{"ts": "2026-04-19T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643198.752:6458240): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643198.752:6458240): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643198.752:6458240): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643198.752:6458240): cwd=\"/var/lib/docker/rootfs/overlayfs/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41\""}
{"ts": "2026-04-19T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643198.752:6458240): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643198.752:6458240): arch=c000003e syscall=59 success=yes exit=0 a0=c0001cf8a0 a1=c0001d3350 a2=c0001d5c80 a3=0 items=2 ppid=1271521 pid=1271530 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643198.735:6458239): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36373039376639343730643235616536323333306332373865"}
{"ts": "2026-04-19T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643198.735:6458239): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643198.735:6458239): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643198.735:6458239): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41\""}
{"ts": "2026-04-19T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643198.735:6458239): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process875577289\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41/697b7af1f4ea9ecdc15dcbb2aafe94dc2918cf6fa265028a400541511689fa6c.pid\" a14=\"67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41\""}
{"ts": "2026-04-19T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643198.735:6458239): arch=c000003e syscall=59 success=yes exit=0 a0=c0003d4130 a1=c0002b0e00 a2=c0002b0e80 a3=0 items=2 ppid=5688 pid=1271521 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643198.544:6458238): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520646F63757365616C"}
{"ts": "2026-04-19T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643198.544:6458238): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:a3 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643198.544:6458238): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:a3 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643198.544:6458238): cwd=\"/\""}
{"ts": "2026-04-19T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643198.544:6458238): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"docuseal\""}
{"ts": "2026-04-19T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643198.544:6458238): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643198.544:6458238): arch=c000003e syscall=59 success=yes exit=0 a0=7f3d7df47288 a1=7f3d7df471e8 a2=7f3d7df47208 a3=0 items=2 ppid=5572 pid=1271514 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643198.540:6458237): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520646F63757365616C"}
{"ts": "2026-04-19T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643198.540:6458237): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:a3 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643198.540:6458237): item=0 name=\"/bin/sh\" inode=8589166 dev=00:a3 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643198.540:6458237): cwd=\"/\""}
{"ts": "2026-04-19T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643198.540:6458237): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520646F63757365616C"}
{"ts": "2026-04-19T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643198.540:6458237): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643198.540:6458237): arch=c000003e syscall=59 success=yes exit=0 a0=c000194f68 a1=c000022680 a2=c0000d88c0 a3=0 items=2 ppid=5572 pid=1271514 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643198.494:6458236): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643198.494:6458236): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643198.494:6458236): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643198.494:6458236): cwd=\"/var/lib/docker/rootfs/overlayfs/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a\""}
{"ts": "2026-04-19T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643198.494:6458236): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643198.494:6458236): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b840 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=1271502 pid=1271512 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643198.479:6458235): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F33363066643730616536656237636435653039353463653966"}
{"ts": "2026-04-19T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643198.479:6458235): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643198.479:6458235): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643198.479:6458235): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a\""}
{"ts": "2026-04-19T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643198.479:6458235): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process359090022\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a/eb311bb6c423c543b5874b04f58c6e7ad02fb1ba963ac9831478c5474fbca251.pid\" a14=\"360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a\""}
{"ts": "2026-04-19T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643198.479:6458235): arch=c000003e syscall=59 success=yes exit=0 a0=c0000115b0 a1=c000201400 a2=c000201480 a3=0 items=2 ppid=5572 pid=1271502 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643197.647:6458234): proctitle=6373636C69006D657472696373"}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643197.647:6458234): item=0 name=\"/usr/local/bin/cscli\" inode=7117508 dev=00:60 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643197.647:6458234): cwd=\"/\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643197.647:6458234): argc=2 a0=\"cscli\" a1=\"metrics\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643197.647:6458234): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643197.647:6458234): arch=c000003e syscall=59 success=yes exit=0 a0=c000027380 a1=c0000d7350 a2=c0000cb8f0 a3=0 items=1 ppid=1271472 pid=1271485 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cscli\" exe=\"/usr/local/bin/cscli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643197.602:6458233): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643197.602:6458233): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643197.602:6458233): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643197.602:6458233): cwd=\"/var/lib/docker/rootfs/overlayfs/6e240b3263a20143aa4d507e566bf8e51d46fe0f910bdfa8ddefa9a2f73124d3\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643197.602:6458233): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643197.602:6458233): arch=c000003e syscall=59 success=yes exit=0 a0=c0001eb840 a1=c0001ef338 a2=c0001f1c00 a3=0 items=2 ppid=1271472 pid=1271481 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643197.587:6458232): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36653234306233323633613230313433616134643530376535"}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643197.587:6458232): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643197.587:6458232): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643197.587:6458232): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e240b3263a20143aa4d507e566bf8e51d46fe0f910bdfa8ddefa9a2f73124d3\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643197.587:6458232): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e240b3263a20143aa4d507e566bf8e51d46fe0f910bdfa8ddefa9a2f73124d3/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1953541810\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e240b3263a20143aa4d507e566bf8e51d46fe0f910bdfa8ddefa9a2f73124d3/05414fd825857f665ca699d219c642efc09977ad38f3a7c0c9ed98d0ed3e62f2.pid\" a14=\"6e240b3263a20143aa4d507e566bf8e51d46fe0f910bdfa8ddefa9a2f73124d3\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643197.587:6458232): arch=c000003e syscall=59 success=yes exit=0 a0=c0000109b0 a1=c0001b3880 a2=c0001b3900 a3=0 items=2 ppid=5108 pid=1271472 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643197.530:6458231): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643197.530:6458231): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6694357 dev=00:4b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643197.530:6458231): item=0 name=\"/usr/local/bin/redis-cli\" inode=6703632 dev=00:4b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643197.530:6458231): cwd=\"/data\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643197.530:6458231): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643197.530:6458231): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643197.530:6458231): arch=c000003e syscall=59 success=yes exit=0 a0=c000028760 a1=c00009f350 a2=c0001651c0 a3=0 items=2 ppid=1271454 pid=1271466 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643197.485:6458230): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643197.485:6458230): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643197.485:6458230): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643197.485:6458230): cwd=\"/var/lib/docker/rootfs/overlayfs/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643197.485:6458230): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643197.485:6458230): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b830 a1=c00017f338 a2=c000201c00 a3=0 items=2 ppid=1271454 pid=1271464 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643197.470:6458229): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F34383062353761303034306362373564646534356436663664"}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643197.470:6458229): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643197.470:6458229): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643197.470:6458229): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643197.470:6458229): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process48050217\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af/076518c5a06a2bef78baff43b80b6a42c5109c9792133899114e3b69ea44f723.pid\" a14=\"480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643197.470:6458229): arch=c000003e syscall=59 success=yes exit=0 a0=c00034fbc0 a1=c00038d000 a2=c00038d080 a3=0 items=2 ppid=5107 pid=1271454 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643197.363:6458228): proctitle=2F62696E2F7368002D630070675F69737265616479202D552077696E646D696C6C5F75736572202D642077696E646D696C6C5F6462"}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643197.363:6458228): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643197.363:6458228): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643197.363:6458228): cwd=\"/\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643197.363:6458228): argc=5 a0=\"pg_isready\" a1=\"-U\" a2=\"windmill_user\" a3=\"-d\" a4=\"windmill_db\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643197.363:6458228): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643197.363:6458228): arch=c000003e syscall=59 success=yes exit=0 a0=7d49cb0fc3f8 a1=7d49cb0fc290 a2=7d49cb0fc378 a3=0 items=2 ppid=4404 pid=1271446 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643197.362:6458227): proctitle=2F62696E2F7368002D630070675F69737265616479202D552074797065626F74"}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643197.362:6458227): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:85 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643197.362:6458227): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:85 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643197.362:6458227): cwd=\"/\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643197.362:6458227): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"typebot\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643197.362:6458227): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643197.362:6458227): arch=c000003e syscall=59 success=yes exit=0 a0=75e0224c6278 a1=75e0224c61d8 a2=75e0224c61f8 a3=8080808080808080 items=2 ppid=4609 pid=1271432 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643197.359:6458226): proctitle=2F62696E2F7368002D630070675F69737265616479202D552077696E646D696C6C5F75736572202D642077696E646D696C6C5F6462"}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643197.359:6458226): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643197.359:6458226): item=0 name=\"/bin/sh\" inode=8589166 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643197.359:6458226): cwd=\"/\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643197.359:6458226): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552077696E646D696C6C5F75736572202D642077696E646D696C6C5F6462"}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643197.359:6458226): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643197.359:6458226): arch=c000003e syscall=59 success=yes exit=0 a0=c000194f68 a1=c000022680 a2=c0000d88c0 a3=0 items=2 ppid=1271413 pid=1271446 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643197.359:6458225): proctitle=2F62696E2F7368002D630070675F69737265616479202D552074797065626F74"}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643197.359:6458225): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:85 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643197.359:6458225): item=0 name=\"/bin/sh\" inode=8589166 dev=00:85 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643197.359:6458225): cwd=\"/\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643197.359:6458225): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552074797065626F74"}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643197.359:6458225): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643197.359:6458225): arch=c000003e syscall=59 success=yes exit=0 a0=c00017ef38 a1=c000022ac0 a2=c0000b48c0 a3=0 items=2 ppid=1271412 pid=1271432 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643197.315:6458224): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643197.315:6458224): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643197.315:6458224): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:11f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643197.315:6458224): cwd=\"/var/lib/docker/rootfs/overlayfs/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643197.315:6458224): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643197.315:6458224): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5890 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=1271413 pid=1271436 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643197.308:6458223): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643197.308:6458223): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643197.308:6458223): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643197.308:6458223): cwd=\"/var/lib/docker/rootfs/overlayfs/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643197.308:6458223): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643197.308:6458223): arch=c000003e syscall=59 success=yes exit=0 a0=c000173840 a1=c000177338 a2=c000179c80 a3=0 items=2 ppid=1271412 pid=1271427 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643197.299:6458222): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F32613336356335636263646565393463656638656238333338"}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643197.299:6458222): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643197.299:6458222): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643197.299:6458222): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643197.299:6458222): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3763113507\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c/303507f2758fd58910310a27fcb06f0db6c6bdc922d43240ec09ce51c2de1a54.pid\" a14=\"2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643197.299:6458222): arch=c000003e syscall=59 success=yes exit=0 a0=c000341980 a1=c000204d00 a2=c000204d80 a3=0 items=2 ppid=4404 pid=1271413 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643197.292:6458221): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F61353866643439636235323962633263336335663434343763"}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643197.292:6458221): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643197.292:6458221): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643197.292:6458221): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643197.292:6458221): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3420511065\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b/b7c26517d6d40f60b755a636f0011b2157872967b66f40d6aa71ccdef2a0afa0.pid\" a14=\"a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643197.292:6458221): arch=c000003e syscall=59 success=yes exit=0 a0=c000400c10 a1=c0000ffb80 a2=c0000ffc00 a3=0 items=2 ppid=4609 pid=1271412 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643196.926:6458220): proctitle=6E6F6465002D65007265717569726528276874747027292E6765742827687474703A2F2F27202B207265717569726528276F7327292E686F73746E616D652829202B20273A333030302F272C2072203D3E2070726F636573732E657869742828722E737461747573436F6465203D3D3D20323030207C7C20722E737461747573"}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643196.926:6458220): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6834212 dev=00:62 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643196.926:6458220): item=0 name=\"/usr/local/bin/node\" inode=6881221 dev=00:62 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643196.926:6458220): cwd=\"/app\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643196.926:6458220): argc=3 a0=\"node\" a1=\"-e\" a2=7265717569726528276874747027292E6765742827687474703A2F2F27202B207265717569726528276F7327292E686F73746E616D652829202B20273A333030302F272C2072203D3E2070726F636573732E657869742828722E737461747573436F6465203D3D3D20323030207C7C20722E737461747573436F6465203D3D3D2033303729203F2030203A203129292E6F6E28276572726F72272C202829203D3E2070726F636573732E6578697428312929"}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643196.926:6458220): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643196.926:6458220): arch=c000003e syscall=59 success=yes exit=0 a0=55ef72fbbc68 a1=55ef72fbb8f8 a2=55ef72fbbba8 a3=8 items=2 ppid=1271393 pid=1271399 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"node\" exe=\"/usr/local/bin/node\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643196.922:6458219): proctitle=2F62696E2F7368002D63006E6F6465202D6520227265717569726528276874747027292E6765742827687474703A2F2F27202B207265717569726528276F7327292E686F73746E616D652829202B20273A333030302F272C2072203D3E2070726F636573732E657869742828722E737461747573436F6465203D3D3D20323030"}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643196.922:6458219): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6834212 dev=00:62 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643196.922:6458219): item=0 name=\"/bin/sh\" inode=6832457 dev=00:62 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643196.922:6458219): cwd=\"/app\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643196.922:6458219): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=6E6F6465202D6520227265717569726528276874747027292E6765742827687474703A2F2F27202B207265717569726528276F7327292E686F73746E616D652829202B20273A333030302F272C2072203D3E2070726F636573732E657869742828722E737461747573436F6465203D3D3D20323030207C7C20722E737461747573436F6465203D3D3D2033303729203F2030203A203129292E6F6E28276572726F72272C202829203D3E2070726F636573732E657869742831292922"}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643196.922:6458219): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643196.922:6458219): arch=c000003e syscall=59 success=yes exit=0 a0=c00018eed8 a1=c000022ac0 a2=c000120240 a3=0 items=2 ppid=1271381 pid=1271393 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643196.879:6458218): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643196.879:6458218): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643196.879:6458218): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643196.879:6458218): cwd=\"/var/lib/docker/rootfs/overlayfs/62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643196.879:6458218): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643196.879:6458218): arch=c000003e syscall=59 success=yes exit=0 a0=c00017d860 a1=c000181338 a2=c000183c40 a3=0 items=2 ppid=1271381 pid=1271390 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643196.863:6458217): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36326666313836633935353866356138376238373161616432"}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643196.863:6458217): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643196.863:6458217): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643196.863:6458217): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643196.863:6458217): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process896602005\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638/b0f3f0c493494a19f0bcc1e89e6667cfa850f89d80e42a02a68392fc70595b6f.pid\" a14=\"62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643196.863:6458217): arch=c000003e syscall=59 success=yes exit=0 a0=c0001bd950 a1=c0000dc800 a2=c0000dc900 a3=0 items=2 ppid=5827 pid=1271381 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643196.014:6458216): proctitle=67726570003A30424238002F70726F632F6E65742F746370"}
{"ts": "2026-04-19T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643196.014:6458216): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6834212 dev=00:78 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643196.014:6458216): item=0 name=\"/bin/grep\" inode=6832538 dev=00:78 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643196.014:6458216): cwd=\"/app\""}
{"ts": "2026-04-19T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643196.014:6458216): argc=3 a0=\"grep\" a1=\":0BB8\" a2=\"/proc/net/tcp\""}
{"ts": "2026-04-19T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643196.014:6458216): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643196.014:6458216): arch=c000003e syscall=59 success=yes exit=0 a0=636c8dd59758 a1=636c7424d990 a2=636c8dd596e8 a3=8 items=2 ppid=1271372 pid=1271378 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"grep\" exe=\"/bin/grep\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643196.010:6458215): proctitle=2F62696E2F7368002D630067726570203A30424238202F70726F632F6E65742F746370207C7C20657869742031"}
{"ts": "2026-04-19T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643196.010:6458215): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6834212 dev=00:78 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643196.010:6458215): item=0 name=\"/bin/sh\" inode=6832457 dev=00:78 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643196.010:6458215): cwd=\"/app\""}
{"ts": "2026-04-19T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643196.010:6458215): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=67726570203A30424238202F70726F632F6E65742F746370207C7C20657869742031"}
{"ts": "2026-04-19T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643196.010:6458215): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643196.010:6458215): arch=c000003e syscall=59 success=yes exit=0 a0=c0000fcee8 a1=c000022680 a2=c0001508c0 a3=0 items=2 ppid=5199 pid=1271372 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643195.959:6458214): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643195.959:6458214): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643195.959:6458214): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643195.959:6458214): cwd=\"/var/lib/docker/rootfs/overlayfs/99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2\""}
{"ts": "2026-04-19T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643195.959:6458214): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643195.959:6458214): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b840 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=1271360 pid=1271369 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643195.944:6458213): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F39393735326335353431306262366163653365353739303464"}
{"ts": "2026-04-19T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643195.944:6458213): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643195.944:6458213): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643195.944:6458213): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2\""}
{"ts": "2026-04-19T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643195.944:6458213): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process4062325281\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2/1d6c7c671a3e6caf93e0183cfdb4a07807ecb55864e4a13be5b631581925f0c7.pid\" a14=\"99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2\""}
{"ts": "2026-04-19T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643195.944:6458213): arch=c000003e syscall=59 success=yes exit=0 a0=c0001d6490 a1=c0001b6e80 a2=c0001b6f00 a3=0 items=2 ppid=5199 pid=1271360 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643195.433:6458212): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643195.433:6458212): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6694357 dev=00:6b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643195.433:6458212): item=0 name=\"/usr/local/bin/redis-cli\" inode=6703632 dev=00:6b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643195.433:6458212): cwd=\"/data\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643195.433:6458212): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643195.433:6458212): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643195.433:6458212): arch=c000003e syscall=59 success=yes exit=0 a0=c0000289a0 a1=c0000d5350 a2=c0000dd1c0 a3=0 items=2 ppid=1271341 pid=1271354 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643195.384:6458211): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643195.384:6458211): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643195.384:6458211): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643195.384:6458211): cwd=\"/var/lib/docker/rootfs/overlayfs/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643195.384:6458211): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643195.384:6458211): arch=c000003e syscall=59 success=yes exit=0 a0=c0001cd880 a1=c0001d1350 a2=c0001d3c40 a3=0 items=2 ppid=1271341 pid=1271350 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643195.367:6458210): proctitle=6375726C002D6600687474703A2F2F6C6F63616C686F73743A31373137302F"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643195.367:6458210): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3566853 dev=00:81 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643195.367:6458210): item=0 name=\"/usr/bin/curl\" inode=3574788 dev=00:81 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643195.367:6458210): cwd=\"/app\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643195.367:6458210): argc=3 a0=\"curl\" a1=\"-f\" a2=\"http://localhost:17170/\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643195.367:6458210): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643195.367:6458210): arch=c000003e syscall=59 success=yes exit=0 a0=c0000ff0f0 a1=c000022ac0 a2=c00013ec00 a3=0 items=2 ppid=5118 pid=1271335 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"curl\" exe=\"/usr/bin/curl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643195.366:6458209): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F30613638333732643666643238323031363834626539383237"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643195.366:6458209): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643195.366:6458209): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643195.366:6458209): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643195.366:6458209): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3759040189\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748/75f13da54080684cff76c8f6b0621eabcc8be90891c75c177b148c7ab55df284.pid\" a14=\"0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643195.366:6458209): arch=c000003e syscall=59 success=yes exit=0 a0=c000480830 a1=c000440500 a2=c000440580 a3=0 items=2 ppid=4707 pid=1271341 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=USER_ERR msg=audit(1776643195.361:6458208): pid=1271321 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=PAM:bad_ident grantors=? acct=\"?\" exe=\"/usr/sbin/sshd\" hostname=91.134.240.52 addr=91.134.240.52 terminal=ssh res=failed'\u001dUID=\"root\" AUID=\"unset\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=USER_LOGIN msg=audit(1776643195.344:6458207): pid=1271321 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=login acct=28696E76616C6964207573657229 exe=\"/usr/sbin/sshd\" hostname=? addr=91.134.240.52 terminal=sshd res=failed'\u001dUID=\"root\" AUID=\"unset\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=USER_LOGIN msg=audit(1776643195.342:6458206): pid=1271321 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='op=login acct=28696E76616C6964207573657229 exe=\"/usr/sbin/sshd\" hostname=? addr=91.134.240.52 terminal=sshd res=failed'\u001dUID=\"root\" AUID=\"unset\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643195.323:6458205): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643195.323:6458205): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643195.323:6458205): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643195.323:6458205): cwd=\"/var/lib/docker/rootfs/overlayfs/5bd3e1d5545f7ec51999f8794a4b4d6cc0fd1d92f87a78cfdfb129e440cd0559\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643195.323:6458205): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643195.323:6458205): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5890 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=1271323 pid=1271332 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643195.307:6458204): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F35626433653164353534356637656335313939396638373934"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643195.307:6458204): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643195.307:6458204): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643195.307:6458204): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/5bd3e1d5545f7ec51999f8794a4b4d6cc0fd1d92f87a78cfdfb129e440cd0559\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643195.307:6458204): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/5bd3e1d5545f7ec51999f8794a4b4d6cc0fd1d92f87a78cfdfb129e440cd0559/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2723497148\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/5bd3e1d5545f7ec51999f8794a4b4d6cc0fd1d92f87a78cfdfb129e440cd0559/b65dd9b6707f564c062be894c30c42f0cd2aa0568ee99094d5d09fffa582c5da.pid\" a14=\"5bd3e1d5545f7ec51999f8794a4b4d6cc0fd1d92f87a78cfdfb129e440cd0559\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643195.307:6458204): arch=c000003e syscall=59 success=yes exit=0 a0=c0000106f0 a1=c000320d00 a2=c000320d80 a3=0 items=2 ppid=5118 pid=1271323 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643195.175:6458203): proctitle=2F7573722F7362696E2F73736864002D44002D52"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643195.175:6458203): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643195.175:6458203): item=0 name=\"/usr/sbin/sshd\" inode=4064199 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643195.175:6458203): cwd=\"/\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643195.175:6458203): argc=3 a0=\"/usr/sbin/sshd\" a1=\"-D\" a2=\"-R\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643195.175:6458203): arch=c000003e syscall=59 success=yes exit=0 a0=5b776287e950 a1=5b77628d1bb0 a2=5b776287e990 a3=8 items=2 ppid=1170 pid=1271321 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sshd\" exe=\"/usr/sbin/sshd\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643195.101:6458202): proctitle=6D617269616462002D2D64656661756C74732D65787472612D66696C653D2F7661722F6C69622F6D7973716C2F2E6D792D6865616C7468636865636B2E636E66002D2D70726F746F636F6C00736F636B6574002D42002D2D736B69702D636F6C756D6E2D6E616D6573002D650073656C65637420312066726F6D20696E666F72"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643195.101:6458202): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:61 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643195.101:6458202): item=0 name=\"/usr/bin/mariadb\" inode=7117817 dev=00:61 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643195.101:6458202): cwd=\"/\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643195.101:6458202): argc=8 a0=\"mariadb\" a1=\"--defaults-extra-file=/var/lib/mysql/.my-healthcheck.cnf\" a2=\"--protocol\" a3=\"socket\" a4=\"-B\" a5=\"--skip-column-names\" a6=\"-e\" a7=73656C65637420312066726F6D20696E666F726D6174696F6E5F736368656D612E454E47494E455320574845524520656E67696E653D27696E6E6F64622720414E4420737570706F727420696E202827594553272C202744454641554C54272C2027454E41424C45442729"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643195.101:6458202): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643195.101:6458202): arch=c000003e syscall=59 success=yes exit=0 a0=62df8443f990 a1=62df844619c0 a2=62df84440860 a3=8 items=2 ppid=1271311 pid=1271320 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"mariadb\" exe=\"/usr/bin/mariadb\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643195.086:6458201): proctitle=6D617269616462002D2D64656661756C74732D65787472612D66696C653D2F7661722F6C69622F6D7973716C2F2E6D792D6865616C7468636865636B2E636E66002D2D70726F746F636F6C00736F636B6574002D42002D2D736B69702D636F6C756D6E2D6E616D6573002D650073656C656374204040736B69705F6E6574776F"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643195.086:6458201): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:61 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643195.086:6458201): item=0 name=\"/usr/bin/mariadb\" inode=7117817 dev=00:61 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643195.086:6458201): cwd=\"/\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643195.086:6458201): argc=8 a0=\"mariadb\" a1=\"--defaults-extra-file=/var/lib/mysql/.my-healthcheck.cnf\" a2=\"--protocol\" a3=\"socket\" a4=\"-B\" a5=\"--skip-column-names\" a6=\"-e\" a7=73656C656374204040736B69705F6E6574776F726B696E67"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643195.086:6458201): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643195.086:6458201): arch=c000003e syscall=59 success=yes exit=0 a0=62df8443ffe0 a1=62df84461810 a2=62df844404a0 a3=8 items=2 ppid=1271311 pid=1271318 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"mariadb\" exe=\"/usr/bin/mariadb\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643195.078:6458200): proctitle=2F62696E2F62617368002F7573722F6C6F63616C2F62696E2F6865616C7468636865636B2E7368002D2D636F6E6E656374002D2D696E6E6F64625F696E697469616C697A6564"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643195.078:6458200): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:61 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643195.078:6458200): item=1 name=\"/bin/bash\" inode=6963796 dev=00:61 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643195.078:6458200): item=0 name=\"/usr/local/bin/healthcheck.sh\" inode=7348502 dev=00:61 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643195.078:6458200): cwd=\"/\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643195.078:6458200): argc=4 a0=\"/bin/bash\" a1=\"/usr/local/bin/healthcheck.sh\" a2=\"--connect\" a3=\"--innodb_initialized\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643195.078:6458200): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643195.078:6458200): arch=c000003e syscall=59 success=yes exit=0 a0=c000028760 a1=c000022660 a2=c0000de320 a3=0 items=3 ppid=1271299 pid=1271311 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"healthcheck.sh\" exe=\"/usr/bin/bash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643195.030:6458199): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643195.030:6458199): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643195.030:6458199): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643195.030:6458199): cwd=\"/var/lib/docker/rootfs/overlayfs/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643195.030:6458199): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643195.030:6458199): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3840 a1=c0001f7338 a2=c0001f9c40 a3=0 items=2 ppid=1271299 pid=1271308 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643195.015:6458198): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F37656465303139653363623065383839303138636162386266"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643195.015:6458198): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643195.015:6458198): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643195.015:6458198): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643195.015:6458198): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1921556377\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7/4a056b5260ccd6572fcc5d934e8a6b90429f8193caecd0c39e2990d6370e4c40.pid\" a14=\"7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643195.015:6458198): arch=c000003e syscall=59 success=yes exit=0 a0=c000011090 a1=c000342300 a2=c000342380 a3=0 items=2 ppid=5740 pid=1271299 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643194.951:6458197): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643194.951:6458197): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643194.951:6458197): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643194.951:6458197): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643194.951:6458197): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643194.951:6458197): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643194.951:6458197): arch=c000003e syscall=59 success=yes exit=0 a0=7276055e5d60 a1=7275b0442960 a2=5d751c63aa40 a3=8 items=2 ppid=6449 pid=1271298 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643194.951:6458196): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643194.951:6458196): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643194.951:6458196): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643194.951:6458196): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b0442960 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1271298 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643194.951:6458195): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643194.951:6458195): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643194.951:6458195): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643194.951:6458195): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b0442960 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1271298 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643194.951:6458194): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643194.951:6458194): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643194.951:6458194): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643194.951:6458194): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b0442960 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1271298 