T23:59:10Z traceID=724792c607f6fde3f30ca03f6617ad3b rule_uid=efd10vjayw934f org_id=1 t=2026-04-10T23:59:19.635281453Z level=error msg=\"Failed to build rule evaluator\" error=\"failed to build query 'A': data source not found\""}
{"ts": "2026-04-10T23:59:19Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-grafana-1", "detected_level": "error", "service_name": "/prometheus-holding-grafana-1"}, "msg": "logger=ngalert.scheduler rule_uid=ffd10vhdvpcsgb org_id=1 version=1 fingerprint=13e71251a4364f0a now=2026-04-10T23:59:10Z traceID=3808b1775fcbf9ade0c32c74f113af90 rule_uid=ffd10vhdvpcsgb org_id=1 t=2026-04-10T23:59:19.226950638Z level=error msg=\"Failed to evaluate rule\" attempt=2 max_attempts=3 next_attempt_in=1.470553798s error=\"server side expressions pipeline returned an error: failed to build query 'A': data source not found\""}
{"ts": "2026-04-10T23:59:19Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-grafana-1", "detected_level": "error", "service_name": "/prometheus-holding-grafana-1"}, "msg": "logger=ngalert.scheduler rule_uid=ffd10vhdvpcsgb org_id=1 version=1 fingerprint=13e71251a4364f0a now=2026-04-10T23:59:10Z traceID=3808b1775fcbf9ade0c32c74f113af90 rule_uid=ffd10vhdvpcsgb org_id=1 t=2026-04-10T23:59:19.226847164Z level=error msg=\"Failed to build rule evaluator\" error=\"failed to build query 'A': data source not found\""}
{"ts": "2026-04-10T23:59:19Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-grafana-1", "detected_level": "error", "service_name": "/prometheus-holding-grafana-1"}, "msg": "logger=ngalert.scheduler rule_uid=ffd10vkgv6xvke org_id=1 version=1 fingerprint=99a002851c21c2da now=2026-04-10T23:59:10Z traceID=dac4eb9dff4d211ee6fb89042ca32b94 rule_uid=ffd10vkgv6xvke org_id=1 t=2026-04-10T23:59:19.094750463Z level=error msg=\"Failed to evaluate rule\" attempt=1 max_attempts=3 next_attempt_in=1.028488996s error=\"server side expressions pipeline returned an error: failed to build query 'A': data source not found\""}
{"ts": "2026-04-10T23:59:19Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-grafana-1", "detected_level": "error", "service_name": "/prometheus-holding-grafana-1"}, "msg": "logger=ngalert.scheduler rule_uid=ffd10vkgv6xvke org_id=1 version=1 fingerprint=99a002851c21c2da now=2026-04-10T23:59:10Z traceID=dac4eb9dff4d211ee6fb89042ca32b94 rule_uid=ffd10vkgv6xvke org_id=1 t=2026-04-10T23:59:19.094610298Z level=error msg=\"Failed to build rule evaluator\" error=\"failed to build query 'A': data source not found\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-grafana-1", "detected_level": "error", "service_name": "/prometheus-holding-grafana-1"}, "msg": "logger=ngalert.scheduler rule_uid=efd10vi287q4gc org_id=1 version=1 fingerprint=57ee27c9c77e1827 now=2026-04-10T23:59:10Z traceID=568167dd73f4e4e3346a1519bc5238fd rule_uid=efd10vi287q4gc org_id=1 t=2026-04-10T23:59:18.835084005Z level=error msg=\"Failed to build rule evaluator\" error=\"failed to build query 'A': data source not found\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-grafana-1", "detected_level": "error", "service_name": "/prometheus-holding-grafana-1"}, "msg": "logger=ngalert.scheduler rule_uid=efd10vjayw934f org_id=1 version=1 fingerprint=5f12d71bd4a98f4f now=2026-04-10T23:59:10Z traceID=09cf4179cbc4c78537018f1ef96608b5 rule_uid=efd10vjayw934f org_id=1 t=2026-04-10T23:59:18.270051999Z level=error msg=\"Failed to evaluate rule\" attempt=2 max_attempts=3 next_attempt_in=1.363636463s error=\"server side expressions pipeline returned an error: failed to build query 'A': data source not found\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-grafana-1", "detected_level": "error", "service_name": "/prometheus-holding-grafana-1"}, "msg": "logger=ngalert.scheduler rule_uid=efd10vjayw934f org_id=1 version=1 fingerprint=5f12d71bd4a98f4f now=2026-04-10T23:59:10Z traceID=09cf4179cbc4c78537018f1ef96608b5 rule_uid=efd10vjayw934f org_id=1 t=2026-04-10T23:59:18.269965297Z level=error msg=\"Failed to build rule evaluator\" error=\"failed to build query 'A': data source not found\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-grafana-1", "detected_level": "error", "service_name": "/prometheus-holding-grafana-1"}, "msg": "logger=ngalert.scheduler rule_uid=ffd10vhdvpcsgb org_id=1 version=1 fingerprint=13e71251a4364f0a now=2026-04-10T23:59:10Z traceID=8a9c153b49648a905448f271bbd840dc rule_uid=ffd10vhdvpcsgb org_id=1 t=2026-04-10T23:59:18.184766711Z level=error msg=\"Failed to evaluate rule\" attempt=1 max_attempts=3 next_attempt_in=1.040824161s error=\"server side expressions pipeline returned an error: failed to build query 'A': data source not found\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-grafana-1", "detected_level": "error", "service_name": "/prometheus-holding-grafana-1"}, "msg": "logger=ngalert.scheduler rule_uid=ffd10vhdvpcsgb org_id=1 version=1 fingerprint=13e71251a4364f0a now=2026-04-10T23:59:10Z traceID=8a9c153b49648a905448f271bbd840dc rule_uid=ffd10vhdvpcsgb org_id=1 t=2026-04-10T23:59:18.184653457Z level=error msg=\"Failed to build rule evaluator\" error=\"failed to build query 'A': data source not found\""}
{"ts": "2026-04-10T23:59:18Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-grafana-1", "detected_level": "error", "service_name": "/prometheus-holding-grafana-1"}, "msg": "logger=ngalert.scheduler rule_uid=dfd10vlfjs6psa org_id=1 version=1 fingerprint=79c8bd87c6a352eb now=2026-04-10T23:59:10Z traceID=38da5e077847d541488110b733418243 rule_uid=dfd10vlfjs6psa org_id=1 t=2026-04-10T23:59:18.144376051Z level=error msg=\"Failed to build rule evaluator\" error=\"failed to build query 'A': data source not found\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-grafana-1", "detected_level": "error", "service_name": "/prometheus-holding-grafana-1"}, "msg": "logger=ngalert.scheduler rule_uid=efd10vi287q4gc org_id=1 version=1 fingerprint=57ee27c9c77e1827 now=2026-04-10T23:59:10Z traceID=41ea7ba22a54f0ec3ac81afb85d303ac rule_uid=efd10vi287q4gc org_id=1 t=2026-04-10T23:59:17.444258773Z level=error msg=\"Failed to evaluate rule\" attempt=2 max_attempts=3 next_attempt_in=1.389268658s error=\"server side expressions pipeline returned an error: failed to build query 'A': data source not found\""}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-grafana-1", "detected_level": "error", "service_name": "/prometheus-holding-grafana-1"}, "msg": "logger=ngalert.scheduler rule_uid=efd10vi287q4gc org_id=1 version=1 fingerprint=57ee27c9c77e1827 now=2026-04-10T23:59:10Z traceID=41ea7ba22a54f0ec3ac81afb85d303ac rule_uid=efd10vi287q4gc org_id=1 t=2026-04-10T23:59:17.444155519Z level=error msg=\"Failed to build rule evaluator\" error=\"failed to build query 'A': data source not found\""}