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643194.951:6458193): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643194.951:6458193): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643194.951:6458193): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643194.951:6458193): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b0442960 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1271298 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643194.951:6458192): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643194.951:6458192): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643194.951:6458192): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643194.951:6458192): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b0442960 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1271298 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643194.951:6458191): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643194.951:6458191): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643194.951:6458191): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643194.951:6458191): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b0442960 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1271298 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643194.948:6458190): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643194.948:6458190): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643194.948:6458190): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643194.948:6458190): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643194.948:6458190): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643194.948:6458190): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643194.948:6458190): arch=c000003e syscall=59 success=yes exit=0 a0=7276055e5d60 a1=7275b0442920 a2=5d751c63aa40 a3=8 items=2 ppid=6449 pid=1271297 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643194.948:6458189): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643194.948:6458189): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643194.948:6458189): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643194.948:6458189): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b0442920 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1271297 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643194.948:6458188): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643194.948:6458188): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643194.948:6458188): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643194.948:6458188): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b0442920 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1271297 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643194.948:6458187): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643194.948:6458187): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643194.948:6458187): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643194.948:6458187): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b0442920 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1271297 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643194.948:6458186): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643194.948:6458186): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643194.948:6458186): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643194.948:6458186): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b0442920 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1271297 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643194.948:6458185): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643194.948:6458185): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643194.948:6458185): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643194.948:6458185): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b0442920 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1271297 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643194.948:6458184): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643194.948:6458184): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643194.948:6458184): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643194.948:6458184): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b0442920 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1271297 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643194.945:6458183): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643194.945:6458183): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643194.945:6458183): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643194.945:6458183): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643194.945:6458183): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643194.945:6458183): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643194.945:6458183): arch=c000003e syscall=59 success=yes exit=0 a0=7276055e5d60 a1=7275b04429a0 a2=5d751c63aa40 a3=8 items=2 ppid=6449 pid=1271296 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643194.945:6458182): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643194.945:6458182): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643194.945:6458182): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643194.945:6458182): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b04429a0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1271296 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643194.945:6458181): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643194.945:6458181): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643194.945:6458181): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643194.945:6458181): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b04429a0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1271296 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643194.945:6458180): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643194.945:6458180): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643194.945:6458180): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643194.945:6458180): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b04429a0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1271296 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643194.945:6458179): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643194.945:6458179): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643194.945:6458179): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643194.945:6458179): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b04429a0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1271296 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643194.945:6458178): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643194.945:6458178): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643194.945:6458178): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643194.945:6458178): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b04429a0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1271296 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643194.945:6458177): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643194.945:6458177): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643194.945:6458177): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643194.945:6458177): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b04429a0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1271296 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643194.451:6458176): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643194.451:6458176): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643194.451:6458176): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643194.451:6458176): cwd=\"/var/lib/docker/rootfs/overlayfs/59582f7591559088714ccdef6fbea6ce773505523dcc785ab3c861f1c9a990ae\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643194.451:6458176): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643194.451:6458176): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b810 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=1271276 pid=1271285 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643194.437:6458175): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F35393538326637353931353539303838373134636364656636"}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643194.437:6458175): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643194.437:6458175): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643194.437:6458175): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/59582f7591559088714ccdef6fbea6ce773505523dcc785ab3c861f1c9a990ae\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643194.437:6458175): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/59582f7591559088714ccdef6fbea6ce773505523dcc785ab3c861f1c9a990ae/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2593635836\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/59582f7591559088714ccdef6fbea6ce773505523dcc785ab3c861f1c9a990ae/cf985f8337c5ecf3041ac3c418a1681d3b2e4a5c49ac17b2206bb66592a4438d.pid\" a14=\"59582f7591559088714ccdef6fbea6ce773505523dcc785ab3c861f1c9a990ae\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643194.437:6458175): arch=c000003e syscall=59 success=yes exit=0 a0=c000122cd0 a1=c000052d00 a2=c000052d80 a3=0 items=2 ppid=5731 pid=1271276 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643194.222:6458174): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550067726F777468626F6F6B002D6400706F737467726573"}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643194.222:6458174): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643194.222:6458174): item=0 name=\"/usr/lib/postgresql/17/bin/pg_isready\" inode=3958125 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643194.222:6458174): cwd=\"/\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643194.222:6458174): argc=5 a0=\"/usr/lib/postgresql/17/bin/pg_isready\" a1=\"-U\" a2=\"growthbook\" a3=\"-d\" a4=\"postgres\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643194.222:6458174): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643194.222:6458174): arch=c000003e syscall=59 success=yes exit=0 a0=5facdcfbcea0 a1=5facdd0c5e50 a2=5facdcd44970 a3=7f4ba06fce70 items=2 ppid=1271268 pid=1271274 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/lib/postgresql/17/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643194.169:6458173): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550067726F777468626F6F6B002D6400706F737467726573"}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643194.169:6458173): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643194.169:6458173): item=1 name=\"/usr/bin/perl\" inode=6956288 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643194.169:6458173): item=0 name=\"/usr/bin/pg_isready\" inode=4211279 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643194.169:6458173): cwd=\"/\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643194.169:6458173): argc=6 a0=\"/usr/bin/perl\" a1=\"/usr/bin/pg_isready\" a2=\"-U\" a3=\"growthbook\" a4=\"-d\" a5=\"postgres\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643194.169:6458173): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643194.169:6458173): arch=c000003e syscall=59 success=yes exit=0 a0=5fca0e908640 a1=5fc9e56c39a8 a2=5fca0e9085d8 a3=8 items=3 ppid=1271268 pid=1271274 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/bin/perl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643194.165:6458172): proctitle=2F62696E2F7368002D630070675F69737265616479202D552067726F777468626F6F6B202D6420706F737467726573"}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643194.165:6458172): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643194.165:6458172): item=0 name=\"/bin/sh\" inode=6954646 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643194.165:6458172): cwd=\"/\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643194.165:6458172): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552067726F777468626F6F6B202D6420706F737467726573"}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643194.165:6458172): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643194.165:6458172): arch=c000003e syscall=59 success=yes exit=0 a0=c00018ae80 a1=c000022ac0 a2=c0000900c0 a3=0 items=2 ppid=1271255 pid=1271268 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/usr/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643194.122:6458171): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643194.122:6458171): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643194.122:6458171): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643194.122:6458171): cwd=\"/var/lib/docker/rootfs/overlayfs/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643194.122:6458171): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643194.122:6458171): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5880 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=1271255 pid=1271264 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643194.107:6458170): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F30326662356464303063653239313436373264356635333762"}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643194.107:6458170): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643194.107:6458170): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643194.107:6458170): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643194.107:6458170): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1311015559\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf/305b5423de5f8b0d74647bd3b4f22f37346659de8abdd0bcd26292d8e0a01381.pid\" a14=\"02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643194.107:6458170): arch=c000003e syscall=59 success=yes exit=0 a0=c0002b36b0 a1=c0003b6180 a2=c0003b6200 a3=0 items=2 ppid=4615 pid=1271255 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643194.106:6458169): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550070726F6D6574686575735F61646D696E002D640070726F6D6574686575735F61646D696E"}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643194.106:6458169): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=5581428 dev=00:95 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643194.106:6458169): item=0 name=\"/usr/lib/postgresql/17/bin/pg_isready\" inode=5809487 dev=00:95 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643194.106:6458169): cwd=\"/\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643194.106:6458169): argc=5 a0=\"/usr/lib/postgresql/17/bin/pg_isready\" a1=\"-U\" a2=\"prometheus_admin\" a3=\"-d\" a4=\"prometheus_admin\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643194.106:6458169): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643194.106:6458169): arch=c000003e syscall=59 success=yes exit=0 a0=6114b1be7bd0 a1=6114b1f66fc0 a2=6114b1bca970 a3=7ae3cc434e70 items=2 ppid=1271248 pid=1271254 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/lib/postgresql/17/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643194.064:6458168): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550070726F6D6574686575735F61646D696E002D640070726F6D6574686575735F61646D696E"}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643194.064:6458168): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=5581428 dev=00:95 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643194.064:6458168): item=1 name=\"/usr/bin/perl\" inode=5580916 dev=00:95 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643194.064:6458168): item=0 name=\"/usr/bin/pg_isready\" inode=5823482 dev=00:95 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643194.064:6458168): cwd=\"/\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643194.064:6458168): argc=6 a0=\"/usr/bin/perl\" a1=\"/usr/bin/pg_isready\" a2=\"-U\" a3=\"prometheus_admin\" a4=\"-d\" a5=\"prometheus_admin\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643194.064:6458168): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643194.064:6458168): arch=c000003e syscall=59 success=yes exit=0 a0=5a026096d678 a1=5a026096d5e0 a2=5a026096d610 a3=8 items=3 ppid=1271248 pid=1271254 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/bin/perl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643194.059:6458167): proctitle=2F62696E2F7368002D630070675F69737265616479202D552070726F6D6574686575735F61646D696E202D642070726F6D6574686575735F61646D696E"}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643194.059:6458167): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=5581428 dev=00:95 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643194.059:6458167): item=0 name=\"/bin/sh\" inode=5580787 dev=00:95 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643194.059:6458167): cwd=\"/\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643194.059:6458167): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552070726F6D6574686575735F61646D696E202D642070726F6D6574686575735F61646D696E"}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643194.059:6458167): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643194.059:6458167): arch=c000003e syscall=59 success=yes exit=0 a0=c00018ae80 a1=c000022ac0 a2=c0000900c0 a3=0 items=2 ppid=5764 pid=1271248 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/usr/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643194.017:6458166): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643194.017:6458166): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643194.017:6458166): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643194.017:6458166): cwd=\"/var/lib/docker/rootfs/overlayfs/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643194.017:6458166): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643194.017:6458166): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5880 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=1271236 pid=1271245 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643194.000:6458165): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F39366463666130373439336431613065353531353136646432"}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643194.000:6458165): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643194.000:6458165): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643194.000:6458165): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643194.000:6458165): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process624547479\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24/01fd23c85cd11f96dd0852f79148f239f95277de3a7a46c0a23aef449832bc0e.pid\" a14=\"96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643194.000:6458165): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f4880 a1=c0001b2c00 a2=c0001b2c80 a3=0 items=2 ppid=5764 pid=1271236 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643193.890:6458164): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643193.890:6458164): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643193.890:6458164): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643193.890:6458164): cwd=\"/var/lib/docker/rootfs/overlayfs/ad3efa4adb2d722d56d3649168adfdee0034142a9983b8c4c4a5058e82e5e14b\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643193.890:6458164): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643193.890:6458164): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5870 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=1271216 pid=1271225 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643193.876:6458163): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F61643365666134616462326437323264353664333634393136"}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643193.876:6458163): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643193.876:6458163): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643193.876:6458163): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/ad3efa4adb2d722d56d3649168adfdee0034142a9983b8c4c4a5058e82e5e14b\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643193.876:6458163): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/ad3efa4adb2d722d56d3649168adfdee0034142a9983b8c4c4a5058e82e5e14b/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3199842849\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/ad3efa4adb2d722d56d3649168adfdee0034142a9983b8c4c4a5058e82e5e14b/eb2edda9beafcde30f4fd2ce1d78f0e75ac86426423c0eb331669b6a1a1a636b.pid\" a14=\"ad3efa4adb2d722d56d3649168adfdee0034142a9983b8c4c4a5058e82e5e14b\""}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643193.876:6458163): arch=c000003e syscall=59 success=yes exit=0 a0=c0003845b0 a1=c000332d00 a2=c000332d80 a3=0 items=2 ppid=5342 pid=1271216 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643193.411:6458162): proctitle=77676574002D2D73706964657200687474703A2F2F6C6F63616C686F73743A333130302F7265616479"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643193.411:6458162): item=0 name=\"/busybox/wget\" inode=6701653 dev=00:6c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643193.411:6458162): cwd=\"/\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643193.411:6458162): argc=3 a0=\"wget\" a1=\"--spider\" a2=\"http://localhost:3100/ready\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643193.411:6458162): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643193.411:6458162): arch=c000003e syscall=59 success=yes exit=0 a0=c0001a8e60 a1=c000022660 a2=c0000cf9e0 a3=0 items=1 ppid=1271197 pid=1271209 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/busybox/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643193.373:6458161): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643193.373:6458161): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643193.373:6458161): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643193.373:6458161): cwd=\"/var/lib/docker/rootfs/overlayfs/c390a7335ba8d816c119db0362dee085991e5e82d658167c5921656c90a30307\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643193.373:6458161): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643193.373:6458161): arch=c000003e syscall=59 success=yes exit=0 a0=c0001cd890 a1=c0001d1350 a2=c0001d3c80 a3=0 items=2 ppid=1271197 pid=1271206 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643193.356:6458160): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F63333930613733333562613864383136633131396462303336"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643193.356:6458160): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643193.356:6458160): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643193.356:6458160): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/c390a7335ba8d816c119db0362dee085991e5e82d658167c5921656c90a30307\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643193.356:6458160): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/c390a7335ba8d816c119db0362dee085991e5e82d658167c5921656c90a30307/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1021868396\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/c390a7335ba8d816c119db0362dee085991e5e82d658167c5921656c90a30307/98e7c21d0d2a14f4676a2ffd8f93c33f5741e4ae073de7f2bc6edbdb301a3b84.pid\" a14=\"c390a7335ba8d816c119db0362dee085991e5e82d658167c5921656c90a30307\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643193.356:6458160): arch=c000003e syscall=59 success=yes exit=0 a0=c00032e1c0 a1=c000133a00 a2=c000133a80 a3=0 items=2 ppid=4394 pid=1271197 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643193.181:6458159): proctitle=636C616D647363616E002D2D76657273696F6E"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643193.181:6458159): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6689254 dev=00:45 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643193.181:6458159): item=0 name=\"/usr/bin/clamdscan\" inode=6714733 dev=00:45 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643193.181:6458159): cwd=\"/\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643193.181:6458159): argc=2 a0=\"clamdscan\" a1=\"--version\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643193.181:6458159): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643193.181:6458159): arch=c000003e syscall=59 success=yes exit=0 a0=c000027380 a1=c0000d5350 a2=c0000c7950 a3=0 items=2 ppid=1271176 pid=1271190 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"clamdscan\" exe=\"/usr/bin/clamdscan\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643193.118:6458158): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643193.118:6458158): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643193.118:6458158): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643193.118:6458158): cwd=\"/var/lib/docker/rootfs/overlayfs/60ba518f9a5f7016add1133158f649e99ef850284ee96e9bc71f602039398291\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643193.118:6458158): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643193.118:6458158): arch=c000003e syscall=59 success=yes exit=0 a0=c000173850 a1=c000177338 a2=c000179c40 a3=0 items=2 ppid=1271176 pid=1271188 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643193.107:6458157): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643193.107:6458157): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:bf mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643193.107:6458157): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:bf mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643193.107:6458157): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643193.107:6458157): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643193.107:6458157): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643193.107:6458157): arch=c000003e syscall=59 success=yes exit=0 a0=7cf488ecad60 a1=7cf467e01240 a2=570e063f2a40 a3=8 items=2 ppid=6698 pid=1271179 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643193.107:6458156): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643193.107:6458156): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643193.107:6458156): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643193.107:6458156): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf467e01240 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1271179 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643193.107:6458155): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643193.107:6458155): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643193.107:6458155): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643193.107:6458155): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf467e01240 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1271179 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643193.107:6458154): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643193.107:6458154): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643193.107:6458154): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643193.107:6458154): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf467e01240 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1271179 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643193.106:6458153): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643193.106:6458153): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643193.106:6458153): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643193.106:6458153): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf467e01240 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1271179 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643193.106:6458152): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643193.106:6458152): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643193.106:6458152): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643193.106:6458152): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf467e01240 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1271179 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643193.106:6458151): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643193.106:6458151): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643193.106:6458151): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643193.106:6458151): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf467e01240 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1271179 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643193.103:6458150): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643193.103:6458150): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:bf mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643193.103:6458150): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:bf mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643193.103:6458150): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643193.103:6458150): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643193.103:6458150): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643193.103:6458150): arch=c000003e syscall=59 success=yes exit=0 a0=7cf488ecad60 a1=7cf439403da0 a2=570e063f2a40 a3=8 items=2 ppid=6698 pid=1271177 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643193.103:6458149): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643193.103:6458149): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643193.103:6458149): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643193.103:6458149): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf439403da0 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1271177 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643193.103:6458148): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643193.103:6458148): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643193.103:6458148): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643193.103:6458148): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf439403da0 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1271177 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643193.103:6458147): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643193.103:6458147): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643193.103:6458147): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643193.103:6458147): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf439403da0 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1271177 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643193.102:6458146): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643193.102:6458146): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643193.102:6458146): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643193.102:6458146): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf439403da0 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1271177 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643193.102:6458145): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643193.102:6458145): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643193.102:6458145): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643193.102:6458145): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf439403da0 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1271177 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643193.102:6458144): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643193.102:6458144): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643193.102:6458144): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643193.102:6458144): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf439403da0 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1271177 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643193.100:6458143): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36306261353138663961356637303136616464313133333135"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643193.100:6458143): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643193.100:6458143): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643193.100:6458143): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/60ba518f9a5f7016add1133158f649e99ef850284ee96e9bc71f602039398291\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643193.100:6458143): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/60ba518f9a5f7016add1133158f649e99ef850284ee96e9bc71f602039398291/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3945139209\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/60ba518f9a5f7016add1133158f649e99ef850284ee96e9bc71f602039398291/d6e98e695acf0269f67bdbca6b943e5d6c9109b5882ee19b67cf621b45856ac0.pid\" a14=\"60ba518f9a5f7016add1133158f649e99ef850284ee96e9bc71f602039398291\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643193.100:6458143): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f43b0 a1=c000372280 a2=c000372300 a3=0 items=2 ppid=5076 pid=1271176 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643193.097:6458142): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643193.097:6458142): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:bf mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643193.097:6458142): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:bf mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643193.097:6458142): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643193.097:6458142): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643193.097:6458142): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643193.097:6458142): arch=c000003e syscall=59 success=yes exit=0 a0=7cf488ecad60 a1=7cf467e01360 a2=570e063f2a40 a3=8 items=2 ppid=6698 pid=1271175 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643193.097:6458141): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643193.097:6458141): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643193.097:6458141): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643193.097:6458141): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf467e01360 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1271175 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643193.097:6458140): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643193.097:6458140): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643193.097:6458140): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643193.097:6458140): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf467e01360 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1271175 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643193.097:6458139): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643193.097:6458139): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643193.097:6458139): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643193.097:6458139): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf467e01360 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1271175 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643193.097:6458138): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643193.097:6458138): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643193.097:6458138): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643193.097:6458138): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf467e01360 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1271175 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643193.097:6458137): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643193.097:6458137): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643193.097:6458137): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643193.097:6458137): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf467e01360 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1271175 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643193.097:6458136): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643193.097:6458136): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643193.097:6458136): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643193.097:6458136): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf467e01360 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1271175 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643193.086:6458135): proctitle=6C73002F"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643193.086:6458135): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6952479 dev=00:48 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643193.086:6458135): item=0 name=\"/usr/bin/ls\" inode=6837222 dev=00:48 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643193.086:6458135): cwd=\"/project\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643193.086:6458135): argc=2 a0=\"ls\" a1=\"/\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643193.086:6458135): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643193.086:6458135): arch=c000003e syscall=59 success=yes exit=0 a0=5affa5a596f0 a1=5aff7d2f5990 a2=5affa5a59698 a3=8 items=2 ppid=1271165 pid=1271174 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"ls\" exe=\"/usr/bin/ls\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643193.077:6458134): proctitle=2F62696E2F7368002D63006C73202F203E202F6465762F6E756C6C207C7C20657869742031"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643193.077:6458134): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6952479 dev=00:48 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643193.077:6458134): item=0 name=\"/bin/sh\" inode=6834806 dev=00:48 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643193.077:6458134): cwd=\"/project\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643193.077:6458134): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=6C73202F203E202F6465762F6E756C6C207C7C20657869742031"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643193.077:6458134): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643193.077:6458134): arch=c000003e syscall=59 success=yes exit=0 a0=c000194ea8 a1=c000022660 a2=c0000de320 a3=0 items=2 ppid=1271152 pid=1271165 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/usr/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643193.033:6458133): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643193.033:6458133): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643193.033:6458133): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643193.033:6458133): cwd=\"/var/lib/docker/rootfs/overlayfs/aafc3318f2a2fddff1da5e3c92952f5057b4e21f72626d5770313f32f540051d\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643193.033:6458133): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643193.033:6458133): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3840 a1=c0001f7338 a2=c0001f9c40 a3=0 items=2 ppid=1271152 pid=1271163 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643193.017:6458132): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F61616663333331386632613266646466663164613565336339"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643193.017:6458132): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643193.017:6458132): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643193.017:6458132): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/aafc3318f2a2fddff1da5e3c92952f5057b4e21f72626d5770313f32f540051d\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643193.017:6458132): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/aafc3318f2a2fddff1da5e3c92952f5057b4e21f72626d5770313f32f540051d/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3817132189\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/aafc3318f2a2fddff1da5e3c92952f5057b4e21f72626d5770313f32f540051d/71e0b337b088c1467c5a55331c60095c25330855d9182dfe5e110470f3df8e1d.pid\" a14=\"aafc3318f2a2fddff1da5e3c92952f5057b4e21f72626d5770313f32f540051d\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643193.017:6458132): arch=c000003e syscall=59 success=yes exit=0 a0=c000348270 a1=c0001ced00 a2=c0001ced80 a3=0 items=2 ppid=5171 pid=1271152 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643193.000:6458131): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643193.000:6458131): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:4a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643193.000:6458131): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:4a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643193.000:6458131): cwd=\"/\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643193.000:6458131): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"postgres\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643193.000:6458131): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643193.000:6458131): arch=c000003e syscall=59 success=yes exit=0 a0=75c83b31a288 a1=75c83b31a1e8 a2=75c83b31a208 a3=0 items=2 ppid=1271132 pid=1271145 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643192.997:6458130): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643192.997:6458130): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:4a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643192.997:6458130): item=0 name=\"/bin/sh\" inode=8589166 dev=00:4a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643192.997:6458130): cwd=\"/\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643192.997:6458130): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643192.997:6458130): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643192.997:6458130): arch=c000003e syscall=59 success=yes exit=0 a0=c0001a0f68 a1=c000022680 a2=c0001508c0 a3=0 items=2 ppid=1271132 pid=1271145 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643192.929:6458129): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643192.929:6458129): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643192.929:6458129): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643192.929:6458129): cwd=\"/var/lib/docker/rootfs/overlayfs/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643192.929:6458129): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643192.929:6458129): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5890 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=1271132 pid=1271141 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643192.915:6458128): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36653065616135386161643139626438656463306639353565"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643192.915:6458128): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643192.915:6458128): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643192.915:6458128): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643192.915:6458128): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1029215554\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39/46cecbfc7de9c1591d2df5fd19776d5dfec50405c9e06aeb41b8d13859219c9d.pid\" a14=\"6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643192.915:6458128): arch=c000003e syscall=59 success=yes exit=0 a0=c000195f50 a1=c00007e900 a2=c00007e980 a3=0 items=2 ppid=4040 pid=1271132 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643192.841:6458127): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643192.841:6458127): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643192.841:6458127): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643192.841:6458127): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643192.841:6458127): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643192.841:6458127): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643192.841:6458127): arch=c000003e syscall=59 success=yes exit=0 a0=75b00d839d60 a1=75af72a1a0e0 a2=572859f88650 a3=8 items=2 ppid=6470 pid=1271131 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643192.841:6458126): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643192.841:6458126): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643192.841:6458126): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643192.841:6458126): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75af72a1a0e0 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1271131 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643192.841:6458125): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643192.841:6458125): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643192.841:6458125): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643192.841:6458125): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75af72a1a0e0 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1271131 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643192.841:6458124): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643192.841:6458124): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643192.841:6458124): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643192.841:6458124): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75af72a1a0e0 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1271131 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643192.841:6458123): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643192.841:6458123): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643192.841:6458123): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643192.841:6458123): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75af72a1a0e0 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1271131 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643192.841:6458122): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643192.841:6458122): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643192.841:6458122): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643192.841:6458122): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75af72a1a0e0 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1271131 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643192.840:6458121): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643192.840:6458121): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643192.840:6458121): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643192.840:6458121): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75af72a1a0e0 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1271131 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643192.838:6458120): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643192.838:6458120): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643192.838:6458120): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643192.838:6458120): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643192.838:6458120): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643192.838:6458120): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643192.838:6458120): arch=c000003e syscall=59 success=yes exit=0 a0=75b00d839d60 a1=75af72a00da0 a2=572859f88650 a3=8 items=2 ppid=6470 pid=1271130 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643192.838:6458119): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643192.838:6458119): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643192.838:6458119): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643192.838:6458119): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75af72a00da0 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1271130 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643192.838:6458118): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643192.838:6458118): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643192.838:6458118): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643192.838:6458118): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75af72a00da0 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1271130 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643192.838:6458117): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643192.838:6458117): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643192.838:6458117): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643192.838:6458117): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75af72a00da0 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1271130 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643192.838:6458116): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643192.838:6458116): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643192.838:6458116): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643192.838:6458116): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75af72a00da0 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1271130 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643192.838:6458115): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643192.838:6458115): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643192.838:6458115): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643192.838:6458115): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75af72a00da0 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1271130 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643192.838:6458114): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643192.838:6458114): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643192.838:6458114): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643192.838:6458114): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75af72a00da0 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1271130 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643192.835:6458113): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643192.835:6458113): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643192.835:6458113): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643192.835:6458113): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643192.835:6458113): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643192.835:6458113): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643192.835:6458113): arch=c000003e syscall=59 success=yes exit=0 a0=75b00d839d60 a1=75afebc00780 a2=572859f88650 a3=8 items=2 ppid=6470 pid=1271129 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643192.835:6458112): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643192.835:6458112): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643192.835:6458112): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643192.835:6458112): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00780 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1271129 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643192.835:6458111): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643192.835:6458111): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643192.835:6458111): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643192.835:6458111): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00780 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1271129 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643192.835:6458110): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643192.835:6458110): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643192.835:6458110): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643192.835:6458110): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00780 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1271129 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643192.835:6458109): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643192.835:6458109): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643192.835:6458109): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643192.835:6458109): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00780 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1271129 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643192.835:6458108): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643192.835:6458108): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643192.835:6458108): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643192.835:6458108): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00780 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1271129 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643192.835:6458107): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643192.835:6458107): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643192.835:6458107): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643192.835:6458107): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00780 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1271129 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643192.241:6458106): proctitle=77676574002D714F002F6465762F6E756C6C00687474703A2F2F3132372E302E302E313A383132332F70696E67"}
{"ts": "2026-04-19T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643192.241:6458106): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6688979 dev=00:32 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643192.241:6458106): item=0 name=\"/usr/bin/wget\" inode=6699356 dev=00:32 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643192.241:6458106): cwd=\"/\""}
{"ts": "2026-04-19T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643192.241:6458106): argc=4 a0=\"wget\" a1=\"-qO\" a2=\"/dev/null\" a3=\"http://127.0.0.1:8123/ping\""}
{"ts": "2026-04-19T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643192.241:6458106): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a88465fb old_pi=0 old_pe=00000000a88465fb old_pa=0 pp=00000000a88465fb pi=0 pe=00000000a88465fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643192.241:6458106): arch=c000003e syscall=59 success=yes exit=0 a0=7d10c6521450 a1=7d10c65213b0 a2=7d10c65213d8 a3=8 items=2 ppid=1271122 pid=1271128 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643192.237:6458105): proctitle=2F62696E2F7368002D630077676574202D714F202F6465762F6E756C6C20687474703A2F2F3132372E302E302E313A383132332F70696E67207C7C20657869742031"}
{"ts": "2026-04-19T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643192.237:6458105): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6688979 dev=00:32 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643192.237:6458105): item=0 name=\"/bin/sh\" inode=6699356 dev=00:32 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643192.237:6458105): cwd=\"/\""}
{"ts": "2026-04-19T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643192.237:6458105): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=77676574202D714F202F6465762F6E756C6C20687474703A2F2F3132372E302E302E313A383132332F70696E67207C7C20657869742031"}
{"ts": "2026-04-19T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643192.237:6458105): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a88465fb old_pi=0 old_pe=00000000a88465fb old_pa=0 pp=00000000a88465fb pi=0 pe=00000000a88465fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643192.237:6458105): arch=c000003e syscall=59 success=yes exit=0 a0=c00018b188 a1=c000022ac0 a2=c0001348c0 a3=0 items=2 ppid=1271109 pid=1271122 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643192.194:6458104): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643192.194:6458104): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643192.194:6458104): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643192.194:6458104): cwd=\"/var/lib/docker/rootfs/overlayfs/1fb3858784c1bbc7b7db79bd21020b36e4b8209f56f9299f38689bcfe0a0492c\""}
{"ts": "2026-04-19T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643192.194:6458104): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643192.194:6458104): arch=c000003e syscall=59 success=yes exit=0 a0=c0001eb930 a1=c0001ef398 a2=c0001f1d40 a3=0 items=2 ppid=1271109 pid=1271118 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643192.180:6458103): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F31666233383538373834633162626337623764623739626432"}
{"ts": "2026-04-19T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643192.180:6458103): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643192.180:6458103): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643192.180:6458103): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/1fb3858784c1bbc7b7db79bd21020b36e4b8209f56f9299f38689bcfe0a0492c\""}
{"ts": "2026-04-19T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643192.180:6458103): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/1fb3858784c1bbc7b7db79bd21020b36e4b8209f56f9299f38689bcfe0a0492c/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2773092982\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/1fb3858784c1bbc7b7db79bd21020b36e4b8209f56f9299f38689bcfe0a0492c/29662c4e830badc5de94629af95bf530854484ac3b49e052c52234099b7f5c28.pid\" a14=\"1fb3858784c1bbc7b7db79bd21020b36e4b8209f56f9299f38689bcfe0a0492c\""}
{"ts": "2026-04-19T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643192.180:6458103): arch=c000003e syscall=59 success=yes exit=0 a0=c000010680 a1=c000297f00 a2=c000130280 a3=0 items=2 ppid=3826 pid=1271109 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643191.456:6458102): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643191.456:6458102): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=5809101 dev=00:7a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643191.456:6458102): item=0 name=\"/usr/local/bin/redis-cli\" inode=928088 dev=00:7a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643191.456:6458102): cwd=\"/data\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643191.456:6458102): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643191.456:6458102): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643191.456:6458102): arch=c000003e syscall=59 success=yes exit=0 a0=c0000289a0 a1=c0000e3350 a2=c0000eb1c0 a3=0 items=2 ppid=1271088 pid=1271101 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643191.379:6458101): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643191.379:6458101): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643191.379:6458101): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643191.379:6458101): cwd=\"/var/lib/docker/rootfs/overlayfs/7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643191.379:6458101): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643191.379:6458101): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5880 a1=c0001c9350 a2=c0001cbc40 a3=0 items=2 ppid=1271088 pid=1271097 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643191.355:6458100): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F37653133646436663732366137623537636331343730633130"}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643191.355:6458100): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643191.355:6458100): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643191.355:6458100): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643191.355:6458100): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1084834714\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc/e85a48016102bf8ba556d30c11001700c4d18303928df69e91c9eef737186b3d.pid\" a14=\"7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643191.355:6458100): arch=c000003e syscall=59 success=yes exit=0 a0=c00029fd80 a1=c00006eb80 a2=c00006ec00 a3=0 items=2 ppid=4347 pid=1271088 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643191.326:6458099): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643191.326:6458099): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6694357 dev=00:42 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643191.326:6458099): item=0 name=\"/usr/local/bin/redis-cli\" inode=6703632 dev=00:42 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643191.326:6458099): cwd=\"/data\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643191.326:6458099): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643191.326:6458099): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643191.326:6458099): arch=c000003e syscall=59 success=yes exit=0 a0=c0000289a0 a1=c0000d1350 a2=c0000d91c0 a3=0 items=2 ppid=1271070 pid=1271082 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643191.280:6458098): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643191.280:6458098): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643191.280:6458098): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643191.280:6458098): cwd=\"/var/lib/docker/rootfs/overlayfs/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643191.280:6458098): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643191.280:6458098): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5880 a1=c0001c9350 a2=c0001cbc40 a3=0 items=2 ppid=1271070 pid=1271080 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643191.266:6458097): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F34636330343638363065393965643463653631636334663763"}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643191.266:6458097): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643191.266:6458097): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643191.266:6458097): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643191.266:6458097): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3050530686\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d/b0b14a17e6309f1152bf82d5c9bf5809723135d7bb1187ae597f5def4144cc1b.pid\" a14=\"4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643191.266:6458097): arch=c000003e syscall=59 success=yes exit=0 a0=c000011bc0 a1=c0000e1e00 a2=c0000e1e80 a3=0 items=2 ppid=4510 pid=1271070 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643191.195:6458096): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520617065785F75736572202D6420617065785F6462"}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643191.195:6458096): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:77 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643191.195:6458096): item=0 name=\"/usr/local/bin/pg_isready\" inode=6091069 dev=00:77 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643191.195:6458096): cwd=\"/\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643191.195:6458096): argc=5 a0=\"pg_isready\" a1=\"-U\" a2=\"apex_user\" a3=\"-d\" a4=\"apex_db\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643191.195:6458096): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643191.195:6458096): arch=c000003e syscall=59 success=yes exit=0 a0=775923da83f8 a1=775923da8278 a2=775923da8378 a3=0 items=2 ppid=5169 pid=1271062 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643191.191:6458095): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520617065785F75736572202D6420617065785F6462"}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643191.191:6458095): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:77 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643191.191:6458095): item=0 name=\"/bin/sh\" inode=3454556 dev=00:77 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643191.191:6458095): cwd=\"/\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643191.191:6458095): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520617065785F75736572202D6420617065785F6462"}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643191.191:6458095): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643191.191:6458095): arch=c000003e syscall=59 success=yes exit=0 a0=c0001a8f68 a1=c000022680 a2=c0001508c0 a3=0 items=2 ppid=1271048 pid=1271062 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643191.165:6458094): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520666F7267656A6F"}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643191.165:6458094): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:b3 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643191.165:6458094): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:b3 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643191.165:6458094): cwd=\"/\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643191.165:6458094): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"forgejo\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643191.165:6458094): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643191.165:6458094): arch=c000003e syscall=59 success=yes exit=0 a0=7de187acd278 a1=7de187acd1d8 a2=7de187acd1f8 a3=8080808080808080 items=2 ppid=1271028 pid=1271041 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643191.162:6458093): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520666F7267656A6F"}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643191.162:6458093): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:b3 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643191.162:6458093): item=0 name=\"/bin/sh\" inode=8589166 dev=00:b3 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643191.162:6458093): cwd=\"/\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643191.162:6458093): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520666F7267656A6F"}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643191.162:6458093): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643191.162:6458093): arch=c000003e syscall=59 success=yes exit=0 a0=c00017cf68 a1=c000022680 a2=c0000d88c0 a3=0 items=2 ppid=1271028 pid=1271041 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643191.145:6458092): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643191.145:6458092): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643191.145:6458092): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:11f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643191.145:6458092): cwd=\"/var/lib/docker/rootfs/overlayfs/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643191.145:6458092): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643191.145:6458092): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5890 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=1271048 pid=1271058 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643191.130:6458091): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F63316638663937643533353936653936373532306466353366"}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643191.130:6458091): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643191.130:6458091): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643191.130:6458091): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643191.130:6458091): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process4068682066\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83/c94c126583b7ea0e35dd3b091686a96ed1cca20ac7f33338c922c958237a6d92.pid\" a14=\"c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643191.130:6458091): arch=c000003e syscall=59 success=yes exit=0 a0=c00017ab60 a1=c000250b80 a2=c000250c80 a3=0 items=2 ppid=5169 pid=1271048 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643191.113:6458090): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643191.113:6458090): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643191.113:6458090): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643191.113:6458090): cwd=\"/var/lib/docker/rootfs/overlayfs/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643191.113:6458090): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643191.113:6458090): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b840 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=1271028 pid=1271037 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643191.098:6458089): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F32636464336430383963393436373631633432633763666334"}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643191.098:6458089): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643191.098:6458089): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643191.098:6458089): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643191.098:6458089): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process127991857\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251/47a288237646c741d6167e6336fff1c614073536bdc6b33b4b2b8476be14a838.pid\" a14=\"2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643191.098:6458089): arch=c000003e syscall=59 success=yes exit=0 a0=c0000dba50 a1=c0000d4f00 a2=c0000d4f80 a3=0 items=2 ppid=4749 pid=1271028 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643190.908:6458088): proctitle=636174002F746D702F66616C636F5F6865616C7468"}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643190.908:6458088): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8279763 dev=00:54 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643190.908:6458088): item=0 name=\"/bin/cat\" inode=8279592 dev=00:54 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643190.908:6458088): cwd=\"/\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643190.908:6458088): argc=2 a0=\"cat\" a1=\"/tmp/falco_health\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643190.908:6458088): arch=c000003e syscall=59 success=yes exit=0 a0=5938861cdc50 a1=5938861cc758 a2=5938861cdbb8 a3=4 items=2 ppid=1271019 pid=1271025 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/bin/busybox\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643190.901:6458087): proctitle=2F62696E2F7368002D6300636174202F746D702F66616C636F5F6865616C7468207C7C20657869742030"}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643190.901:6458087): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8279763 dev=00:54 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643190.901:6458087): item=0 name=\"/bin/sh\" inode=8279592 dev=00:54 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643190.901:6458087): cwd=\"/\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643190.901:6458087): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=636174202F746D702F66616C636F5F6865616C7468207C7C20657869742030"}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643190.901:6458087): arch=c000003e syscall=59 success=yes exit=0 a0=c0000ddcb8 a1=c000022920 a2=c000170e10 a3=0 items=2 ppid=5778 pid=1271019 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643190.874:6458086): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643190.874:6458086): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643190.874:6458086): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643190.874:6458086): cwd=\"/var/lib/docker/rootfs/overlayfs/293239633a2ddf31b93206215b8746aa165b26f8930bdc103230de7930321e5e\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643190.874:6458086): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643190.874:6458086): arch=c000003e syscall=59 success=yes exit=0 a0=c000203c30 a1=c0000a7038 a2=c000095c40 a3=0 items=2 ppid=1271005 pid=1271014 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643190.850:6458085): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F32393332333936333361326464663331623933323036323135"}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643190.850:6458085): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643190.850:6458085): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643190.850:6458085): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/293239633a2ddf31b93206215b8746aa165b26f8930bdc103230de7930321e5e\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643190.850:6458085): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/293239633a2ddf31b93206215b8746aa165b26f8930bdc103230de7930321e5e/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process391394082\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/293239633a2ddf31b93206215b8746aa165b26f8930bdc103230de7930321e5e/d5dfa5517f973a2b6bccf69a22ccc69056848bd43020cee1100e70cd7f12aca9.pid\" a14=\"293239633a2ddf31b93206215b8746aa165b26f8930bdc103230de7930321e5e\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643190.850:6458085): arch=c000003e syscall=59 success=yes exit=0 a0=c000200ec0 a1=c000184200 a2=c000184e00 a3=0 items=2 ppid=5778 pid=1271005 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643190.786:6458084): proctitle=6375726C002D6600687474703A2F2F6C6F63616C686F73743A383030302F6865616C74687A"}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643190.786:6458084): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643190.786:6458084): item=0 name=\"/usr/bin/curl\" inode=8530521 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643190.786:6458084): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643190.786:6458084): argc=3 a0=\"curl\" a1=\"-f\" a2=\"http://localhost:8000/healthz\""}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643190.786:6458084): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643190.786:6458084): arch=c000003e syscall=59 success=yes exit=0 a0=c00018cf50 a1=c000022ac0 a2=c000170a20 a3=0 items=2 ppid=4871 pid=1270998 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"curl\" exe=\"/usr/bin/curl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643190.738:6458083): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643190.738:6458083): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643190.738:6458083): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643190.738:6458083): cwd=\"/var/lib/docker/rootfs/overlayfs/85b545c504cd648e96e62b4ba6066cca7e4a8b207e2cdfa5efa782d8a3e3241b\""}
{"ts": "2026-04-19T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643190.738:6458083): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643190.738:6458083): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c58a0 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=1270986 pid=1270996 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643190.722:6458082): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F38356235343563353034636436343865393665363262346261"}
{"ts": "2026-04-19T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643190.722:6458082): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643190.722:6458082): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643190.722:6458082): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/85b545c504cd648e96e62b4ba6066cca7e4a8b207e2cdfa5efa782d8a3e3241b\""}
{"ts": "2026-04-19T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643190.722:6458082): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/85b545c504cd648e96e62b4ba6066cca7e4a8b207e2cdfa5efa782d8a3e3241b/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1247915993\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/85b545c504cd648e96e62b4ba6066cca7e4a8b207e2cdfa5efa782d8a3e3241b/49ee5d007b8220e240aacf266eead75432f041ed99547dea06908e3dabdb702c.pid\" a14=\"85b545c504cd648e96e62b4ba6066cca7e4a8b207e2cdfa5efa782d8a3e3241b\""}
{"ts": "2026-04-19T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643190.722:6458082): arch=c000003e syscall=59 success=yes exit=0 a0=c0002b51a0 a1=c00036f500 a2=c00036f580 a3=0 items=2 ppid=4871 pid=1270986 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643189.512:6458081): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643189.512:6458081): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643189.512:6458081): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643189.512:6458081): cwd=\"/var/lib/docker/rootfs/overlayfs/531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50\""}
{"ts": "2026-04-19T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643189.512:6458081): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643189.512:6458081): arch=c000003e syscall=59 success=yes exit=0 a0=c00020c020 a1=c000224000 a2=c000226000 a3=0 items=2 ppid=1270967 pid=1270977 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643189.494:6458080): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F35333161623839363863653834346231386230623365626166"}
{"ts": "2026-04-19T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643189.494:6458080): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643189.494:6458080): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643189.494:6458080): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50\""}
{"ts": "2026-04-19T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643189.494:6458080): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1568282098\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50/31f216cb10d9cc2d334ef82cbcbaecf0e35ede211040f9f8a671b5ada37a6d17.pid\" a14=\"531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50\""}