{"ts": "2026-04-10T23:59:57Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-forgejo-1", "detected_level": "unknown", "service_name": "/prometheus-holding-forgejo-1"}, "msg": "2026/04/10 23:59:57 ...eb/routing/logger.go:102:func1() [I] router: completed POST /api/actions/runner.v1.RunnerService/FetchTask for 172.18.0.8:58012, 200 OK in 10.5ms @ <autogenerated>:1(http.Handler.ServeHTTP-fm)"}
{"ts": "2026-04-10T23:59:55Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-forgejo-1", "detected_level": "unknown", "service_name": "/prometheus-holding-forgejo-1"}, "msg": "2026/04/10 23:59:55 ...eb/routing/logger.go:102:func1() [I] router: completed POST /api/actions/runner.v1.RunnerService/FetchTask for 172.18.0.8:58012, 200 OK in 11.7ms @ <autogenerated>:1(http.Handler.ServeHTTP-fm)"}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-forgejo-1", "detected_level": "unknown", "service_name": "/prometheus-holding-forgejo-1"}, "msg": "2026/04/10 23:59:53 ...eb/routing/logger.go:102:func1() [I] router: completed POST /api/actions/runner.v1.RunnerService/FetchTask for 172.18.0.8:58012, 200 OK in 12.4ms @ <autogenerated>:1(http.Handler.ServeHTTP-fm)"}
{"ts": "2026-04-10T23:59:51Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-forgejo-1", "detected_level": "unknown", "service_name": "/prometheus-holding-forgejo-1"}, "msg": "2026/04/10 23:59:51 ...eb/routing/logger.go:102:func1() [I] router: completed POST /api/actions/runner.v1.RunnerService/FetchTask for 172.18.0.8:58012, 200 OK in 11.4ms @ <autogenerated>:1(http.Handler.ServeHTTP-fm)"}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-forgejo-1", "detected_level": "unknown", "service_name": "/prometheus-holding-forgejo-1"}, "msg": "2026/04/10 23:59:49 ...eb/routing/logger.go:102:func1() [I] router: completed POST /api/actions/runner.v1.RunnerService/FetchTask for 172.18.0.8:58012, 200 OK in 11.6ms @ <autogenerated>:1(http.Handler.ServeHTTP-fm)"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-forgejo-1", "detected_level": "unknown", "service_name": "/prometheus-holding-forgejo-1"}, "msg": "2026/04/10 23:59:47 ...eb/routing/logger.go:102:func1() [I] router: completed POST /api/actions/runner.v1.RunnerService/FetchTask for 172.18.0.8:58012, 200 OK in 11.3ms @ <autogenerated>:1(http.Handler.ServeHTTP-fm)"}
{"ts": "2026-04-10T23:59:45Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-forgejo-1", "detected_level": "unknown", "service_name": "/prometheus-holding-forgejo-1"}, "msg": "2026/04/10 23:59:45 ...eb/routing/logger.go:102:func1() [I] router: completed POST /api/actions/runner.v1.RunnerService/FetchTask for 172.18.0.8:58012, 200 OK in 11.3ms @ <autogenerated>:1(http.Handler.ServeHTTP-fm)"}
{"ts": "2026-04-10T23:59:43Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-forgejo-1", "detected_level": "unknown", "service_name": "/prometheus-holding-forgejo-1"}, "msg": "2026/04/10 23:59:43 ...eb/routing/logger.go:102:func1() [I] router: completed POST /api/actions/runner.v1.RunnerService/FetchTask for 172.18.0.8:58012, 200 OK in 10.7ms @ <autogenerated>:1(http.Handler.ServeHTTP-fm)"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-forgejo-1", "detected_level": "unknown", "service_name": "/prometheus-holding-forgejo-1"}, "msg": "2026/04/10 23:59:41 ...eb/routing/logger.go:102:func1() [I] router: completed POST /api/actions/runner.v1.RunnerService/FetchTask for 172.18.0.8:58012, 200 OK in 11.2ms @ <autogenerated>:1(http.Handler.ServeHTTP-fm)"}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-forgejo-1", "detected_level": "unknown", "service_name": "/prometheus-holding-forgejo-1"}, "msg": "2026/04/10 23:59:39 ...eb/routing/logger.go:102:func1() [I] router: completed POST /api/actions/runner.v1.RunnerService/FetchTask for 172.18.0.8:58012, 200 OK in 12.7ms @ <autogenerated>:1(http.Handler.ServeHTTP-fm)"}
{"ts": "2026-04-10T23:59:37Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-forgejo-1", "detected_level": "unknown", "service_name": "/prometheus-holding-forgejo-1"}, "msg": "2026/04/10 23:59:37 ...eb/routing/logger.go:102:func1() [I] router: completed POST /api/actions/runner.v1.RunnerService/FetchTask for 172.18.0.8:58012, 200 OK in 12.4ms @ <autogenerated>:1(http.Handler.ServeHTTP-fm)"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-forgejo-1", "detected_level": "unknown", "service_name": "/prometheus-holding-forgejo-1"}, "msg": "2026/04/10 23:59:35 ...eb/routing/logger.go:102:func1() [I] router: completed POST /api/actions/runner.v1.RunnerService/FetchTask for 172.18.0.8:58012, 200 OK in 10.9ms @ <autogenerated>:1(http.Handler.ServeHTTP-fm)"}
{"ts": "2026-04-10T23:59:33Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-forgejo-1", "detected_level": "unknown", "service_name": "/prometheus-holding-forgejo-1"}, "msg": "2026/04/10 23:59:33 ...eb/routing/logger.go:102:func1() [I] router: completed POST /api/actions/runner.v1.RunnerService/FetchTask for 172.18.0.8:58012, 200 OK in 11.4ms @ <autogenerated>:1(http.Handler.ServeHTTP-fm)"}
{"ts": "2026-04-10T23:59:31Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-forgejo-1", "detected_level": "unknown", "service_name": "/prometheus-holding-forgejo-1"}, "msg": "2026/04/10 23:59:31 ...eb/routing/logger.go:102:func1() [I] router: completed POST /api/actions/runner.v1.RunnerService/FetchTask for 172.18.0.8:58012, 200 OK in 11.4ms @ <autogenerated>:1(http.Handler.ServeHTTP-fm)"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-forgejo-1", "detected_level": "unknown", "service_name": "/prometheus-holding-forgejo-1"}, "msg": "2026/04/10 23:59:29 ...eb/routing/logger.go:102:func1() [I] router: completed POST /api/actions/runner.v1.RunnerService/FetchTask for 172.18.0.8:58012, 200 OK in 11.3ms @ <autogenerated>:1(http.Handler.ServeHTTP-fm)"}
{"ts": "2026-04-10T23:59:27Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-forgejo-1", "detected_level": "unknown", "service_name": "/prometheus-holding-forgejo-1"}, "msg": "2026/04/10 23:59:27 ...eb/routing/logger.go:102:func1() [I] router: completed POST /api/actions/runner.v1.RunnerService/FetchTask for 172.18.0.8:58012, 200 OK in 11.0ms @ <autogenerated>:1(http.Handler.ServeHTTP-fm)"}
{"ts": "2026-04-10T23:59:25Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-forgejo-1", "detected_level": "unknown", "service_name": "/prometheus-holding-forgejo-1"}, "msg": "2026/04/10 23:59:25 ...eb/routing/logger.go:102:func1() [I] router: completed POST /api/actions/runner.v1.RunnerService/FetchTask for 172.18.0.8:58012, 200 OK in 12.4ms @ <autogenerated>:1(http.Handler.ServeHTTP-fm)"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-forgejo-1", "detected_level": "unknown", "service_name": "/prometheus-holding-forgejo-1"}, "msg": "2026/04/10 23:59:23 ...eb/routing/logger.go:102:func1() [I] router: completed POST /api/actions/runner.v1.RunnerService/FetchTask for 172.18.0.8:58012, 200 OK in 12.9ms @ <autogenerated>:1(http.Handler.ServeHTTP-fm)"}