{"ts": "2026-04-19T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643189.494:6458080): arch=c000003e syscall=59 success=yes exit=0 a0=c00043cf60 a1=c0002f7100 a2=c0002f7280 a3=0 items=2 ppid=5521 pid=1270967 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643188.934:6458079): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643188.934:6458079): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643188.934:6458079): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643188.934:6458079): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643188.934:6458079): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643188.934:6458079): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643188.934:6458079): arch=c000003e syscall=59 success=yes exit=0 a0=7276055e5d60 a1=7275b04428e0 a2=5d751c63aa40 a3=8 items=2 ppid=6449 pid=1270964 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643188.934:6458078): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643188.934:6458078): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643188.934:6458078): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643188.934:6458078): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b04428e0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1270964 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643188.934:6458077): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643188.934:6458077): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643188.934:6458077): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643188.934:6458077): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b04428e0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1270964 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643188.934:6458076): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643188.934:6458076): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643188.934:6458076): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643188.934:6458076): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b04428e0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1270964 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643188.934:6458075): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643188.934:6458075): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643188.934:6458075): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643188.934:6458075): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b04428e0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1270964 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643188.934:6458074): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643188.934:6458074): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643188.934:6458074): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643188.934:6458074): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b04428e0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1270964 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643188.934:6458073): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643188.934:6458073): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643188.934:6458073): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643188.934:6458073): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b04428e0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1270964 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643188.931:6458072): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643188.931:6458072): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643188.931:6458072): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643188.931:6458072): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643188.931:6458072): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643188.931:6458072): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643188.931:6458072): arch=c000003e syscall=59 success=yes exit=0 a0=7276055e5d60 a1=7275b04428c0 a2=5d751c63aa40 a3=8 items=2 ppid=6449 pid=1270963 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643188.931:6458071): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643188.931:6458071): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643188.931:6458071): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643188.931:6458071): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b04428c0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1270963 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643188.930:6458070): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643188.930:6458070): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643188.930:6458070): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643188.930:6458070): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b04428c0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1270963 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643188.930:6458069): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643188.930:6458069): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643188.930:6458069): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643188.930:6458069): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b04428c0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1270963 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643188.930:6458068): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643188.930:6458068): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643188.930:6458068): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643188.930:6458068): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b04428c0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1270963 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643188.930:6458067): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643188.930:6458067): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643188.930:6458067): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643188.930:6458067): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b04428c0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1270963 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643188.930:6458066): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643188.930:6458066): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643188.930:6458066): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643188.930:6458066): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b04428c0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1270963 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643188.927:6458065): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643188.927:6458065): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643188.927:6458065): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643188.927:6458065): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643188.927:6458065): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643188.927:6458065): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643188.927:6458065): arch=c000003e syscall=59 success=yes exit=0 a0=7276055e5d60 a1=7275b04427c0 a2=5d751c63aa40 a3=8 items=2 ppid=6449 pid=1270962 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643188.927:6458064): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643188.927:6458064): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643188.927:6458064): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643188.927:6458064): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b04427c0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1270962 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643188.927:6458063): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643188.927:6458063): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643188.927:6458063): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643188.927:6458063): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b04427c0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1270962 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643188.927:6458062): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643188.927:6458062): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643188.927:6458062): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643188.927:6458062): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b04427c0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1270962 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643188.927:6458061): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643188.927:6458061): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643188.927:6458061): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643188.927:6458061): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b04427c0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1270962 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643188.927:6458060): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643188.927:6458060): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643188.927:6458060): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643188.927:6458060): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b04427c0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1270962 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643188.927:6458059): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643188.927:6458059): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643188.927:6458059): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643188.927:6458059): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b04427c0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1270962 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643188.712:6458058): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643188.712:6458058): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:ad mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643188.712:6458058): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:ad mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643188.712:6458058): cwd=\"/\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643188.712:6458058): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"postgres\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643188.712:6458058): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643188.712:6458058): arch=c000003e syscall=59 success=yes exit=0 a0=701b199e0288 a1=701b199e01e8 a2=701b199e0208 a3=0 items=2 ppid=5688 pid=1270945 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643188.710:6458057): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643188.710:6458057): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:ad mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643188.710:6458057): item=0 name=\"/bin/sh\" inode=8589166 dev=00:ad mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643188.710:6458057): cwd=\"/\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643188.710:6458057): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643188.710:6458057): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643188.710:6458057): arch=c000003e syscall=59 success=yes exit=0 a0=c000196f78 a1=c000022680 a2=c0000d88c0 a3=0 items=2 ppid=1270932 pid=1270945 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643188.654:6458056): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643188.654:6458056): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643188.654:6458056): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:11f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643188.654:6458056): cwd=\"/var/lib/docker/rootfs/overlayfs/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643188.654:6458056): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643188.654:6458056): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3850 a1=c0001f7338 a2=c0001f9c40 a3=0 items=2 ppid=1270932 pid=1270941 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643188.639:6458055): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36373039376639343730643235616536323333306332373865"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643188.639:6458055): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643188.639:6458055): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643188.639:6458055): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643188.639:6458055): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1946086894\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41/e26c40ba56ee43006ee7b33c16518b696dd1be973385697f8cd045dfb6b103cf.pid\" a14=\"67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643188.639:6458055): arch=c000003e syscall=59 success=yes exit=0 a0=c000383490 a1=c000296a80 a2=c000296b00 a3=0 items=2 ppid=5688 pid=1270932 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643188.622:6458054): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643188.622:6458054): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643188.622:6458054): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643188.622:6458054): cwd=\"/var/lib/docker/rootfs/overlayfs/50c06ccc693a9a1ca5cfd013e69573fe81921d461db25d53e0c9a772d419173f\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643188.622:6458054): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643188.622:6458054): arch=c000003e syscall=59 success=yes exit=0 a0=c0001eb830 a1=c0001ef338 a2=c0001f1c00 a3=0 items=2 ppid=1270914 pid=1270923 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643188.606:6458053): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F35306330366363633639336139613163613563666430313365"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643188.606:6458053): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643188.606:6458053): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643188.606:6458053): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/50c06ccc693a9a1ca5cfd013e69573fe81921d461db25d53e0c9a772d419173f\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643188.606:6458053): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/50c06ccc693a9a1ca5cfd013e69573fe81921d461db25d53e0c9a772d419173f/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2150636158\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/50c06ccc693a9a1ca5cfd013e69573fe81921d461db25d53e0c9a772d419173f/d8d7e51565cdcd5092f01e5a07cd592739150c523ece4663469d46c4c7ecc3a0.pid\" a14=\"50c06ccc693a9a1ca5cfd013e69573fe81921d461db25d53e0c9a772d419173f\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643188.606:6458053): arch=c000003e syscall=59 success=yes exit=0 a0=c000010420 a1=c000300180 a2=c000300c80 a3=0 items=2 ppid=5217 pid=1270914 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643188.456:6458052): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520646F63757365616C"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643188.456:6458052): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:a3 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643188.456:6458052): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:a3 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643188.456:6458052): cwd=\"/\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643188.456:6458052): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"docuseal\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643188.456:6458052): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643188.456:6458052): arch=c000003e syscall=59 success=yes exit=0 a0=791b61a9e288 a1=791b61a9e1e8 a2=791b61a9e208 a3=0 items=2 ppid=5572 pid=1270907 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643188.454:6458051): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520646F63757365616C"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643188.454:6458051): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:a3 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643188.454:6458051): item=0 name=\"/bin/sh\" inode=8589166 dev=00:a3 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643188.454:6458051): cwd=\"/\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643188.454:6458051): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520646F63757365616C"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643188.454:6458051): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643188.454:6458051): arch=c000003e syscall=59 success=yes exit=0 a0=c00018af38 a1=c000022ac0 a2=c0001348c0 a3=0 items=2 ppid=1270895 pid=1270907 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643188.407:6458050): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643188.407:6458050): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643188.407:6458050): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643188.407:6458050): cwd=\"/var/lib/docker/rootfs/overlayfs/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643188.407:6458050): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643188.407:6458050): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3840 a1=c0001f7338 a2=c0001f9c40 a3=0 items=2 ppid=1270895 pid=1270904 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643188.391:6458049): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F33363066643730616536656237636435653039353463653966"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643188.391:6458049): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643188.391:6458049): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643188.391:6458049): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643188.391:6458049): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2965601546\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a/1afab1789b15576bcf95ad738e98050960f4eb6bb018185001716c59c6137fcf.pid\" a14=\"360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643188.391:6458049): arch=c000003e syscall=59 success=yes exit=0 a0=c000261400 a1=c0001a1080 a2=c0001a1100 a3=0 items=2 ppid=5572 pid=1270895 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643187.452:6458048): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643187.452:6458048): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6694357 dev=00:4b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643187.452:6458048): item=0 name=\"/usr/local/bin/redis-cli\" inode=6703632 dev=00:4b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643187.452:6458048): cwd=\"/data\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643187.452:6458048): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643187.452:6458048): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643187.452:6458048): arch=c000003e syscall=59 success=yes exit=0 a0=c000028760 a1=c000117350 a2=c0000e11c0 a3=0 items=2 ppid=1270876 pid=1270889 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643187.413:6458047): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643187.413:6458047): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643187.413:6458047): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643187.413:6458047): cwd=\"/var/lib/docker/rootfs/overlayfs/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643187.413:6458047): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643187.413:6458047): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3830 a1=c0001f7338 a2=c0001f9c00 a3=0 items=2 ppid=1270876 pid=1270886 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643187.398:6458046): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F34383062353761303034306362373564646534356436663664"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643187.398:6458046): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643187.398:6458046): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643187.398:6458046): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643187.398:6458046): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3417026236\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af/39d3c1e8e5fff4981414bd9981af76f4da61e9fe4ea86a4b03936697b84b3eb4.pid\" a14=\"480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643187.398:6458046): arch=c000003e syscall=59 success=yes exit=0 a0=c00034f790 a1=c00038cc80 a2=c00038cd00 a3=0 items=2 ppid=5107 pid=1270876 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643187.272:6458045): proctitle=2F62696E2F7368002D630070675F69737265616479202D552077696E646D696C6C5F75736572202D642077696E646D696C6C5F6462"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643187.272:6458045): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643187.272:6458045): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643187.272:6458045): cwd=\"/\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643187.272:6458045): argc=5 a0=\"pg_isready\" a1=\"-U\" a2=\"windmill_user\" a3=\"-d\" a4=\"windmill_db\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643187.272:6458045): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643187.272:6458045): arch=c000003e syscall=59 success=yes exit=0 a0=7a30f8b973f8 a1=7a30f8b97290 a2=7a30f8b97378 a3=0 items=2 ppid=4404 pid=1270868 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643187.269:6458044): proctitle=2F62696E2F7368002D630070675F69737265616479202D552077696E646D696C6C5F75736572202D642077696E646D696C6C5F6462"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643187.269:6458044): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643187.269:6458044): item=0 name=\"/bin/sh\" inode=8589166 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643187.269:6458044): cwd=\"/\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643187.269:6458044): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552077696E646D696C6C5F75736572202D642077696E646D696C6C5F6462"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643187.269:6458044): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643187.269:6458044): arch=c000003e syscall=59 success=yes exit=0 a0=c00019cf68 a1=c000022680 a2=c0001508c0 a3=0 items=2 ppid=4404 pid=1270868 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643187.265:6458043): proctitle=2F62696E2F7368002D630070675F69737265616479202D552074797065626F74"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643187.265:6458043): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:85 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643187.265:6458043): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:85 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643187.265:6458043): cwd=\"/\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643187.265:6458043): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"typebot\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643187.265:6458043): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643187.265:6458043): arch=c000003e syscall=59 success=yes exit=0 a0=70401f3ea278 a1=70401f3ea1d8 a2=70401f3ea1f8 a3=8080808080808080 items=2 ppid=4609 pid=1270854 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643187.262:6458042): proctitle=2F62696E2F7368002D630070675F69737265616479202D552074797065626F74"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643187.262:6458042): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:85 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643187.262:6458042): item=0 name=\"/bin/sh\" inode=8589166 dev=00:85 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643187.262:6458042): cwd=\"/\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643187.262:6458042): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552074797065626F74"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643187.262:6458042): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643187.262:6458042): arch=c000003e syscall=59 success=yes exit=0 a0=c00018af38 a1=c000022ac0 a2=c0001348c0 a3=0 items=2 ppid=1270836 pid=1270854 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643187.222:6458041): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643187.222:6458041): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643187.222:6458041): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:11f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643187.222:6458041): cwd=\"/var/lib/docker/rootfs/overlayfs/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643187.222:6458041): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643187.222:6458041): arch=c000003e syscall=59 success=yes exit=0 a0=c0001cd890 a1=c0001d1350 a2=c0001d3c80 a3=0 items=2 ppid=1270842 pid=1270864 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643187.213:6458040): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643187.213:6458040): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643187.213:6458040): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643187.213:6458040): cwd=\"/var/lib/docker/rootfs/overlayfs/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643187.213:6458040): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643187.213:6458040): arch=c000003e syscall=59 success=yes exit=0 a0=c000245890 a1=c000249350 a2=c00024bc80 a3=0 items=2 ppid=1270836 pid=1270846 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643187.207:6458039): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F32613336356335636263646565393463656638656238333338"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643187.207:6458039): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643187.207:6458039): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643187.207:6458039): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643187.207:6458039): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3313042621\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c/c918eea9ca5bb243c6ecb677afb207818809459b25ca4eaf1211d1f2cc7f1864.pid\" a14=\"2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643187.207:6458039): arch=c000003e syscall=59 success=yes exit=0 a0=c0003419a0 a1=c000204d80 a2=c000204e00 a3=0 items=2 ppid=4404 pid=1270842 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643187.197:6458038): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F61353866643439636235323962633263336335663434343763"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643187.197:6458038): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643187.197:6458038): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643187.197:6458038): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643187.197:6458038): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1398129431\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b/630758398eee5ba7fe8863d378481a0c55d3863bb27328625678f1673b91cb24.pid\" a14=\"a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643187.197:6458038): arch=c000003e syscall=59 success=yes exit=0 a0=c000401490 a1=c000105000 a2=c000105080 a3=0 items=2 ppid=4609 pid=1270836 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643187.086:6458037): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643187.086:6458037): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:bf mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643187.086:6458037): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:bf mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643187.086:6458037): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643187.086:6458037): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643187.086:6458037): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643187.086:6458037): arch=c000003e syscall=59 success=yes exit=0 a0=7cf488ecad60 a1=7cf467e014e0 a2=570e063f2a40 a3=8 items=2 ppid=6698 pid=1270834 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643187.086:6458036): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643187.086:6458036): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643187.086:6458036): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643187.086:6458036): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf467e014e0 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1270834 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643187.086:6458035): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643187.086:6458035): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643187.086:6458035): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643187.086:6458035): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf467e014e0 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1270834 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643187.086:6458034): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643187.086:6458034): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643187.086:6458034): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643187.086:6458034): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf467e014e0 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1270834 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643187.086:6458033): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643187.086:6458033): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643187.086:6458033): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643187.086:6458033): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf467e014e0 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1270834 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643187.086:6458032): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643187.086:6458032): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643187.086:6458032): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643187.086:6458032): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf467e014e0 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1270834 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643187.085:6458031): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643187.085:6458031): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643187.085:6458031): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643187.085:6458031): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf467e014e0 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1270834 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643187.083:6458030): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643187.083:6458030): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:bf mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643187.083:6458030): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:bf mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643187.083:6458030): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643187.083:6458030): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643187.083:6458030): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643187.083:6458030): arch=c000003e syscall=59 success=yes exit=0 a0=7cf488ecad60 a1=7cf467e014c0 a2=570e063f2a40 a3=8 items=2 ppid=6698 pid=1270833 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643187.083:6458029): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643187.083:6458029): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643187.083:6458029): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643187.083:6458029): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf467e014c0 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1270833 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643187.083:6458028): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643187.083:6458028): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643187.083:6458028): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643187.083:6458028): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf467e014c0 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1270833 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643187.083:6458027): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643187.083:6458027): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643187.083:6458027): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643187.083:6458027): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf467e014c0 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1270833 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643187.083:6458026): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643187.083:6458026): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643187.083:6458026): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643187.083:6458026): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf467e014c0 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1270833 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643187.083:6458025): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643187.083:6458025): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643187.083:6458025): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643187.083:6458025): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf467e014c0 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1270833 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643187.083:6458024): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643187.083:6458024): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643187.083:6458024): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643187.083:6458024): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf467e014c0 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1270833 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643187.080:6458023): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643187.080:6458023): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:bf mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643187.080:6458023): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:bf mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643187.080:6458023): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643187.080:6458023): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643187.080:6458023): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643187.080:6458023): arch=c000003e syscall=59 success=yes exit=0 a0=7cf488ecad60 a1=7cf467e00840 a2=570e063f2a40 a3=8 items=2 ppid=6698 pid=1270832 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643187.080:6458022): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643187.080:6458022): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643187.080:6458022): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643187.080:6458022): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf467e00840 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1270832 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643187.080:6458021): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643187.080:6458021): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643187.080:6458021): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643187.080:6458021): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf467e00840 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1270832 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643187.080:6458020): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643187.080:6458020): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643187.080:6458020): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643187.080:6458020): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf467e00840 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1270832 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643187.080:6458019): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643187.080:6458019): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643187.080:6458019): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643187.080:6458019): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf467e00840 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1270832 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643187.080:6458018): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643187.080:6458018): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643187.080:6458018): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643187.080:6458018): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf467e00840 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1270832 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643187.080:6458017): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643187.080:6458017): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643187.080:6458017): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643187.080:6458017): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf467e00840 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1270832 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643186.776:6458016): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643186.776:6458016): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643186.776:6458016): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643186.776:6458016): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643186.776:6458016): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643186.776:6458016): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643186.776:6458016): arch=c000003e syscall=59 success=yes exit=0 a0=75b00d839d60 a1=75afebc00960 a2=572859f88650 a3=8 items=2 ppid=6470 pid=1270828 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643186.776:6458015): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643186.776:6458015): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643186.776:6458015): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643186.776:6458015): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00960 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1270828 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643186.776:6458014): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643186.776:6458014): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643186.776:6458014): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643186.776:6458014): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00960 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1270828 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643186.776:6458013): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643186.776:6458013): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643186.776:6458013): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643186.776:6458013): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00960 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1270828 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643186.776:6458012): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643186.776:6458012): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643186.776:6458012): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643186.776:6458012): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00960 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1270828 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643186.776:6458011): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643186.776:6458011): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643186.776:6458011): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643186.776:6458011): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00960 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1270828 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643186.776:6458010): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643186.776:6458010): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643186.776:6458010): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643186.776:6458010): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00960 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1270828 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643186.774:6458009): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643186.774:6458009): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643186.774:6458009): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643186.774:6458009): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643186.774:6458009): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643186.774:6458009): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643186.774:6458009): arch=c000003e syscall=59 success=yes exit=0 a0=75b00d839d60 a1=75afebc00940 a2=572859f88650 a3=8 items=2 ppid=6470 pid=1270827 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643186.774:6458008): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643186.774:6458008): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643186.774:6458008): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643186.774:6458008): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00940 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1270827 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643186.774:6458007): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643186.774:6458007): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643186.774:6458007): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643186.774:6458007): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00940 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1270827 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643186.774:6458006): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643186.774:6458006): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643186.774:6458006): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643186.774:6458006): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00940 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1270827 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643186.773:6458005): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643186.773:6458005): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643186.773:6458005): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643186.773:6458005): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00940 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1270827 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643186.773:6458004): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643186.773:6458004): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643186.773:6458004): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643186.773:6458004): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00940 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1270827 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643186.773:6458003): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643186.773:6458003): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643186.773:6458003): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643186.773:6458003): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00940 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1270827 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643186.771:6458002): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643186.771:6458002): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643186.771:6458002): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643186.771:6458002): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643186.771:6458002): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643186.771:6458002): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643186.771:6458002): arch=c000003e syscall=59 success=yes exit=0 a0=75b00d839d60 a1=75afebc008a0 a2=572859f88650 a3=8 items=2 ppid=6470 pid=1270826 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643186.771:6458001): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643186.771:6458001): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643186.771:6458001): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643186.771:6458001): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc008a0 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1270826 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643186.770:6458000): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643186.770:6458000): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643186.770:6458000): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643186.770:6458000): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc008a0 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1270826 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643186.770:6457999): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643186.770:6457999): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643186.770:6457999): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643186.770:6457999): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc008a0 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1270826 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643186.770:6457998): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643186.770:6457998): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643186.770:6457998): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643186.770:6457998): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc008a0 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1270826 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643186.770:6457997): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643186.770:6457997): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643186.770:6457997): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643186.770:6457997): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc008a0 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1270826 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643186.770:6457996): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643186.770:6457996): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643186.770:6457996): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643186.770:6457996): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc008a0 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1270826 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643186.676:6457995): proctitle=6A71002D2D7261772D6F7574707574002E737461747573"}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643186.676:6457995): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643186.676:6457995): item=0 name=\"/usr/bin/jq\" inode=7115963 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643186.676:6457995): cwd=\"/app\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643186.676:6457995): argc=3 a0=\"jq\" a1=\"--raw-output\" a2=\".status\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643186.676:6457995): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643186.676:6457995): arch=c000003e syscall=59 success=yes exit=0 a0=5ee9f28879a0 a1=5ee9f2888280 a2=5ee9f2884300 a3=8 items=2 ppid=1270823 pid=1270825 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"jq\" exe=\"/usr/bin/jq\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643186.676:6457994): proctitle=6375726C002D2D73696C656E7400687474703A2F2F3132372E302E302E313A38312F6170692F"}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643186.676:6457994): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643186.676:6457994): item=0 name=\"/usr/bin/curl\" inode=7115848 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643186.676:6457994): cwd=\"/app\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643186.676:6457994): argc=3 a0=\"curl\" a1=\"--silent\" a2=\"http://127.0.0.1:81/api/\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643186.676:6457994): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643186.676:6457994): arch=c000003e syscall=59 success=yes exit=0 a0=5ee9f28879d0 a1=5ee9f28882b0 a2=5ee9f2884300 a3=8 items=2 ppid=1270823 pid=1270824 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"curl\" exe=\"/usr/bin/curl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643186.670:6457993): proctitle=2F62696E2F62617368002F62696E2F636865636B2D6865616C7468"}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643186.670:6457993): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643186.670:6457993): item=1 name=\"/bin/bash\" inode=6954383 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643186.670:6457993): item=0 name=\"/bin/check-health\" inode=8694993 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643186.670:6457993): cwd=\"/app\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643186.670:6457993): argc=2 a0=\"/bin/bash\" a1=\"/bin/check-health\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643186.670:6457993): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643186.670:6457993): arch=c000003e syscall=59 success=yes exit=0 a0=c000027350 a1=c00002a7e0 a2=c000145cc0 a3=0 items=3 ppid=1270805 pid=1270817 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"check-health\" exe=\"/usr/bin/bash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643186.623:6457992): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643186.623:6457992): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643186.623:6457992): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643186.623:6457992): cwd=\"/var/lib/docker/rootfs/overlayfs/3d00cea9d890ac76ec9bbdca47f4d82e83b0a918911a118694314103c0f1ab42\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643186.623:6457992): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643186.623:6457992): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b860 a1=c00017f338 a2=c000181c00 a3=0 items=2 ppid=1270805 pid=1270814 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643186.608:6457991): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F33643030636561396438393061633736656339626264636134"}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643186.608:6457991): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643186.608:6457991): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643186.608:6457991): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/3d00cea9d890ac76ec9bbdca47f4d82e83b0a918911a118694314103c0f1ab42\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643186.608:6457991): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/3d00cea9d890ac76ec9bbdca47f4d82e83b0a918911a118694314103c0f1ab42/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2191344308\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/3d00cea9d890ac76ec9bbdca47f4d82e83b0a918911a118694314103c0f1ab42/280391be1327ab4430b988efc9f9128ced806b3a5939fbe199bc821add0fe752.pid\" a14=\"3d00cea9d890ac76ec9bbdca47f4d82e83b0a918911a118694314103c0f1ab42\""}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643186.608:6457991): arch=c000003e syscall=59 success=yes exit=0 a0=c00031b300 a1=c00030bd00 a2=c00030bd80 a3=0 items=2 ppid=5314 pid=1270805 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643185.849:6457990): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643185.849:6457990): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643185.849:6457990): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643185.849:6457990): cwd=\"/var/lib/docker/rootfs/overlayfs/0551ebf5e351d607ff347c46d3058d401e5e7a07d18c311231b1292b5507ba3f\""}
{"ts": "2026-04-19T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643185.849:6457990): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643185.849:6457990): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c78b0 a1=c0001cb350 a2=c0001cdc80 a3=0 items=2 ppid=1270786 pid=1270796 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643185.833:6457989): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F30353531656266356533353164363037666633343763343664"}
{"ts": "2026-04-19T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643185.833:6457989): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643185.833:6457989): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643185.833:6457989): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/0551ebf5e351d607ff347c46d3058d401e5e7a07d18c311231b1292b5507ba3f\""}
{"ts": "2026-04-19T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643185.833:6457989): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/0551ebf5e351d607ff347c46d3058d401e5e7a07d18c311231b1292b5507ba3f/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3951174763\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/0551ebf5e351d607ff347c46d3058d401e5e7a07d18c311231b1292b5507ba3f/320e5e74a3d1484a7f6f82bd8bbd12b29e75eb3d919f91097e6a74a2934bb065.pid\" a14=\"0551ebf5e351d607ff347c46d3058d401e5e7a07d18c311231b1292b5507ba3f\""}
{"ts": "2026-04-19T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643185.833:6457989): arch=c000003e syscall=59 success=yes exit=0 a0=c00021d160 a1=c0001d1a00 a2=c0001d1a80 a3=0 items=2 ppid=5077 pid=1270786 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643185.349:6457988): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-04-19T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643185.349:6457988): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6694357 dev=00:6b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643185.349:6457988): item=0 name=\"/usr/local/bin/redis-cli\" inode=6703632 dev=00:6b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643185.349:6457988): cwd=\"/data\""}
{"ts": "2026-04-19T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643185.349:6457988): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-04-19T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643185.349:6457988): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643185.349:6457988): arch=c000003e syscall=59 success=yes exit=0 a0=c000028760 a1=c00009f350 a2=c0001651c0 a3=0 items=2 ppid=1270768 pid=1270780 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643185.303:6457987): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643185.303:6457987): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643185.303:6457987): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643185.303:6457987): cwd=\"/var/lib/docker/rootfs/overlayfs/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748\""}
{"ts": "2026-04-19T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643185.303:6457987): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643185.303:6457987): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5880 a1=c0001c9350 a2=c0001cbc40 a3=0 items=2 ppid=1270768 pid=1270778 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643185.286:6457986): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F30613638333732643666643238323031363834626539383237"}
{"ts": "2026-04-19T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643185.286:6457986): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643185.286:6457986): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643185.286:6457986): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748\""}
{"ts": "2026-04-19T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643185.286:6457986): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1191396013\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748/114d53d32fd423746c48ad6124302bb3103767f36a783f519f0e593f508104fb.pid\" a14=\"0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748\""}
{"ts": "2026-04-19T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643185.286:6457986): arch=c000003e syscall=59 success=yes exit=0 a0=c0001daef0 a1=c000230900 a2=c000230a00 a3=0 items=2 ppid=4707 pid=1270768 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643184.989:6457985): proctitle=6D617269616462002D2D64656661756C74732D65787472612D66696C653D2F7661722F6C69622F6D7973716C2F2E6D792D6865616C7468636865636B2E636E66002D2D70726F746F636F6C00736F636B6574002D42002D2D736B69702D636F6C756D6E2D6E616D6573002D650073656C65637420312066726F6D20696E666F72"}
{"ts": "2026-04-19T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643184.989:6457985): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:61 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643184.989:6457985): item=0 name=\"/usr/bin/mariadb\" inode=7117817 dev=00:61 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643184.989:6457985): cwd=\"/\""}
{"ts": "2026-04-19T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643184.989:6457985): argc=8 a0=\"mariadb\" a1=\"--defaults-extra-file=/var/lib/mysql/.my-healthcheck.cnf\" a2=\"--protocol\" a3=\"socket\" a4=\"-B\" a5=\"--skip-column-names\" a6=\"-e\" a7=73656C65637420312066726F6D20696E666F726D6174696F6E5F736368656D612E454E47494E455320574845524520656E67696E653D27696E6E6F64622720414E4420737570706F727420696E202827594553272C202744454641554C54272C2027454E41424C45442729"}
{"ts": "2026-04-19T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643184.989:6457985): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643184.989:6457985): arch=c000003e syscall=59 success=yes exit=0 a0=59cdfcc2e990 a1=59cdfcc509c0 a2=59cdfcc2f860 a3=8 items=2 ppid=1270758 pid=1270765 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"mariadb\" exe=\"/usr/bin/mariadb\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643184.974:6457984): proctitle=6D617269616462002D2D64656661756C74732D65787472612D66696C653D2F7661722F6C69622F6D7973716C2F2E6D792D6865616C7468636865636B2E636E66002D2D70726F746F636F6C00736F636B6574002D42002D2D736B69702D636F6C756D6E2D6E616D6573002D650073656C656374204040736B69705F6E6574776F"}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643184.974:6457984): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:61 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643184.974:6457984): item=0 name=\"/usr/bin/mariadb\" inode=7117817 dev=00:61 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643184.974:6457984): cwd=\"/\""}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643184.974:6457984): argc=8 a0=\"mariadb\" a1=\"--defaults-extra-file=/var/lib/mysql/.my-healthcheck.cnf\" a2=\"--protocol\" a3=\"socket\" a4=\"-B\" a5=\"--skip-column-names\" a6=\"-e\" a7=73656C656374204040736B69705F6E6574776F726B696E67"}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643184.974:6457984): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643184.974:6457984): arch=c000003e syscall=59 success=yes exit=0 a0=59cdfcc2efe0 a1=59cdfcc50810 a2=59cdfcc2f4a0 a3=8 items=2 ppid=1270758 pid=1270764 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"mariadb\" exe=\"/usr/bin/mariadb\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643184.965:6457983): proctitle=2F62696E2F62617368002F7573722F6C6F63616C2F62696E2F6865616C7468636865636B2E7368002D2D636F6E6E656374002D2D696E6E6F64625F696E697469616C697A6564"}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643184.965:6457983): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:61 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643184.965:6457983): item=1 name=\"/bin/bash\" inode=6963796 dev=00:61 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643184.965:6457983): item=0 name=\"/usr/local/bin/healthcheck.sh\" inode=7348502 dev=00:61 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643184.965:6457983): cwd=\"/\""}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643184.965:6457983): argc=4 a0=\"/bin/bash\" a1=\"/usr/local/bin/healthcheck.sh\" a2=\"--connect\" a3=\"--innodb_initialized\""}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643184.965:6457983): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643184.965:6457983): arch=c000003e syscall=59 success=yes exit=0 a0=c000028760 a1=c000022660 a2=c0000de320 a3=0 items=3 ppid=1270745 pid=1270758 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"healthcheck.sh\" exe=\"/usr/bin/bash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643184.915:6457982): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643184.915:6457982): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643184.915:6457982): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643184.915:6457982): cwd=\"/var/lib/docker/rootfs/overlayfs/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643184.915:6457982): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643184.915:6457982): arch=c000003e syscall=59 success=yes exit=0 a0=c0001cd890 a1=c0001d1350 a2=c0001d3c80 a3=0 items=2 ppid=1270745 pid=1270754 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643184.901:6457981): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F37656465303139653363623065383839303138636162386266"}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643184.901:6457981): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643184.901:6457981): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643184.901:6457981): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643184.901:6457981): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process4085851488\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7/e8aeec0385b8142e7a2361d95bf63ecac812b6c6bb22a0218faef719d0da6f0f.pid\" a14=\"7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643184.901:6457981): arch=c000003e syscall=59 success=yes exit=0 a0=c000011170 a1=c00016f680 a2=c00016f700 a3=0 items=2 ppid=5740 pid=1270745 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643184.740:6457980): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643184.740:6457980): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643184.740:6457980): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643184.740:6457980): cwd=\"/var/lib/docker/rootfs/overlayfs/056a09c20dcef0fe62aa8b538144973d1eea3cbffb3ac42d3a0cc1c2e4e596d5\""}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643184.740:6457980): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643184.740:6457980): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b820 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=1270725 pid=1270732 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643184.725:6457979): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F30353661303963323064636566306665363261613862353338"}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643184.725:6457979): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643184.725:6457979): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643184.725:6457979): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/056a09c20dcef0fe62aa8b538144973d1eea3cbffb3ac42d3a0cc1c2e4e596d5\""}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643184.725:6457979): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/056a09c20dcef0fe62aa8b538144973d1eea3cbffb3ac42d3a0cc1c2e4e596d5/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2344599773\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/056a09c20dcef0fe62aa8b538144973d1eea3cbffb3ac42d3a0cc1c2e4e596d5/b4769159acb395f6a72145bd75b5db0c07dcb7a51e307cf42c551152ac1296fe.pid\" a14=\"056a09c20dcef0fe62aa8b538144973d1eea3cbffb3ac42d3a0cc1c2e4e596d5\""}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643184.725:6457979): arch=c000003e syscall=59 success=yes exit=0 a0=c00014f900 a1=c00028d500 a2=c00028d580 a3=0 items=2 ppid=4146 pid=1270725 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643184.297:6457978): proctitle=2F7362696E2F6970006C696E6B"}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643184.297:6457978): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6691347 dev=00:57 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643184.297:6457978): item=0 name=\"/sbin/ip\" inode=6690355 dev=00:57 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643184.297:6457978): cwd=\"/ansible\""}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643184.297:6457978): argc=2 a0=\"/sbin/ip\" a1=\"link\""}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643184.297:6457978): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643184.297:6457978): arch=c000003e syscall=59 success=yes exit=0 a0=7e27f082ed80 a1=7e27ef422ed0 a2=7e27ef54e270 a3=0 items=2 ppid=1270695 pid=1270724 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"ip\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643184.062:6457977): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550067726F777468626F6F6B002D6400706F737467726573"}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643184.062:6457977): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643184.062:6457977): item=0 name=\"/usr/lib/postgresql/17/bin/pg_isready\" inode=3958125 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643184.062:6457977): cwd=\"/\""}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643184.062:6457977): argc=5 a0=\"/usr/lib/postgresql/17/bin/pg_isready\" a1=\"-U\" a2=\"growthbook\" a3=\"-d\" a4=\"postgres\""}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643184.062:6457977): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643184.062:6457977): arch=c000003e syscall=59 success=yes exit=0 a0=59903f884e30 a1=59903f93aee0 a2=59903f58c970 a3=72e3cbde0e70 items=2 ppid=1270714 pid=1270722 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/lib/postgresql/17/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643184.009:6457976): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550067726F777468626F6F6B002D6400706F737467726573"}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643184.009:6457976): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643184.009:6457976): item=1 name=\"/usr/bin/perl\" inode=6956288 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643184.009:6457976): item=0 name=\"/usr/bin/pg_isready\" inode=4211279 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643184.009:6457976): cwd=\"/\""}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643184.009:6457976): argc=6 a0=\"/usr/bin/perl\" a1=\"/usr/bin/pg_isready\" a2=\"-U\" a3=\"growthbook\" a4=\"-d\" a5=\"postgres\""}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643184.009:6457976): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643184.009:6457976): arch=c000003e syscall=59 success=yes exit=0 a0=5ee249227640 a1=5ee2153849a8 a2=5ee2492275d8 a3=8 items=3 ppid=1270714 pid=1270722 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/bin/perl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643184.003:6457975): proctitle=2F62696E2F7368002D630070675F69737265616479202D552067726F777468626F6F6B202D6420706F737467726573"}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643184.003:6457975): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643184.003:6457975): item=0 name=\"/bin/sh\" inode=6954646 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643184.003:6457975): cwd=\"/\""}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643184.003:6457975): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552067726F777468626F6F6B202D6420706F737467726573"}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643184.003:6457975): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643184.003:6457975): arch=c000003e syscall=59 success=yes exit=0 a0=c00018ce80 a1=c000022ac0 a2=c0000900c0 a3=0 items=2 ppid=1270702 pid=1270714 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/usr/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643183.966:6457974): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550070726F6D6574686575735F61646D696E002D640070726F6D6574686575735F61646D696E"}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643183.966:6457974): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=5581428 dev=00:95 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643183.966:6457974): item=0 name=\"/usr/lib/postgresql/17/bin/pg_isready\" inode=5809487 dev=00:95 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643183.966:6457974): cwd=\"/\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643183.966:6457974): argc=5 a0=\"/usr/lib/postgresql/17/bin/pg_isready\" a1=\"-U\" a2=\"prometheus_admin\" a3=\"-d\" a4=\"prometheus_admin\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643183.966:6457974): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643183.966:6457974): arch=c000003e syscall=59 success=yes exit=0 a0=5856e6e1c790 a1=5856e6e7e880 a2=5856e6afe970 a3=7dba862c6e70 items=2 ppid=1270677 pid=1270701 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/lib/postgresql/17/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643183.953:6457973): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643183.953:6457973): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643183.953:6457973): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643183.953:6457973): cwd=\"/var/lib/docker/rootfs/overlayfs/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643183.953:6457973): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643183.953:6457973): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5880 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=1270702 pid=1270711 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643183.937:6457972): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F30326662356464303063653239313436373264356635333762"}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643183.937:6457972): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643183.937:6457972): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643183.937:6457972): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643183.937:6457972): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process421694277\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf/e07391f0dda40ddb630df2c008ed13fe4d68b28c1bd97f95510d1f01959b84e7.pid\" a14=\"02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643183.937:6457972): arch=c000003e syscall=59 success=yes exit=0 a0=c000423020 a1=c00037e000 a2=c00037e080 a3=0 items=2 ppid=4615 pid=1270702 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643183.921:6457971): proctitle=2F7573722F62696E2F707974686F6E33002F7573722F62696E2F616E7369626C65002D2D76657273696F6E"}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643183.921:6457971): item=2 name=\"/lib/ld-musl-x86_64.so.1\" inode=6691347 dev=00:57 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643183.921:6457971): item=1 name=\"/usr/bin/python3\" inode=6867528 dev=00:57 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643183.921:6457971): item=0 name=\"/usr/bin/ansible\" inode=6861055 dev=00:57 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643183.921:6457971): cwd=\"/ansible\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643183.921:6457971): argc=3 a0=\"/usr/bin/python3\" a1=\"/usr/bin/ansible\" a2=\"--version\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643183.921:6457971): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643183.921:6457971): arch=c000003e syscall=59 success=yes exit=0 a0=c000027218 a1=c000119350 a2=c0000db1c0 a3=0 items=3 ppid=1270673 pid=1270695 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"ansible\" exe=\"/usr/bin/python3.12\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643183.910:6457970): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550070726F6D6574686575735F61646D696E002D640070726F6D6574686575735F61646D696E"}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643183.910:6457970): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=5581428 dev=00:95 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643183.910:6457970): item=1 name=\"/usr/bin/perl\" inode=5580916 dev=00:95 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643183.910:6457970): item=0 name=\"/usr/bin/pg_isready\" inode=5823482 dev=00:95 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643183.910:6457970): cwd=\"/\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643183.910:6457970): argc=6 a0=\"/usr/bin/perl\" a1=\"/usr/bin/pg_isready\" a2=\"-U\" a3=\"prometheus_admin\" a4=\"-d\" a5=\"prometheus_admin\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643183.910:6457970): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643183.910:6457970): arch=c000003e syscall=59 success=yes exit=0 a0=5a43c5ee8678 a1=5a43c5ee85e0 a2=5a43c5ee8610 a3=8 items=3 ppid=1270677 pid=1270701 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/bin/perl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643183.906:6457969): proctitle=2F62696E2F7368002D630070675F69737265616479202D552070726F6D6574686575735F61646D696E202D642070726F6D6574686575735F61646D696E"}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643183.906:6457969): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=5581428 dev=00:95 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643183.906:6457969): item=0 name=\"/bin/sh\" inode=5580787 dev=00:95 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643183.906:6457969): cwd=\"/\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643183.906:6457969): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552070726F6D6574686575735F61646D696E202D642070726F6D6574686575735F61646D696E"}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643183.906:6457969): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643183.906:6457969): arch=c000003e syscall=59 success=yes exit=0 a0=c00018ae80 a1=c000022ac0 a2=c0000900c0 a3=0 items=2 ppid=1270662 pid=1270677 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/usr/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643183.878:6457968): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643183.878:6457968): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643183.878:6457968): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:11f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643183.878:6457968): cwd=\"/var/lib/docker/rootfs/overlayfs/9a8159a203300a4780aaf09648666255b8dfa1b9b4c5cadd8ec10b63e26015ad\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643183.878:6457968): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643183.878:6457968): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b850 a1=c00017f338 a2=c000181c00 a3=0 items=2 ppid=1270673 pid=1270691 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643183.861:6457967): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F39613831353961323033333030613437383061616630393634"}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643183.861:6457967): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643183.861:6457967): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643183.861:6457967): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/9a8159a203300a4780aaf09648666255b8dfa1b9b4c5cadd8ec10b63e26015ad\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643183.861:6457967): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/9a8159a203300a4780aaf09648666255b8dfa1b9b4c5cadd8ec10b63e26015ad/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process964878603\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/9a8159a203300a4780aaf09648666255b8dfa1b9b4c5cadd8ec10b63e26015ad/4b7180f00e847fe5af3948950efca4649ab07223d25526ee6fe8b5300b79099b.pid\" a14=\"9a8159a203300a4780aaf09648666255b8dfa1b9b4c5cadd8ec10b63e26015ad\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643183.861:6457967): arch=c000003e syscall=59 success=yes exit=0 a0=c0002156d0 a1=c00007ec00 a2=c00007ec80 a3=0 items=2 ppid=4991 pid=1270673 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643183.860:6457966): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643183.860:6457966): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643183.860:6457966): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643183.860:6457966): cwd=\"/var/lib/docker/rootfs/overlayfs/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643183.860:6457966): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643183.860:6457966): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5880 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=1270662 pid=1270672 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643183.841:6457965): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F39366463666130373439336431613065353531353136646432"}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643183.841:6457965): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643183.841:6457965): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643183.841:6457965): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643183.841:6457965): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process197874591\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24/e5f1cfe98a3e78628214f0259eb0dcfc64e404aeea1cbb478673283c2cd28f7b.pid\" a14=\"96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643183.841:6457965): arch=c000003e syscall=59 success=yes exit=0 a0=c000099340 a1=c0001eea00 a2=c0001eea80 a3=0 items=2 ppid=5764 pid=1270662 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643183.081:6457964): proctitle=77676574002D71002D2D73706964657200687474703A2F2F3132372E302E302E313A38302F76312F6865616C7468"}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643183.081:6457964): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3461249 dev=00:46 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643183.081:6457964): item=0 name=\"/usr/bin/wget\" inode=3461048 dev=00:46 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643183.081:6457964): cwd=\"/\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643183.081:6457964): argc=4 a0=\"wget\" a1=\"-q\" a2=\"--spider\" a3=\"http://127.0.0.1:80/v1/health\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643183.081:6457964): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643183.081:6457964): arch=c000003e syscall=59 success=yes exit=0 a0=73394cb0a400 a1=73394cb0a390 a2=73394cb0a3b8 a3=8 items=2 ppid=1270654 pid=1270660 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643183.078:6457963): proctitle=2F62696E2F7368002D630077676574202D71202D2D73706964657220687474703A2F2F3132372E302E302E313A38302F76312F6865616C7468207C7C20657869742031"}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643183.078:6457963): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3461249 dev=00:46 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643183.078:6457963): item=0 name=\"/bin/sh\" inode=3461048 dev=00:46 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643183.078:6457963): cwd=\"/\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643183.078:6457963): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=77676574202D71202D2D73706964657220687474703A2F2F3132372E302E302E313A38302F76312F6865616C7468207C7C20657869742031"}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643183.078:6457963): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643183.078:6457963): arch=c000003e syscall=59 success=yes exit=0 a0=c00018b088 a1=c000022aa0 a2=c0000db200 a3=0 items=2 ppid=1270641 pid=1270654 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643183.035:6457962): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643183.035:6457962): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643183.035:6457962): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643183.035:6457962): cwd=\"/var/lib/docker/rootfs/overlayfs/999e0287888ade70d9e2f4a19da005d0fdb8f07eed0a2beb95e713a630ab3416\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643183.035:6457962): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643183.035:6457962): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3830 a1=c0001f7338 a2=c0001f9c40 a3=0 items=2 ppid=1270641 pid=1270652 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643183.019:6457961): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F39393965303238373838386164653730643965326634613139"}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643183.019:6457961): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643183.019:6457961): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643183.019:6457961): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/999e0287888ade70d9e2f4a19da005d0fdb8f07eed0a2beb95e713a630ab3416\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643183.019:6457961): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/999e0287888ade70d9e2f4a19da005d0fdb8f07eed0a2beb95e713a630ab3416/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2079132017\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/999e0287888ade70d9e2f4a19da005d0fdb8f07eed0a2beb95e713a630ab3416/d8991999c1c9736264dd5825612eaa301891bc7134292f58591725751f36e2d3.pid\" a14=\"999e0287888ade70d9e2f4a19da005d0fdb8f07eed0a2beb95e713a630ab3416\""}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643183.019:6457961): arch=c000003e syscall=59 success=yes exit=0 a0=c000010a70 a1=c00024e880 a2=c00024e900 a3=0 items=2 ppid=4333 pid=1270641 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643182.920:6457960): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643182.920:6457960): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643182.920:6457960): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643182.920:6457960): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643182.920:6457960): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643182.920:6457960): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643182.920:6457960): arch=c000003e syscall=59 success=yes exit=0 a0=7276055e5d60 a1=72756be6df80 a2=5d751c63aa40 a3=8 items=2 ppid=6449 pid=1270639 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643182.920:6457959): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643182.920:6457959): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643182.920:6457959): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643182.920:6457959): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=72756be6df80 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1270639 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643182.920:6457958): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643182.920:6457958): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643182.920:6457958): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643182.920:6457958): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=72756be6df80 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1270639 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643182.919:6457957): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643182.919:6457957): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643182.919:6457957): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643182.919:6457957): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=72756be6df80 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1270639 