{"ts": "2026-04-10T23:59:21Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-forgejo-1", "detected_level": "unknown", "service_name": "/prometheus-holding-forgejo-1"}, "msg": "2026/04/10 23:59:21 ...eb/routing/logger.go:102:func1() [I] router: completed POST /api/actions/runner.v1.RunnerService/FetchTask for 172.18.0.8:58012, 200 OK in 10.6ms @ <autogenerated>:1(http.Handler.ServeHTTP-fm)"}
{"ts": "2026-04-10T23:59:19Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-forgejo-1", "detected_level": "unknown", "service_name": "/prometheus-holding-forgejo-1"}, "msg": "2026/04/10 23:59:19 ...eb/routing/logger.go:102:func1() [I] router: completed POST /api/actions/runner.v1.RunnerService/FetchTask for 172.18.0.8:58012, 200 OK in 11.9ms @ <autogenerated>:1(http.Handler.ServeHTTP-fm)"}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-erpnext-frontend-1", "detected_level": "unknown", "service_name": "/prometheus-holding-erpnext-frontend-1"}, "msg": "127.0.0.1 - - [10/Apr/2026:23:59:39 +0000] \"GET /api/method/ping HTTP/1.1\" 200 18 \"-\" \"curl/7.88.1\""}
{"ts": "2026-04-10T23:59:49Z", "labels": {"cluster": "docker-compose", "container": "/crowdsec", "detected_level": "info", "service_name": "/crowdsec"}, "msg": "time=\"2026-04-10T23:59:49Z\" level=info msg=\"172.18.0.1 - [Fri, 10 Apr 2026 23:59:49 UTC] \\\"GET /v1/decisions/stream?additional_pull=false&community_pull=false HTTP/1.1 200 12.009974ms \\\"crowdsec-firewall-bouncer/v0.0.34-debian-pragmatic-amd64-4144555453620958398aee64253dfd90bbc1f698\\\" \\\"\""}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "container": "/crowdsec", "detected_level": "info", "service_name": "/crowdsec"}, "msg": "time=\"2026-04-10T23:59:39Z\" level=info msg=\"172.18.0.1 - [Fri, 10 Apr 2026 23:59:39 UTC] \\\"GET /v1/decisions/stream?additional_pull=false&community_pull=false HTTP/1.1 200 12.796093ms \\\"crowdsec-firewall-bouncer/v0.0.34-debian-pragmatic-amd64-4144555453620958398aee64253dfd90bbc1f698\\\" \\\"\""}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/crowdsec", "detected_level": "info", "service_name": "/crowdsec"}, "msg": "time=\"2026-04-10T23:59:29Z\" level=info msg=\"172.18.0.1 - [Fri, 10 Apr 2026 23:59:29 UTC] \\\"GET /v1/decisions/stream?additional_pull=false&community_pull=false HTTP/1.1 200 10.042179ms \\\"crowdsec-firewall-bouncer/v0.0.34-debian-pragmatic-amd64-4144555453620958398aee64253dfd90bbc1f698\\\" \\\"\""}
{"ts": "2026-04-10T23:59:19Z", "labels": {"cluster": "docker-compose", "container": "/crowdsec", "detected_level": "info", "service_name": "/crowdsec"}, "msg": "time=\"2026-04-10T23:59:19Z\" level=info msg=\"172.18.0.1 - [Fri, 10 Apr 2026 23:59:19 UTC] \\\"GET /v1/decisions/stream?additional_pull=false&community_pull=false HTTP/1.1 200 11.143022ms \\\"crowdsec-firewall-bouncer/v0.0.34-debian-pragmatic-amd64-4144555453620958398aee64253dfd90bbc1f698\\\" \\\"\""}