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643182.919:6457956): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643182.919:6457956): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643182.919:6457956): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643182.919:6457956): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=72756be6df80 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1270639 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643182.919:6457955): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643182.919:6457955): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643182.919:6457955): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643182.919:6457955): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=72756be6df80 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1270639 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643182.919:6457954): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643182.919:6457954): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643182.919:6457954): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643182.919:6457954): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=72756be6df80 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1270639 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643182.915:6457953): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643182.915:6457953): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643182.915:6457953): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643182.915:6457953): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643182.915:6457953): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643182.915:6457953): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643182.915:6457953): arch=c000003e syscall=59 success=yes exit=0 a0=7276055e5d60 a1=72756be6dc00 a2=5d751c63aa40 a3=8 items=2 ppid=6449 pid=1270638 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643182.915:6457952): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643182.915:6457952): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643182.915:6457952): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643182.915:6457952): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=72756be6dc00 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1270638 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643182.915:6457951): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643182.915:6457951): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643182.915:6457951): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643182.915:6457951): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=72756be6dc00 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1270638 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643182.915:6457950): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643182.915:6457950): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643182.915:6457950): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643182.915:6457950): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=72756be6dc00 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1270638 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643182.915:6457949): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643182.915:6457949): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643182.915:6457949): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643182.915:6457949): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=72756be6dc00 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1270638 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643182.915:6457948): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643182.915:6457948): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643182.915:6457948): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643182.915:6457948): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=72756be6dc00 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1270638 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643182.915:6457947): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643182.915:6457947): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643182.915:6457947): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643182.915:6457947): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=72756be6dc00 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1270638 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643182.911:6457946): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643182.911:6457946): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643182.911:6457946): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643182.911:6457946): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643182.911:6457946): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643182.911:6457946): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643182.911:6457946): arch=c000003e syscall=59 success=yes exit=0 a0=7276055e5d60 a1=7275b0e0ad80 a2=5d751c63aa40 a3=8 items=2 ppid=6449 pid=1270637 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643182.911:6457945): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643182.911:6457945): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643182.911:6457945): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643182.911:6457945): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b0e0ad80 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1270637 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643182.911:6457944): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643182.911:6457944): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643182.911:6457944): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643182.911:6457944): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b0e0ad80 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1270637 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643182.911:6457943): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643182.911:6457943): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643182.911:6457943): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643182.911:6457943): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b0e0ad80 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1270637 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643182.910:6457942): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643182.910:6457942): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643182.910:6457942): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643182.910:6457942): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b0e0ad80 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1270637 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643182.910:6457941): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643182.910:6457941): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643182.910:6457941): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643182.910:6457941): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b0e0ad80 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1270637 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643182.910:6457940): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643182.910:6457940): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643182.910:6457940): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643182.910:6457940): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b0e0ad80 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1270637 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643182.891:6457939): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643182.891:6457939): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:4a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643182.891:6457939): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:4a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643182.891:6457939): cwd=\"/\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643182.891:6457939): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"postgres\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643182.891:6457939): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643182.891:6457939): arch=c000003e syscall=59 success=yes exit=0 a0=715afcbf5288 a1=715afcbf51e8 a2=715afcbf5208 a3=0 items=2 ppid=4040 pid=1270629 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643182.888:6457938): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643182.888:6457938): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:4a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643182.888:6457938): item=0 name=\"/bin/sh\" inode=8589166 dev=00:4a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643182.888:6457938): cwd=\"/\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643182.888:6457938): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643182.888:6457938): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643182.888:6457938): arch=c000003e syscall=59 success=yes exit=0 a0=c00017cf68 a1=c000022680 a2=c0000d88c0 a3=0 items=2 ppid=1270617 pid=1270629 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643182.842:6457937): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643182.842:6457937): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643182.842:6457937): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643182.842:6457937): cwd=\"/var/lib/docker/rootfs/overlayfs/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643182.842:6457937): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643182.842:6457937): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5890 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=1270617 pid=1270626 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643182.828:6457936): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36653065616135386161643139626438656463306639353565"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643182.828:6457936): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643182.828:6457936): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643182.828:6457936): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643182.828:6457936): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1692995805\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39/a16bf880d8b84ae4cbc0e716228a3190b02e61333aa619b196f5546c92b0cff2.pid\" a14=\"6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643182.828:6457936): arch=c000003e syscall=59 success=yes exit=0 a0=c0002afff0 a1=c00036af80 a2=c00036b000 a3=0 items=2 ppid=4040 pid=1270617 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643182.417:6457935): proctitle=77676574002D71002D2D73706964657200687474703A2F2F3132372E302E302E313A353030302F6865616C7468"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643182.417:6457935): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:a7 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643182.417:6457935): item=0 name=\"/usr/bin/wget\" inode=3454556 dev=00:a7 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643182.417:6457935): cwd=\"/app\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643182.417:6457935): argc=4 a0=\"wget\" a1=\"-q\" a2=\"--spider\" a3=\"http://127.0.0.1:5000/health\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643182.417:6457935): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643182.417:6457935): arch=c000003e syscall=59 success=yes exit=0 a0=7d5f35ac7430 a1=7d5f35ac73b0 a2=7d5f35ac73d8 a3=0 items=2 ppid=1270590 pid=1270615 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643182.412:6457934): proctitle=2F62696E2F7368002D630077676574202D71202D2D73706964657220687474703A2F2F3132372E302E302E313A353030302F6865616C7468207C7C20657869742031"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643182.412:6457934): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:a7 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643182.412:6457934): item=0 name=\"/bin/sh\" inode=3454556 dev=00:a7 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643182.412:6457934): cwd=\"/app\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643182.412:6457934): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=77676574202D71202D2D73706964657220687474703A2F2F3132372E302E302E313A353030302F6865616C7468207C7C20657869742031"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643182.412:6457934): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643182.412:6457934): arch=c000003e syscall=59 success=yes exit=0 a0=c00018cf18 a1=c000022aa0 a2=c00013a320 a3=0 items=2 ppid=1270577 pid=1270590 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643182.395:6457933): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643182.395:6457933): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643182.395:6457933): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:11f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643182.395:6457933): cwd=\"/var/lib/docker/rootfs/overlayfs/7e96c0f67233d10fc0728f922615e0e7f5d3377f41b4a6a05124441cfe955e5f\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643182.395:6457933): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643182.395:6457933): arch=c000003e syscall=59 success=yes exit=0 a0=c000245890 a1=c000249350 a2=c00024bc40 a3=0 items=2 ppid=1270596 pid=1270606 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643182.376:6457932): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F37653936633066363732333364313066633037323866393232"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643182.376:6457932): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643182.376:6457932): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643182.376:6457932): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/7e96c0f67233d10fc0728f922615e0e7f5d3377f41b4a6a05124441cfe955e5f\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643182.376:6457932): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/7e96c0f67233d10fc0728f922615e0e7f5d3377f41b4a6a05124441cfe955e5f/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2323074040\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/7e96c0f67233d10fc0728f922615e0e7f5d3377f41b4a6a05124441cfe955e5f/53bbb27139dd04670bf62a8e7fe639b1c24a2dcd804a26fa25fce647d07f2c70.pid\" a14=\"7e96c0f67233d10fc0728f922615e0e7f5d3377f41b4a6a05124441cfe955e5f\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643182.376:6457932): arch=c000003e syscall=59 success=yes exit=0 a0=c00035c640 a1=c000132200 a2=c000132d00 a3=0 items=2 ppid=5430 pid=1270596 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643182.358:6457931): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643182.358:6457931): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643182.358:6457931): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643182.358:6457931): cwd=\"/var/lib/docker/rootfs/overlayfs/d80835cb7ba62c46a5cbd03fdf5267299086c5b276258870959e4da55044b0ee\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643182.358:6457931): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643182.358:6457931): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b830 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=1270577 pid=1270586 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643182.343:6457930): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F64383038333563623762613632633436613563626430336664"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643182.343:6457930): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643182.343:6457930): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643182.343:6457930): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/d80835cb7ba62c46a5cbd03fdf5267299086c5b276258870959e4da55044b0ee\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643182.343:6457930): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/d80835cb7ba62c46a5cbd03fdf5267299086c5b276258870959e4da55044b0ee/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process863459382\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/d80835cb7ba62c46a5cbd03fdf5267299086c5b276258870959e4da55044b0ee/8dba3a3fcee922521a0aa8596ae17ab1d65708c6611f1a2a14598905949e3f47.pid\" a14=\"d80835cb7ba62c46a5cbd03fdf5267299086c5b276258870959e4da55044b0ee\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643182.343:6457930): arch=c000003e syscall=59 success=yes exit=0 a0=c00032e910 a1=c0002fc200 a2=c0002fc280 a3=0 items=2 ppid=6117 pid=1270577 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643182.334:6457929): proctitle=77676574002D2D6E6F2D766572626F7365002D2D74726965733D31002D2D73706964657200687474703A2F2F3132372E302E302E313A383132332F70696E67"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643182.334:6457929): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6688979 dev=00:9e mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643182.334:6457929): item=0 name=\"/usr/bin/wget\" inode=6699356 dev=00:9e mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643182.334:6457929): cwd=\"/\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643182.334:6457929): argc=5 a0=\"wget\" a1=\"--no-verbose\" a2=\"--tries=1\" a3=\"--spider\" a4=\"http://127.0.0.1:8123/ping\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643182.334:6457929): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643182.334:6457929): arch=c000003e syscall=59 success=yes exit=0 a0=7cc57a2ec4c0 a1=7cc57a2ec420 a2=7cc57a2ec450 a3=8 items=2 ppid=1270570 pid=1270576 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643182.330:6457928): proctitle=2F62696E2F7368002D630077676574202D2D6E6F2D766572626F7365202D2D74726965733D31202D2D73706964657220687474703A2F2F3132372E302E302E313A383132332F70696E67207C7C20657869742031"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643182.330:6457928): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6688979 dev=00:9e mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643182.330:6457928): item=0 name=\"/bin/sh\" inode=6699356 dev=00:9e mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643182.330:6457928): cwd=\"/\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643182.330:6457928): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=77676574202D2D6E6F2D766572626F7365202D2D74726965733D31202D2D73706964657220687474703A2F2F3132372E302E302E313A383132332F70696E67207C7C20657869742031"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643182.330:6457928): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643182.330:6457928): arch=c000003e syscall=59 success=yes exit=0 a0=c000194f78 a1=c000022680 a2=c000025200 a3=0 items=2 ppid=1270557 pid=1270570 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643182.280:6457927): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643182.280:6457927): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643182.280:6457927): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643182.280:6457927): cwd=\"/var/lib/docker/rootfs/overlayfs/0bcf4b17c85dedab788e8c9e9c1a88a006bbcf2309ef561d1c40a8ba421d79ad\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643182.280:6457927): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643182.280:6457927): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c58a0 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=1270557 pid=1270567 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643182.262:6457926): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F30626366346231376338356465646162373838653863396539"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643182.262:6457926): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643182.262:6457926): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643182.262:6457926): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/0bcf4b17c85dedab788e8c9e9c1a88a006bbcf2309ef561d1c40a8ba421d79ad\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643182.262:6457926): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/0bcf4b17c85dedab788e8c9e9c1a88a006bbcf2309ef561d1c40a8ba421d79ad/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2496471381\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/0bcf4b17c85dedab788e8c9e9c1a88a006bbcf2309ef561d1c40a8ba421d79ad/c26a6557e0de94edd1296e6d54e82f111c5fa08e34fae7b1910f906ea0614a77.pid\" a14=\"0bcf4b17c85dedab788e8c9e9c1a88a006bbcf2309ef561d1c40a8ba421d79ad\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643182.262:6457926): arch=c000003e syscall=59 success=yes exit=0 a0=c0002112d0 a1=c0000b9a00 a2=c0000b9b80 a3=0 items=2 ppid=5669 pid=1270557 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643181.934:6457925): proctitle=77676574002D2D737069646572002D7100687474703A2F2F3132372E302E302E313A383333332F6865616C74687A"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.934:6457925): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:64 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.934:6457925): item=0 name=\"/usr/bin/wget\" inode=3454556 dev=00:64 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643181.934:6457925): cwd=\"/data\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643181.934:6457925): argc=4 a0=\"wget\" a1=\"--spider\" a2=\"-q\" a3=\"http://127.0.0.1:8333/healthz\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643181.934:6457925): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643181.934:6457925): arch=c000003e syscall=59 success=yes exit=0 a0=71ba3ca55408 a1=71ba3ca553b0 a2=71ba3ca553d8 a3=8080808080808080 items=2 ppid=1270550 pid=1270556 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643181.930:6457924): proctitle=2F62696E2F7368002D630077676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A383333332F6865616C74687A207C7C20657869742031"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.930:6457924): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:64 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.930:6457924): item=0 name=\"/bin/sh\" inode=3454556 dev=00:64 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643181.930:6457924): cwd=\"/data\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643181.930:6457924): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=77676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A383333332F6865616C74687A207C7C20657869742031"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643181.930:6457924): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643181.930:6457924): arch=c000003e syscall=59 success=yes exit=0 a0=c00018af38 a1=c000022ac0 a2=c000022ae0 a3=0 items=2 ppid=1270538 pid=1270550 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643181.879:6457923): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.879:6457923): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.879:6457923): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643181.879:6457923): cwd=\"/var/lib/docker/rootfs/overlayfs/38a784eb49e8778635b8fa1d44a04c342675dfae8a3a09d66ba486cc6e08b7bb\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643181.879:6457923): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643181.879:6457923): arch=c000003e syscall=59 success=yes exit=0 a0=c000173830 a1=c000177338 a2=c000179c40 a3=0 items=2 ppid=1270538 pid=1270548 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643181.865:6457922): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F33386137383465623439653837373836333562386661316434"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.865:6457922): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.865:6457922): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643181.865:6457922): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/38a784eb49e8778635b8fa1d44a04c342675dfae8a3a09d66ba486cc6e08b7bb\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643181.865:6457922): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/38a784eb49e8778635b8fa1d44a04c342675dfae8a3a09d66ba486cc6e08b7bb/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3132750723\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/38a784eb49e8778635b8fa1d44a04c342675dfae8a3a09d66ba486cc6e08b7bb/1e73f2ce5d23fb68b1156e3709c4fb25798ce1e590ef12af02f5ddaa01dadc68.pid\" a14=\"38a784eb49e8778635b8fa1d44a04c342675dfae8a3a09d66ba486cc6e08b7bb\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643181.865:6457922): arch=c000003e syscall=59 success=yes exit=0 a0=c00032c840 a1=c0000c5a80 a2=c0000c5c00 a3=0 items=2 ppid=5967 pid=1270538 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643181.729:6457921): proctitle=6E6F6465002D65007265717569726528276874747027292E6765742827687474703A2F2F27202B207265717569726528276F7327292E686F73746E616D652829202B20273A333030302F272C2072203D3E2070726F636573732E657869742828722E737461747573436F6465203D3D3D20323030207C7C20722E737461747573"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.729:6457921): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6834212 dev=00:62 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.729:6457921): item=0 name=\"/usr/local/bin/node\" inode=6881221 dev=00:62 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643181.729:6457921): cwd=\"/app\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643181.729:6457921): argc=3 a0=\"node\" a1=\"-e\" a2=7265717569726528276874747027292E6765742827687474703A2F2F27202B207265717569726528276F7327292E686F73746E616D652829202B20273A333030302F272C2072203D3E2070726F636573732E657869742828722E737461747573436F6465203D3D3D20323030207C7C20722E737461747573436F6465203D3D3D2033303729203F2030203A203129292E6F6E28276572726F72272C202829203D3E2070726F636573732E6578697428312929"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643181.729:6457921): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643181.729:6457921): arch=c000003e syscall=59 success=yes exit=0 a0=5f98456e9c68 a1=5f98456e98f8 a2=5f98456e9ba8 a3=8 items=2 ppid=1270521 pid=1270527 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"node\" exe=\"/usr/local/bin/node\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643181.725:6457920): proctitle=2F62696E2F7368002D63006E6F6465202D6520227265717569726528276874747027292E6765742827687474703A2F2F27202B207265717569726528276F7327292E686F73746E616D652829202B20273A333030302F272C2072203D3E2070726F636573732E657869742828722E737461747573436F6465203D3D3D20323030"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.725:6457920): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6834212 dev=00:62 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.725:6457920): item=0 name=\"/bin/sh\" inode=6832457 dev=00:62 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643181.725:6457920): cwd=\"/app\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643181.725:6457920): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=6E6F6465202D6520227265717569726528276874747027292E6765742827687474703A2F2F27202B207265717569726528276F7327292E686F73746E616D652829202B20273A333030302F272C2072203D3E2070726F636573732E657869742828722E737461747573436F6465203D3D3D20323030207C7C20722E737461747573436F6465203D3D3D2033303729203F2030203A203129292E6F6E28276572726F72272C202829203D3E2070726F636573732E657869742831292922"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643181.725:6457920): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643181.725:6457920): arch=c000003e syscall=59 success=yes exit=0 a0=c000196f08 a1=c000022680 a2=c0000c4240 a3=0 items=2 ppid=1270509 pid=1270521 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643181.677:6457919): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.677:6457919): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.677:6457919): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643181.677:6457919): cwd=\"/var/lib/docker/rootfs/overlayfs/62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643181.677:6457919): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643181.677:6457919): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3860 a1=c0001f7338 a2=c0001f9c40 a3=0 items=2 ppid=1270509 pid=1270518 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643181.661:6457918): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36326666313836633935353866356138376238373161616432"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.661:6457918): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.661:6457918): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643181.661:6457918): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643181.661:6457918): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process464001373\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638/705513fbb5fef7dc1e5c18aa5d4cbbc721d53692db7d080bef9750ee56f0122f.pid\" a14=\"62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643181.661:6457918): arch=c000003e syscall=59 success=yes exit=0 a0=c0001bd960 a1=c000410100 a2=c000410180 a3=0 items=2 ppid=5827 pid=1270509 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643181.325:6457917): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.325:6457917): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=5809101 dev=00:7a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.325:6457917): item=0 name=\"/usr/local/bin/redis-cli\" inode=928088 dev=00:7a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643181.325:6457917): cwd=\"/data\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643181.325:6457917): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643181.325:6457917): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643181.325:6457917): arch=c000003e syscall=59 success=yes exit=0 a0=c0000289a0 a1=c000143350 a2=c00014b1c0 a3=0 items=2 ppid=1270492 pid=1270504 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643181.278:6457916): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.278:6457916): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.278:6457916): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643181.278:6457916): cwd=\"/var/lib/docker/rootfs/overlayfs/7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643181.278:6457916): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643181.278:6457916): arch=c000003e syscall=59 success=yes exit=0 a0=c0001cd880 a1=c0001d1350 a2=c0001d3c40 a3=0 items=2 ppid=1270492 pid=1270501 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643181.262:6457915): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F37653133646436663732366137623537636331343730633130"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.262:6457915): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.262:6457915): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643181.262:6457915): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643181.262:6457915): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2629594222\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc/7bfbb1806f0e41ee46c807afe4deb479020d370af7c9f38e6f35927e7979f75f.pid\" a14=\"7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643181.262:6457915): arch=c000003e syscall=59 success=yes exit=0 a0=c0002fc8e0 a1=c000313480 a2=c000313500 a3=0 items=2 ppid=4347 pid=1270492 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643181.248:6457914): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.248:6457914): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6694357 dev=00:42 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.248:6457914): item=0 name=\"/usr/local/bin/redis-cli\" inode=6703632 dev=00:42 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643181.248:6457914): cwd=\"/data\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643181.248:6457914): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643181.248:6457914): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643181.248:6457914): arch=c000003e syscall=59 success=yes exit=0 a0=c000028760 a1=c000117350 a2=c0000df1c0 a3=0 items=2 ppid=1270474 pid=1270486 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643181.195:6457913): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.195:6457913): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.195:6457913): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643181.195:6457913): cwd=\"/var/lib/docker/rootfs/overlayfs/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643181.195:6457913): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643181.195:6457913): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5880 a1=c0001c9350 a2=c0001cbc40 a3=0 items=2 ppid=1270474 pid=1270483 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643181.179:6457912): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F34636330343638363065393965643463653631636334663763"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.179:6457912): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.179:6457912): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643181.179:6457912): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643181.179:6457912): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process579842938\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d/d2b608131163bd0f07e494db13d82ea77341cb870811f5b570c4a2e70749d3db.pid\" a14=\"4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643181.179:6457912): arch=c000003e syscall=59 success=yes exit=0 a0=c000409060 a1=c0000e1b00 a2=c0000e1b80 a3=0 items=2 ppid=4510 pid=1270474 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643181.106:6457911): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520617065785F75736572202D6420617065785F6462"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.106:6457911): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:77 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.106:6457911): item=0 name=\"/usr/local/bin/pg_isready\" inode=6091069 dev=00:77 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643181.106:6457911): cwd=\"/\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643181.106:6457911): argc=5 a0=\"pg_isready\" a1=\"-U\" a2=\"apex_user\" a3=\"-d\" a4=\"apex_db\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643181.106:6457911): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643181.106:6457911): arch=c000003e syscall=59 success=yes exit=0 a0=75ff15eb43f8 a1=75ff15eb4278 a2=75ff15eb4378 a3=0 items=2 ppid=5169 pid=1270466 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643181.102:6457910): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520617065785F75736572202D6420617065785F6462"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.102:6457910): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:77 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.102:6457910): item=0 name=\"/bin/sh\" inode=3454556 dev=00:77 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643181.102:6457910): cwd=\"/\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643181.102:6457910): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520617065785F75736572202D6420617065785F6462"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643181.102:6457910): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643181.102:6457910): arch=c000003e syscall=59 success=yes exit=0 a0=c00018cf38 a1=c000022ac0 a2=c0001348c0 a3=0 items=2 ppid=1270453 pid=1270466 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643181.075:6457909): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520666F7267656A6F"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.075:6457909): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:b3 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.075:6457909): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:b3 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643181.075:6457909): cwd=\"/\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643181.075:6457909): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"forgejo\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643181.075:6457909): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643181.075:6457909): arch=c000003e syscall=59 success=yes exit=0 a0=7c7921606278 a1=7c79216061d8 a2=7c79216061f8 a3=8080808080808080 items=2 ppid=4749 pid=1270446 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643181.071:6457908): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520666F7267656A6F"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.071:6457908): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:b3 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.071:6457908): item=0 name=\"/bin/sh\" inode=8589166 dev=00:b3 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643181.071:6457908): cwd=\"/\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643181.071:6457908): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520666F7267656A6F"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643181.071:6457908): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643181.071:6457908): arch=c000003e syscall=59 success=yes exit=0 a0=c000196f68 a1=c000022680 a2=c0000d88c0 a3=0 items=2 ppid=1270429 pid=1270446 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643181.051:6457907): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.051:6457907): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.051:6457907): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:11f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643181.051:6457907): cwd=\"/var/lib/docker/rootfs/overlayfs/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643181.051:6457907): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643181.051:6457907): arch=c000003e syscall=59 success=yes exit=0 a0=c000173840 a1=c000177338 a2=c000179c80 a3=0 items=2 ppid=1270453 pid=1270463 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643181.035:6457906): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F63316638663937643533353936653936373532306466353366"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.035:6457906): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.035:6457906): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643181.035:6457906): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643181.035:6457906): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process84852845\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83/484d1905e981a57d99be65facfae174a2b230962628c9cd81a50d3ac0040b6f7.pid\" a14=\"c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643181.035:6457906): arch=c000003e syscall=59 success=yes exit=0 a0=c0003c2710 a1=c000258b00 a2=c000258b80 a3=0 items=2 ppid=5169 pid=1270453 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643181.021:6457905): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.021:6457905): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:bf mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.021:6457905): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:bf mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643181.021:6457905): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643181.021:6457905): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643181.021:6457905): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643181.021:6457905): arch=c000003e syscall=59 success=yes exit=0 a0=7cf488ecad60 a1=7cf467e01240 a2=570e063f2a40 a3=8 items=2 ppid=6698 pid=1270444 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643181.021:6457904): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.021:6457904): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643181.021:6457904): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643181.021:6457904): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf467e01240 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1270444 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643181.021:6457903): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.021:6457903): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643181.021:6457903): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643181.021:6457903): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf467e01240 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1270444 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643181.020:6457902): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.020:6457902): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643181.020:6457902): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643181.020:6457902): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf467e01240 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1270444 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643181.020:6457901): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.020:6457901): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643181.020:6457901): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643181.020:6457901): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf467e01240 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1270444 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643181.020:6457900): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.020:6457900): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643181.020:6457900): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643181.020:6457900): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf467e01240 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1270444 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643181.020:6457899): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.020:6457899): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643181.020:6457899): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643181.020:6457899): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf467e01240 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1270444 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643181.017:6457898): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.017:6457898): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:bf mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.017:6457898): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:bf mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643181.017:6457898): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643181.017:6457898): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643181.017:6457898): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643181.017:6457898): arch=c000003e syscall=59 success=yes exit=0 a0=7cf488ecad60 a1=7cf467e00c40 a2=570e063f2a40 a3=8 items=2 ppid=6698 pid=1270441 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643181.016:6457891): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.016:6457891): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.016:6457891): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643181.017:6457897): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.017:6457897): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643181.016:6457891): cwd=\"/var/lib/docker/rootfs/overlayfs/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643181.017:6457897): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643181.016:6457891): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643181.017:6457897): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf467e00c40 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1270441 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643181.016:6457896): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.016:6457896): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643181.016:6457896): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643181.016:6457896): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf467e00c40 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1270441 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643181.016:6457895): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.016:6457895): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643181.016:6457895): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643181.016:6457895): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf467e00c40 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1270441 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643181.016:6457894): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.016:6457894): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643181.016:6457894): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643181.016:6457894): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf467e00c40 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1270441 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643181.016:6457893): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.016:6457893): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643181.016:6457893): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643181.016:6457893): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf467e00c40 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1270441 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643181.016:6457892): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.016:6457892): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643181.016:6457892): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643181.016:6457892): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf467e00c40 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1270441 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643181.016:6457891): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5890 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=1270429 pid=1270440 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643181.013:6457890): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.013:6457890): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:bf mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.013:6457890): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:bf mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643181.013:6457890): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643181.013:6457890): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643181.013:6457890): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643181.013:6457890): arch=c000003e syscall=59 success=yes exit=0 a0=7cf488ecad60 a1=7cf467e01480 a2=570e063f2a40 a3=8 items=2 ppid=6698 pid=1270435 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643181.012:6457889): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.012:6457889): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643181.012:6457889): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643181.012:6457889): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf467e01480 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1270435 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643181.012:6457888): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.012:6457888): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643181.012:6457888): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643181.012:6457888): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf467e01480 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1270435 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643181.012:6457887): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.012:6457887): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643181.012:6457887): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643181.012:6457887): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf467e01480 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1270435 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643181.012:6457886): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.012:6457886): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643181.012:6457886): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643181.012:6457886): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf467e01480 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1270435 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643181.012:6457885): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.012:6457885): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643181.012:6457885): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643181.012:6457885): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf467e01480 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1270435 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643181.012:6457884): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643181.012:6457884): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643181.012:6457884): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643181.012:6457884): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf467e01480 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1270435 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643180.998:6457883): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F32636464336430383963393436373631633432633763666334"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643180.998:6457883): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643180.998:6457883): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643180.998:6457883): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643180.998:6457883): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3734296647\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251/ba4c06b86682ad68296fd60c1780bc5dc8aaed5b4befdc503f8d2d0950b7dc67.pid\" a14=\"2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251\""}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643180.998:6457883): arch=c000003e syscall=59 success=yes exit=0 a0=c0002724e0 a1=c0001a1600 a2=c0001a1680 a3=0 items=2 ppid=4749 pid=1270429 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643180.920:6457882): proctitle=67726570003A30424238002F70726F632F6E65742F746370"}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643180.920:6457882): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6834212 dev=00:78 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643180.920:6457882): item=0 name=\"/bin/grep\" inode=6832538 dev=00:78 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643180.920:6457882): cwd=\"/app\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643180.920:6457882): argc=3 a0=\"grep\" a1=\":0BB8\" a2=\"/proc/net/tcp\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643180.920:6457882): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643180.920:6457882): arch=c000003e syscall=59 success=yes exit=0 a0=645f81d1d758 a1=645f70606990 a2=645f81d1d6e8 a3=8 items=2 ppid=1270421 pid=1270427 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"grep\" exe=\"/bin/grep\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643180.916:6457881): proctitle=2F62696E2F7368002D630067726570203A30424238202F70726F632F6E65742F746370207C7C20657869742031"}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643180.916:6457881): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6834212 dev=00:78 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643180.916:6457881): item=0 name=\"/bin/sh\" inode=6832457 dev=00:78 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643180.916:6457881): cwd=\"/app\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643180.916:6457881): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=67726570203A30424238202F70726F632F6E65742F746370207C7C20657869742031"}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643180.916:6457881): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643180.916:6457881): arch=c000003e syscall=59 success=yes exit=0 a0=c00017cee8 a1=c000022680 a2=c0000d88c0 a3=0 items=2 ppid=1270408 pid=1270421 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643180.870:6457880): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643180.870:6457880): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643180.870:6457880): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643180.870:6457880): cwd=\"/var/lib/docker/rootfs/overlayfs/99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643180.870:6457880): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643180.870:6457880): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5890 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=1270408 pid=1270418 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643180.852:6457879): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F39393735326335353431306262366163653365353739303464"}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643180.852:6457879): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643180.852:6457879): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643180.852:6457879): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643180.852:6457879): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process278954012\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2/8ec36b7acaf190613d772ee5fac9679e739ef16d841eaa94a037bd8995e255e1.pid\" a14=\"99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643180.852:6457879): arch=c000003e syscall=59 success=yes exit=0 a0=c00013ec20 a1=c000207b80 a2=c000207c00 a3=0 items=2 ppid=5199 pid=1270408 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643180.757:6457878): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643180.757:6457878): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643180.757:6457878): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643180.757:6457878): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643180.757:6457878): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643180.757:6457878): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643180.757:6457878): arch=c000003e syscall=59 success=yes exit=0 a0=75b00d839d60 a1=75afebc001e0 a2=572859f88650 a3=8 items=2 ppid=6470 pid=1270407 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643180.757:6457877): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643180.757:6457877): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643180.757:6457877): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643180.757:6457877): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc001e0 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1270407 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643180.757:6457876): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643180.757:6457876): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643180.757:6457876): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643180.757:6457876): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc001e0 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1270407 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643180.757:6457875): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643180.757:6457875): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643180.757:6457875): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643180.757:6457875): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc001e0 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1270407 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643180.756:6457874): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643180.756:6457874): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643180.756:6457874): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643180.756:6457874): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc001e0 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1270407 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643180.756:6457873): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643180.756:6457873): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643180.756:6457873): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643180.756:6457873): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc001e0 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1270407 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643180.756:6457872): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643180.756:6457872): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643180.756:6457872): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643180.756:6457872): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc001e0 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1270407 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643180.754:6457871): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643180.754:6457871): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643180.754:6457871): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643180.754:6457871): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643180.754:6457871): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643180.754:6457871): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643180.754:6457871): arch=c000003e syscall=59 success=yes exit=0 a0=75b00d839d60 a1=75afebc00860 a2=572859f88650 a3=8 items=2 ppid=6470 pid=1270406 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643180.754:6457870): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643180.754:6457870): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643180.754:6457870): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643180.754:6457870): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00860 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1270406 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643180.753:6457869): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643180.753:6457869): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643180.753:6457869): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643180.753:6457869): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00860 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1270406 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643180.753:6457868): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643180.753:6457868): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643180.753:6457868): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643180.753:6457868): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00860 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1270406 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643180.753:6457867): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643180.753:6457867): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643180.753:6457867): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643180.753:6457867): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00860 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1270406 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643180.753:6457866): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643180.753:6457866): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643180.753:6457866): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643180.753:6457866): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00860 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1270406 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643180.753:6457865): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643180.753:6457865): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643180.753:6457865): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643180.753:6457865): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00860 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1270406 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643180.750:6457864): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643180.750:6457864): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643180.750:6457864): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643180.750:6457864): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643180.750:6457864): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643180.750:6457864): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643180.750:6457864): arch=c000003e syscall=59 success=yes exit=0 a0=75b00d839d60 a1=75afebc00820 a2=572859f88650 a3=8 items=2 ppid=6470 pid=1270405 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643180.750:6457863): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643180.750:6457863): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643180.750:6457863): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643180.750:6457863): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00820 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1270405 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643180.750:6457862): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643180.750:6457862): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643180.750:6457862): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643180.750:6457862): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00820 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1270405 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643180.750:6457861): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643180.750:6457861): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643180.750:6457861): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643180.750:6457861): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00820 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1270405 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643180.750:6457860): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643180.750:6457860): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643180.750:6457860): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643180.750:6457860): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00820 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1270405 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643180.750:6457859): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643180.750:6457859): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643180.750:6457859): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643180.750:6457859): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00820 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1270405 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643180.750:6457858): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643180.750:6457858): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643180.750:6457858): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643180.750:6457858): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00820 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1270405 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643180.086:6457857): proctitle=6375726C002D6600687474703A2F2F6C6F63616C686F73743A383434332F6865616C74687A"}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643180.086:6457857): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8277530 dev=00:92 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643180.086:6457857): item=0 name=\"/usr/bin/curl\" inode=8272239 dev=00:92 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643180.086:6457857): cwd=\"/\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643180.086:6457857): argc=3 a0=\"curl\" a1=\"-f\" a2=\"http://localhost:8443/healthz\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643180.086:6457857): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643180.086:6457857): arch=c000003e syscall=59 success=yes exit=0 a0=c000196db0 a1=c000022680 a2=c000114ab0 a3=0 items=2 ppid=5327 pid=1270399 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"curl\" exe=\"/usr/bin/curl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643180.035:6457856): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643180.035:6457856): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643180.035:6457856): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643180.035:6457856): cwd=\"/var/lib/docker/rootfs/overlayfs/39100183abc56a19c2ae07206cdab399444cf7fa09e4b9d16d02b58b22eb293c\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643180.035:6457856): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643180.035:6457856): arch=c000003e syscall=59 success=yes exit=0 a0=c0001fb8c0 a1=c0001ff338 a2=c000281c40 a3=0 items=2 ppid=1270387 pid=1270396 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643180.021:6457855): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F33393130303138336162633536613139633261653037323036"}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643180.021:6457855): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643180.021:6457855): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643180.021:6457855): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/39100183abc56a19c2ae07206cdab399444cf7fa09e4b9d16d02b58b22eb293c\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643180.021:6457855): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/39100183abc56a19c2ae07206cdab399444cf7fa09e4b9d16d02b58b22eb293c/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2944902393\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/39100183abc56a19c2ae07206cdab399444cf7fa09e4b9d16d02b58b22eb293c/4eb2bc981fa5d91e695b9740d062d617a60ea3bd60e0033979b471f7eca071f1.pid\" a14=\"39100183abc56a19c2ae07206cdab399444cf7fa09e4b9d16d02b58b22eb293c\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643180.021:6457855): arch=c000003e syscall=59 success=yes exit=0 a0=c00029a9b0 a1=c0001a8f80 a2=c0001a9000 a3=0 items=2 ppid=5327 pid=1270387 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643179.989:6457854): proctitle=77676574002D2D737069646572002D7100687474703A2F2F3132372E302E302E313A383038302F737461747573"}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643179.989:6457854): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:96 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643179.989:6457854): item=0 name=\"/usr/bin/wget\" inode=3454556 dev=00:96 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643179.989:6457854): cwd=\"/data\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643179.989:6457854): argc=4 a0=\"wget\" a1=\"--spider\" a2=\"-q\" a3=\"http://127.0.0.1:8080/status\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643179.989:6457854): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643179.989:6457854): arch=c000003e syscall=59 success=yes exit=0 a0=73ffcd5e4408 a1=73ffcd5e43b0 a2=73ffcd5e43d8 a3=8080808080808080 items=2 ppid=1270380 pid=1270386 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643179.986:6457853): proctitle=2F62696E2F7368002D630077676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A383038302F737461747573207C7C20657869742031"}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643179.986:6457853): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:96 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643179.986:6457853): item=0 name=\"/bin/sh\" inode=3454556 dev=00:96 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643179.986:6457853): cwd=\"/data\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643179.986:6457853): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=77676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A383038302F737461747573207C7C20657869742031"}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643179.986:6457853): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643179.986:6457853): arch=c000003e syscall=59 success=yes exit=0 a0=c00018af28 a1=c000022ac0 a2=c000022ae0 a3=0 items=2 ppid=1270368 pid=1270380 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643179.942:6457852): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643179.942:6457852): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643179.942:6457852): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643179.942:6457852): cwd=\"/var/lib/docker/rootfs/overlayfs/9d998ef1eacb3b076ca0da4256f08add55d0bbb54d81229185d76af8553a0c77\""}
{"ts": "2026-04-19T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643179.942:6457852): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643179.942:6457852): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3820 a1=c0001f7338 a2=c0001f9c00 a3=0 items=2 ppid=1270368 pid=1270378 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643179.926:6457851): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F39643939386566316561636233623037366361306461343235"}
{"ts": "2026-04-19T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643179.926:6457851): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643179.926:6457851): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643179.926:6457851): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/9d998ef1eacb3b076ca0da4256f08add55d0bbb54d81229185d76af8553a0c77\""}
{"ts": "2026-04-19T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643179.926:6457851): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/9d998ef1eacb3b076ca0da4256f08add55d0bbb54d81229185d76af8553a0c77/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1660630318\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/9d998ef1eacb3b076ca0da4256f08add55d0bbb54d81229185d76af8553a0c77/0f22fee7a53d5d42c71dfbb67b5deb6d38b489c9f1f5aea7ca79a5ec08ef8135.pid\" a14=\"9d998ef1eacb3b076ca0da4256f08add55d0bbb54d81229185d76af8553a0c77\""}
{"ts": "2026-04-19T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643179.926:6457851): arch=c000003e syscall=59 success=yes exit=0 a0=c000356580 a1=c0000a2880 a2=c0000a2900 a3=0 items=2 ppid=5503 pid=1270368 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643178.618:6457850): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-19T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643178.618:6457850): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:ad mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643178.618:6457850): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:ad mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643178.618:6457850): cwd=\"/\""}
{"ts": "2026-04-19T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643178.618:6457850): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"postgres\""}
{"ts": "2026-04-19T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643178.618:6457850): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643178.618:6457850): arch=c000003e syscall=59 success=yes exit=0 a0=7c2745c9e288 a1=7c2745c9e1e8 a2=7c2745c9e208 a3=0 items=2 ppid=5688 pid=1270359 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643178.615:6457849): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-19T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643178.615:6457849): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:ad mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643178.615:6457849): item=0 name=\"/bin/sh\" inode=8589166 dev=00:ad mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643178.615:6457849): cwd=\"/\""}
{"ts": "2026-04-19T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643178.615:6457849): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-19T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643178.615:6457849): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643178.615:6457849): arch=c000003e syscall=59 success=yes exit=0 a0=c0000fcf78 a1=c000022680 a2=c0001508c0 a3=0 items=2 ppid=1270347 pid=1270359 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643178.572:6457848): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643178.572:6457848): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643178.572:6457848): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643178.572:6457848): cwd=\"/var/lib/docker/rootfs/overlayfs/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41\""}
{"ts": "2026-04-19T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643178.572:6457848): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643178.572:6457848): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b850 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=1270347 pid=1270356 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643178.557:6457847): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36373039376639343730643235616536323333306332373865"}
{"ts": "2026-04-19T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643178.557:6457847): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643178.557:6457847): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643178.557:6457847): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41\""}
{"ts": "2026-04-19T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643178.557:6457847): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1870634528\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41/28c83ebf7d84e206a8cc6e9551dfa95ab832dafeb20d7b8b3049a29bde28d70b.pid\" a14=\"67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41\""}
{"ts": "2026-04-19T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643178.557:6457847): arch=c000003e syscall=59 success=yes exit=0 a0=c0003d4470 a1=c000296a00 a2=c000296a80 a3=0 items=2 ppid=5688 pid=1270347 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643178.366:6457846): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520646F63757365616C"}
{"ts": "2026-04-19T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643178.366:6457846): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:a3 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643178.366:6457846): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:a3 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643178.366:6457846): cwd=\"/\""}
{"ts": "2026-04-19T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643178.366:6457846): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"docuseal\""}
{"ts": "2026-04-19T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643178.366:6457846): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643178.366:6457846): arch=c000003e syscall=59 success=yes exit=0 a0=796dd8605288 a1=796dd86051e8 a2=796dd8605208 a3=0 items=2 ppid=5572 pid=1270340 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643178.363:6457845): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520646F63757365616C"}
{"ts": "2026-04-19T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643178.363:6457845): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:a3 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643178.363:6457845): item=0 name=\"/bin/sh\" inode=8589166 dev=00:a3 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643178.363:6457845): cwd=\"/\""}
{"ts": "2026-04-19T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643178.363:6457845): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520646F63757365616C"}
{"ts": "2026-04-19T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643178.363:6457845): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643178.363:6457845): arch=c000003e syscall=59 success=yes exit=0 a0=c000196f68 a1=c000022680 a2=c0000d88c0 a3=0 items=2 ppid=1270328 pid=1270340 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643178.312:6457844): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643178.312:6457844): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643178.312:6457844): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643178.312:6457844): cwd=\"/var/lib/docker/rootfs/overlayfs/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a\""}
{"ts": "2026-04-19T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643178.312:6457844): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643178.312:6457844): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5890 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=1270328 pid=1270337 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643178.297:6457843): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F33363066643730616536656237636435653039353463653966"}
{"ts": "2026-04-19T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643178.297:6457843): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643178.297:6457843): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643178.297:6457843): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a\""}
{"ts": "2026-04-19T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643178.297:6457843): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process85194249\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a/9e37b5e1a9c8f40e56454fa2493d648c7d5902c53efdf261be6300866770d409.pid\" a14=\"360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a\""}