{"ts": "2026-04-10T23:59:53Z", "labels": {"cluster": "docker-compose", "container": "/apex-windmill-worker", "detected_level": "info", "service_name": "/apex-windmill-worker"}, "msg": "\u001b[2m2026-04-10T23:59:53.615482Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2mwindmill-worker/src/worker_utils.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m90\u001b[0m\u001b[2m:\u001b[0m ping update, memory: container=119MB, windmill=29MB, db_latency=2ms \u001b[3mworker\u001b[0m\u001b[2m=\u001b[0mwk-default-6852850569bd-CU0zu \u001b[3mhostname\u001b[0m\u001b[2m=\u001b[0m6852850569bd"}
{"ts": "2026-04-10T23:59:47Z", "labels": {"cluster": "docker-compose", "container": "/apex-windmill-worker", "detected_level": "info", "service_name": "/apex-windmill-worker"}, "msg": "\u001b[2m2026-04-10T23:59:47.554730Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2mwindmill-worker/src/worker_utils.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m90\u001b[0m\u001b[2m:\u001b[0m ping update, memory: container=118MB, windmill=29MB, db_latency=2ms \u001b[3mworker\u001b[0m\u001b[2m=\u001b[0mwk-default-6852850569bd-CU0zu \u001b[3mhostname\u001b[0m\u001b[2m=\u001b[0m6852850569bd"}
{"ts": "2026-04-10T23:59:41Z", "labels": {"cluster": "docker-compose", "container": "/apex-windmill-worker", "detected_level": "info", "service_name": "/apex-windmill-worker"}, "msg": "\u001b[2m2026-04-10T23:59:41.497895Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2mwindmill-worker/src/worker_utils.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m90\u001b[0m\u001b[2m:\u001b[0m ping update, memory: container=119MB, windmill=29MB, db_latency=2ms \u001b[3mworker\u001b[0m\u001b[2m=\u001b[0mwk-default-6852850569bd-CU0zu \u001b[3mhostname\u001b[0m\u001b[2m=\u001b[0m6852850569bd"}
{"ts": "2026-04-10T23:59:35Z", "labels": {"cluster": "docker-compose", "container": "/apex-windmill-worker", "detected_level": "info", "service_name": "/apex-windmill-worker"}, "msg": "\u001b[2m2026-04-10T23:59:35.480771Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2mwindmill-worker/src/worker_utils.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m90\u001b[0m\u001b[2m:\u001b[0m ping update, memory: container=118MB, windmill=29MB, db_latency=2ms \u001b[3mworker\u001b[0m\u001b[2m=\u001b[0mwk-default-6852850569bd-CU0zu \u001b[3mhostname\u001b[0m\u001b[2m=\u001b[0m6852850569bd"}
{"ts": "2026-04-10T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/apex-windmill-worker", "detected_level": "info", "service_name": "/apex-windmill-worker"}, "msg": "\u001b[2m2026-04-10T23:59:29.462223Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2mwindmill-worker/src/worker_utils.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m90\u001b[0m\u001b[2m:\u001b[0m ping update, memory: container=119MB, windmill=29MB, db_latency=1ms \u001b[3mworker\u001b[0m\u001b[2m=\u001b[0mwk-default-6852850569bd-CU0zu \u001b[3mhostname\u001b[0m\u001b[2m=\u001b[0m6852850569bd"}
{"ts": "2026-04-10T23:59:23Z", "labels": {"cluster": "docker-compose", "container": "/apex-windmill-worker", "detected_level": "info", "service_name": "/apex-windmill-worker"}, "msg": "\u001b[2m2026-04-10T23:59:23.446163Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2mwindmill-worker/src/worker_utils.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m90\u001b[0m\u001b[2m:\u001b[0m ping update, memory: container=118MB, windmill=29MB, db_latency=2ms \u001b[3mworker\u001b[0m\u001b[2m=\u001b[0mwk-default-6852850569bd-CU0zu \u001b[3mhostname\u001b[0m\u001b[2m=\u001b[0m6852850569bd"}
{"ts": "2026-04-10T23:59:17Z", "labels": {"cluster": "docker-compose", "container": "/apex-windmill-worker", "detected_level": "info", "service_name": "/apex-windmill-worker"}, "msg": "\u001b[2m2026-04-10T23:59:17.379228Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2mwindmill-worker/src/worker_utils.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m90\u001b[0m\u001b[2m:\u001b[0m ping update, memory: container=119MB, windmill=29MB, db_latency=3ms \u001b[3mworker\u001b[0m\u001b[2m=\u001b[0mwk-default-6852850569bd-CU0zu \u001b[3mhostname\u001b[0m\u001b[2m=\u001b[0m6852850569bd"}
{"ts": "2026-04-10T23:59:56Z", "labels": {"cluster": "docker-compose", "container": "/apex-windmill-server", "detected_level": "info", "service_name": "/apex-windmill-server"}, "msg": "\u001b[2m2026-04-10T23:59:56.671352Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2mwindmill-api/src/health.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m368\u001b[0m\u001b[2m:\u001b[0m health check completed \u001b[3mstatus\u001b[0m\u001b[2m=\u001b[0m\"healthy\" \u001b[3mdatabase_healthy\u001b[0m\u001b[2m=\u001b[0mtrue \u001b[3mworkers_alive\u001b[0m\u001b[2m=\u001b[0m1"}
{"ts": "2026-04-10T23:59:46Z", "labels": {"cluster": "docker-compose", "container": "/apex-windmill-server", "detected_level": "info", "service_name": "/apex-windmill-server"}, "msg": "\u001b[2m2026-04-10T23:59:46.671062Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2mwindmill-api/src/health.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m368\u001b[0m\u001b[2m:\u001b[0m health check completed \u001b[3mstatus\u001b[0m\u001b[2m=\u001b[0m\"healthy\" \u001b[3mdatabase_healthy\u001b[0m\u001b[2m=\u001b[0mtrue \u001b[3mworkers_alive\u001b[0m\u001b[2m=\u001b[0m1"}
{"ts": "2026-04-10T23:59:39Z", "labels": {"cluster": "docker-compose", "container": "/apex-windmill-server", "detected_level": "info", "service_name": "/apex-windmill-server"}, "msg": "\u001b[2m2026-04-10T23:59:39.468636Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2msrc/monitor.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m632\u001b[0m\u001b[2m:\u001b[0m 201.03763580322266 mb allocated/239.390625 mb resident"}
{"ts": "2026-04-10T23:59:36Z", "labels": {"cluster": "docker-compose", "container": "/apex-windmill-server", "detected_level": "info", "service_name": "/apex-windmill-server"}, "msg": "\u001b[2m2026-04-10T23:59:36.670544Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2mwindmill-api/src/health.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m368\u001b[0m\u001b[2m:\u001b[0m health check completed \u001b[3mstatus\u001b[0m\u001b[2m=\u001b[0m\"healthy\" \u001b[3mdatabase_healthy\u001b[0m\u001b[2m=\u001b[0mtrue \u001b[3mworkers_alive\u001b[0m\u001b[2m=\u001b[0m1"}
{"ts": "2026-04-10T23:59:26Z", "labels": {"cluster": "docker-compose", "container": "/apex-windmill-server", "detected_level": "info", "service_name": "/apex-windmill-server"}, "msg": "\u001b[2m2026-04-10T23:59:26.671033Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2mwindmill-api/src/health.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m368\u001b[0m\u001b[2m:\u001b[0m health check completed \u001b[3mstatus\u001b[0m\u001b[2m=\u001b[0m\"healthy\" \u001b[3mdatabase_healthy\u001b[0m\u001b[2m=\u001b[0mtrue \u001b[3mworkers_alive\u001b[0m\u001b[2m=\u001b[0m1"}