{"ts": "2026-04-19T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643178.297:6457843): arch=c000003e syscall=59 success=yes exit=0 a0=c0003c30a0 a1=c0002c0a80 a2=c0002c0b00 a3=0 items=2 ppid=5572 pid=1270328 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643177.381:6457842): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643177.381:6457842): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6694357 dev=00:4b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643177.381:6457842): item=0 name=\"/usr/local/bin/redis-cli\" inode=6703632 dev=00:4b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643177.381:6457842): cwd=\"/data\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643177.381:6457842): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643177.381:6457842): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643177.381:6457842): arch=c000003e syscall=59 success=yes exit=0 a0=c000028760 a1=c0000a7350 a2=c0001631c0 a3=0 items=2 ppid=1270310 pid=1270322 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643177.336:6457841): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643177.336:6457841): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643177.336:6457841): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643177.336:6457841): cwd=\"/var/lib/docker/rootfs/overlayfs/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643177.336:6457841): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643177.336:6457841): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5880 a1=c0001c9350 a2=c0001cbc40 a3=0 items=2 ppid=1270310 pid=1270319 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643177.320:6457840): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F34383062353761303034306362373564646534356436663664"}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643177.320:6457840): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643177.320:6457840): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643177.320:6457840): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643177.320:6457840): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process57970037\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af/e46667bfe7be2a853194500f4220cd5bd057aecb375e9fcabecaad297a5ad12d.pid\" a14=\"480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643177.320:6457840): arch=c000003e syscall=59 success=yes exit=0 a0=c0000e65c0 a1=c000103980 a2=c000103b00 a3=0 items=2 ppid=5107 pid=1270310 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643177.188:6457839): proctitle=77676574002D2D737069646572002D7100687474703A2F2F3132372E302E302E313A38383838"}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643177.188:6457839): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:ca mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643177.188:6457839): item=0 name=\"/usr/bin/wget\" inode=8589166 dev=00:ca mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643177.188:6457839): cwd=\"/\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643177.188:6457839): argc=4 a0=\"wget\" a1=\"--spider\" a2=\"-q\" a3=\"http://127.0.0.1:8888\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643177.188:6457839): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643177.188:6457839): arch=c000003e syscall=59 success=yes exit=0 a0=7b079d052430 a1=7b079d0523a8 a2=7b079d0523d0 a3=0 items=2 ppid=1270301 pid=1270309 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643177.182:6457838): proctitle=2F62696E2F7368002D630077676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A38383838207C7C20657869742031"}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643177.182:6457838): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:ca mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643177.182:6457838): item=0 name=\"/bin/sh\" inode=8589166 dev=00:ca mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643177.182:6457838): cwd=\"/\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643177.182:6457838): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=77676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A38383838207C7C20657869742031"}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643177.182:6457838): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643177.182:6457838): arch=c000003e syscall=59 success=yes exit=0 a0=c000194f98 a1=c000022660 a2=c0000de320 a3=0 items=2 ppid=13525 pid=1270301 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643177.180:6457837): proctitle=2F62696E2F7368002D630070675F69737265616479202D552077696E646D696C6C5F75736572202D642077696E646D696C6C5F6462"}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643177.180:6457837): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643177.180:6457837): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643177.180:6457837): cwd=\"/\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643177.180:6457837): argc=5 a0=\"pg_isready\" a1=\"-U\" a2=\"windmill_user\" a3=\"-d\" a4=\"windmill_db\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643177.180:6457837): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643177.180:6457837): arch=c000003e syscall=59 success=yes exit=0 a0=76b4c59db3f8 a1=76b4c59db290 a2=76b4c59db378 a3=0 items=2 ppid=4404 pid=1270276 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643177.171:6457836): proctitle=2F62696E2F7368002D630070675F69737265616479202D552077696E646D696C6C5F75736572202D642077696E646D696C6C5F6462"}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643177.171:6457836): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643177.171:6457836): item=0 name=\"/bin/sh\" inode=8589166 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643177.171:6457836): cwd=\"/\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643177.171:6457836): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552077696E646D696C6C5F75736572202D642077696E646D696C6C5F6462"}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643177.171:6457836): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643177.171:6457836): arch=c000003e syscall=59 success=yes exit=0 a0=c0000fcf68 a1=c000022680 a2=c0001588c0 a3=0 items=2 ppid=4404 pid=1270276 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643177.168:6457835): proctitle=2F62696E2F7368002D630070675F69737265616479202D552074797065626F74"}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643177.168:6457835): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:85 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643177.168:6457835): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:85 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643177.168:6457835): cwd=\"/\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643177.168:6457835): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"typebot\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643177.168:6457835): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643177.168:6457835): arch=c000003e syscall=59 success=yes exit=0 a0=78cb36d43278 a1=78cb36d431d8 a2=78cb36d431f8 a3=8080808080808080 items=2 ppid=4609 pid=1270277 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643177.165:6457834): proctitle=2F62696E2F7368002D630070675F69737265616479202D552074797065626F74"}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643177.165:6457834): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:85 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643177.165:6457834): item=0 name=\"/bin/sh\" inode=8589166 dev=00:85 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643177.165:6457834): cwd=\"/\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643177.165:6457834): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552074797065626F74"}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643177.165:6457834): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643177.165:6457834): arch=c000003e syscall=59 success=yes exit=0 a0=c00018cf38 a1=c000022ac0 a2=c0001348c0 a3=0 items=2 ppid=1270247 pid=1270277 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643177.142:6457833): proctitle=77676574002D2D737069646572002D7100687474703A2F2F6C6F63616C686F73742F"}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643177.142:6457833): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:44 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643177.142:6457833): item=0 name=\"/usr/bin/wget\" inode=8589166 dev=00:44 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643177.142:6457833): cwd=\"/\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643177.142:6457833): argc=4 a0=\"wget\" a1=\"--spider\" a2=\"-q\" a3=\"http://localhost/\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643177.142:6457833): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643177.142:6457833): arch=c000003e syscall=59 success=yes exit=0 a0=c00018cfb0 a1=c0000c7920 a2=c00013a320 a3=0 items=2 ppid=1270233 pid=1270246 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643177.130:6457832): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643177.130:6457832): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643177.130:6457832): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:162 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643177.130:6457832): cwd=\"/var/lib/docker/rootfs/overlayfs/ab2e3743421ef3813c5eceaa1eec8c8d50314508a1b02e6d87d88698f045c5f5\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643177.130:6457832): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643177.130:6457832): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c58a0 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=1270273 pid=1270298 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643177.115:6457831): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F61623265333734333432316566333831336335656365616131"}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643177.115:6457831): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643177.115:6457831): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643177.115:6457831): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/ab2e3743421ef3813c5eceaa1eec8c8d50314508a1b02e6d87d88698f045c5f5\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643177.115:6457831): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/ab2e3743421ef3813c5eceaa1eec8c8d50314508a1b02e6d87d88698f045c5f5/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1923809802\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/ab2e3743421ef3813c5eceaa1eec8c8d50314508a1b02e6d87d88698f045c5f5/1989e73e7d23b2323566de8f607468b0092aac5823d648a2812ee54816fa56d6.pid\" a14=\"ab2e3743421ef3813c5eceaa1eec8c8d50314508a1b02e6d87d88698f045c5f5\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643177.115:6457831): arch=c000003e syscall=59 success=yes exit=0 a0=c0000c08e0 a1=c00027c480 a2=c00027c500 a3=0 items=2 ppid=13525 pid=1270273 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643177.112:6457830): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643177.112:6457830): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643177.112:6457830): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:15a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643177.112:6457830): cwd=\"/var/lib/docker/rootfs/overlayfs/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643177.112:6457830): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643177.112:6457830): arch=c000003e syscall=59 success=yes exit=0 a0=c00009e130 a1=c0000ca000 a2=c0000b2100 a3=0 items=2 ppid=1270247 pid=1270272 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643177.107:6457829): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643177.107:6457829): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643177.107:6457829): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:11f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643177.107:6457829): cwd=\"/var/lib/docker/rootfs/overlayfs/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643177.107:6457829): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643177.107:6457829): arch=c000003e syscall=59 success=yes exit=0 a0=c00024d890 a1=c000251350 a2=c000253c80 a3=0 items=2 ppid=1270244 pid=1270268 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643177.091:6457828): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F61353866643439636235323962633263336335663434343763"}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643177.091:6457828): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643177.091:6457828): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643177.091:6457828): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643177.091:6457828): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3433497772\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b/79e1e7f8137c92f4c9c663eba7a62f282fff9aa0fb9fc23d73a9db414dcf6ac5.pid\" a14=\"a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643177.091:6457828): arch=c000003e syscall=59 success=yes exit=0 a0=c000227c90 a1=c0000ffd00 a2=c0000ffd80 a3=0 items=2 ppid=4609 pid=1270247 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643177.088:6457827): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F32613336356335636263646565393463656638656238333338"}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643177.088:6457827): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643177.088:6457827): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643177.088:6457827): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643177.088:6457827): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1781622975\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c/79a516298ede93012df79e2226cc365e25c742f5be4b1e28d36b863c5fad41b6.pid\" a14=\"2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643177.088:6457827): arch=c000003e syscall=59 success=yes exit=0 a0=c000389670 a1=c0003b2b00 a2=c0003b2b80 a3=0 items=2 ppid=4404 pid=1270244 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643177.086:6457826): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643177.086:6457826): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643177.086:6457826): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643177.086:6457826): cwd=\"/var/lib/docker/rootfs/overlayfs/c9028647dd6e7c38e14daba47c7c457dc7968b27ced9d920b9994d3ba9399ec2\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643177.086:6457826): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643177.086:6457826): arch=c000003e syscall=59 success=yes exit=0 a0=c000173860 a1=c000177338 a2=c000179c80 a3=0 items=2 ppid=1270233 pid=1270240 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643177.071:6457825): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F63393032383634376464366537633338653134646162613437"}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643177.071:6457825): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643177.071:6457825): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643177.071:6457825): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/c9028647dd6e7c38e14daba47c7c457dc7968b27ced9d920b9994d3ba9399ec2\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643177.071:6457825): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/c9028647dd6e7c38e14daba47c7c457dc7968b27ced9d920b9994d3ba9399ec2/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2396050685\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/c9028647dd6e7c38e14daba47c7c457dc7968b27ced9d920b9994d3ba9399ec2/04fa01c5f7cb649a079a73b6cfff2d3e1800783ff879f48dc5a9ad6e70db6941.pid\" a14=\"c9028647dd6e7c38e14daba47c7c457dc7968b27ced9d920b9994d3ba9399ec2\""}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643177.071:6457825): arch=c000003e syscall=59 success=yes exit=0 a0=c0002206f0 a1=c000248400 a2=c000248480 a3=0 items=2 ppid=4636 pid=1270233 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643176.903:6457824): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643176.903:6457824): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643176.903:6457824): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643176.903:6457824): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643176.903:6457824): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643176.903:6457824): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643176.903:6457824): arch=c000003e syscall=59 success=yes exit=0 a0=7276055e5d60 a1=7275b04428c0 a2=5d751c63aa40 a3=8 items=2 ppid=6449 pid=1270230 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643176.903:6457823): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643176.903:6457823): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643176.903:6457823): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643176.903:6457823): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b04428c0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1270230 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643176.903:6457822): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643176.903:6457822): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643176.903:6457822): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643176.903:6457822): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b04428c0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1270230 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643176.903:6457821): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643176.903:6457821): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643176.903:6457821): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643176.903:6457821): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b04428c0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1270230 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643176.903:6457820): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643176.903:6457820): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643176.903:6457820): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643176.903:6457820): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b04428c0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1270230 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643176.902:6457819): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643176.902:6457819): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643176.902:6457819): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643176.902:6457819): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b04428c0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1270230 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643176.902:6457818): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643176.902:6457818): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643176.902:6457818): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643176.902:6457818): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b04428c0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1270230 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643176.900:6457817): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643176.900:6457817): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643176.900:6457817): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643176.900:6457817): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643176.900:6457817): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643176.900:6457817): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643176.900:6457817): arch=c000003e syscall=59 success=yes exit=0 a0=7276055e5d60 a1=7275b0442920 a2=5d751c63aa40 a3=8 items=2 ppid=6449 pid=1270229 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643176.900:6457816): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643176.900:6457816): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643176.900:6457816): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643176.900:6457816): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b0442920 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1270229 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643176.900:6457815): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643176.900:6457815): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643176.900:6457815): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643176.900:6457815): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b0442920 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1270229 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643176.900:6457814): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643176.900:6457814): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643176.900:6457814): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643176.900:6457814): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b0442920 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1270229 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643176.900:6457813): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643176.900:6457813): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643176.900:6457813): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643176.900:6457813): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b0442920 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1270229 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643176.900:6457812): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643176.900:6457812): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643176.900:6457812): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643176.900:6457812): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b0442920 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1270229 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643176.899:6457811): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643176.899:6457811): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643176.899:6457811): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643176.899:6457811): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b0442920 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1270229 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643176.896:6457810): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643176.896:6457810): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643176.896:6457810): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643176.896:6457810): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643176.896:6457810): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643176.896:6457810): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643176.896:6457810): arch=c000003e syscall=59 success=yes exit=0 a0=7276055e5d60 a1=72756820b0c0 a2=5d751c63aa40 a3=8 items=2 ppid=6449 pid=1270228 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643176.896:6457809): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643176.896:6457809): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643176.896:6457809): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643176.896:6457809): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=72756820b0c0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1270228 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643176.896:6457808): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643176.896:6457808): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643176.896:6457808): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643176.896:6457808): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=72756820b0c0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1270228 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643176.896:6457807): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643176.896:6457807): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643176.896:6457807): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643176.896:6457807): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=72756820b0c0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1270228 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643176.896:6457806): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643176.896:6457806): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643176.896:6457806): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643176.896:6457806): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=72756820b0c0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1270228 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643176.896:6457805): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643176.896:6457805): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643176.896:6457805): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643176.896:6457805): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=72756820b0c0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1270228 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643176.895:6457804): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643176.895:6457804): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643176.895:6457804): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643176.895:6457804): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=72756820b0c0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1270228 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643175.844:6457803): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643175.844:6457803): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643175.844:6457803): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643175.844:6457803): cwd=\"/var/lib/docker/rootfs/overlayfs/b539c3db94427db38e2f205e13ee104b50afa8ebe28e8de6717563f9b880c08e\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643175.844:6457803): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643175.844:6457803): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b810 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=1270206 pid=1270215 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643175.828:6457802): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F62353339633364623934343237646233386532663230356531"}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643175.828:6457802): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643175.828:6457802): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643175.828:6457802): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/b539c3db94427db38e2f205e13ee104b50afa8ebe28e8de6717563f9b880c08e\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643175.828:6457802): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/b539c3db94427db38e2f205e13ee104b50afa8ebe28e8de6717563f9b880c08e/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1428086465\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/b539c3db94427db38e2f205e13ee104b50afa8ebe28e8de6717563f9b880c08e/f612fa6a7078055c9de595bb08ae1141c03dbe59ef32ab18cab0c3ab42e9a166.pid\" a14=\"b539c3db94427db38e2f205e13ee104b50afa8ebe28e8de6717563f9b880c08e\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643175.828:6457802): arch=c000003e syscall=59 success=yes exit=0 a0=c0000108e0 a1=c0001f4880 a2=c0001f4a80 a3=0 items=2 ppid=5456 pid=1270206 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643175.269:6457801): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643175.269:6457801): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6694357 dev=00:6b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643175.269:6457801): item=0 name=\"/usr/local/bin/redis-cli\" inode=6703632 dev=00:6b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643175.269:6457801): cwd=\"/data\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643175.269:6457801): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643175.269:6457801): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643175.269:6457801): arch=c000003e syscall=59 success=yes exit=0 a0=c000028760 a1=c00009f350 a2=c0001651c0 a3=0 items=2 ppid=1270188 pid=1270200 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643175.226:6457800): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643175.226:6457800): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643175.226:6457800): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643175.226:6457800): cwd=\"/var/lib/docker/rootfs/overlayfs/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643175.226:6457800): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643175.226:6457800): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b830 a1=c00017f338 a2=c000181c00 a3=0 items=2 ppid=1270188 pid=1270198 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643175.211:6457799): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F30613638333732643666643238323031363834626539383237"}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643175.211:6457799): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643175.211:6457799): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643175.211:6457799): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643175.211:6457799): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3120977718\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748/87b0540b61e4e8b795a6f5d5f29d499ceb5f82c771820072631c255c9ff09bcd.pid\" a14=\"0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643175.211:6457799): arch=c000003e syscall=59 success=yes exit=0 a0=c0000b75f0 a1=c00038c080 a2=c00038c100 a3=0 items=2 ppid=4707 pid=1270188 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643174.999:6457798): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.999:6457798): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:bf mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.999:6457798): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:bf mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643174.999:6457798): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643174.999:6457798): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643174.999:6457798): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643174.999:6457798): arch=c000003e syscall=59 success=yes exit=0 a0=7cf488ecad60 a1=7cf439403f80 a2=570e063f2a40 a3=8 items=2 ppid=6698 pid=1270187 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643174.999:6457797): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.999:6457797): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643174.999:6457797): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643174.999:6457797): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf439403f80 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1270187 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643174.999:6457796): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.999:6457796): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643174.999:6457796): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643174.999:6457796): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf439403f80 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1270187 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643174.999:6457795): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.999:6457795): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643174.999:6457795): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643174.999:6457795): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf439403f80 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1270187 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643174.999:6457794): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.999:6457794): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643174.999:6457794): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643174.999:6457794): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf439403f80 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1270187 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643174.999:6457793): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.999:6457793): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643174.999:6457793): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643174.999:6457793): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf439403f80 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1270187 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643174.999:6457792): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.999:6457792): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643174.999:6457792): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643174.999:6457792): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf439403f80 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1270187 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643174.996:6457791): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.996:6457791): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:bf mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.996:6457791): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:bf mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643174.996:6457791): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643174.996:6457791): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643174.996:6457791): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643174.996:6457791): arch=c000003e syscall=59 success=yes exit=0 a0=7cf488ecad60 a1=7cf439403de0 a2=570e063f2a40 a3=8 items=2 ppid=6698 pid=1270186 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643174.996:6457790): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.996:6457790): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643174.996:6457790): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643174.996:6457790): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf439403de0 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1270186 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643174.996:6457789): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.996:6457789): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643174.996:6457789): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643174.996:6457789): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf439403de0 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1270186 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643174.996:6457788): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.996:6457788): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643174.996:6457788): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643174.996:6457788): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf439403de0 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1270186 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643174.996:6457787): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.996:6457787): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643174.996:6457787): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643174.996:6457787): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf439403de0 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1270186 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643174.995:6457786): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.995:6457786): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643174.995:6457786): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643174.995:6457786): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf439403de0 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1270186 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643174.995:6457785): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.995:6457785): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643174.995:6457785): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643174.995:6457785): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf439403de0 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1270186 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643174.992:6457784): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.992:6457784): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:bf mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.992:6457784): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:bf mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643174.992:6457784): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643174.992:6457784): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643174.992:6457784): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643174.992:6457784): arch=c000003e syscall=59 success=yes exit=0 a0=7cf488ecad60 a1=7cf439405020 a2=570e063f2a40 a3=8 items=2 ppid=6698 pid=1270185 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643174.992:6457783): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.992:6457783): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643174.992:6457783): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643174.992:6457783): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf439405020 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1270185 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643174.992:6457782): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.992:6457782): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643174.992:6457782): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643174.992:6457782): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf439405020 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1270185 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643174.992:6457781): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.992:6457781): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643174.992:6457781): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643174.992:6457781): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf439405020 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1270185 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643174.992:6457780): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.992:6457780): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643174.992:6457780): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643174.992:6457780): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf439405020 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1270185 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643174.992:6457779): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.992:6457779): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643174.992:6457779): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643174.992:6457779): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf439405020 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1270185 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643174.992:6457778): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.992:6457778): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643174.992:6457778): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643174.992:6457778): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ecad60 a1=7cf439405020 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1270185 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643174.875:6457777): proctitle=6D617269616462002D2D64656661756C74732D65787472612D66696C653D2F7661722F6C69622F6D7973716C2F2E6D792D6865616C7468636865636B2E636E66002D2D70726F746F636F6C00736F636B6574002D42002D2D736B69702D636F6C756D6E2D6E616D6573002D650073656C65637420312066726F6D20696E666F72"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.875:6457777): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:61 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.875:6457777): item=0 name=\"/usr/bin/mariadb\" inode=7117817 dev=00:61 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643174.875:6457777): cwd=\"/\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643174.875:6457777): argc=8 a0=\"mariadb\" a1=\"--defaults-extra-file=/var/lib/mysql/.my-healthcheck.cnf\" a2=\"--protocol\" a3=\"socket\" a4=\"-B\" a5=\"--skip-column-names\" a6=\"-e\" a7=73656C65637420312066726F6D20696E666F726D6174696F6E5F736368656D612E454E47494E455320574845524520656E67696E653D27696E6E6F64622720414E4420737570706F727420696E202827594553272C202744454641554C54272C2027454E41424C45442729"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643174.875:6457777): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643174.875:6457777): arch=c000003e syscall=59 success=yes exit=0 a0=5d94fad56990 a1=5d94fad789c0 a2=5d94fad57860 a3=8 items=2 ppid=1270175 pid=1270182 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"mariadb\" exe=\"/usr/bin/mariadb\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643174.855:6457776): proctitle=6D617269616462002D2D64656661756C74732D65787472612D66696C653D2F7661722F6C69622F6D7973716C2F2E6D792D6865616C7468636865636B2E636E66002D2D70726F746F636F6C00736F636B6574002D42002D2D736B69702D636F6C756D6E2D6E616D6573002D650073656C656374204040736B69705F6E6574776F"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.855:6457776): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:61 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.855:6457776): item=0 name=\"/usr/bin/mariadb\" inode=7117817 dev=00:61 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643174.855:6457776): cwd=\"/\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643174.855:6457776): argc=8 a0=\"mariadb\" a1=\"--defaults-extra-file=/var/lib/mysql/.my-healthcheck.cnf\" a2=\"--protocol\" a3=\"socket\" a4=\"-B\" a5=\"--skip-column-names\" a6=\"-e\" a7=73656C656374204040736B69705F6E6574776F726B696E67"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643174.855:6457776): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643174.855:6457776): arch=c000003e syscall=59 success=yes exit=0 a0=5d94fad56fe0 a1=5d94fad78810 a2=5d94fad574a0 a3=8 items=2 ppid=1270175 pid=1270181 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"mariadb\" exe=\"/usr/bin/mariadb\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643174.847:6457775): proctitle=2F62696E2F62617368002F7573722F6C6F63616C2F62696E2F6865616C7468636865636B2E7368002D2D636F6E6E656374002D2D696E6E6F64625F696E697469616C697A6564"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.847:6457775): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:61 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.847:6457775): item=1 name=\"/bin/bash\" inode=6963796 dev=00:61 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.847:6457775): item=0 name=\"/usr/local/bin/healthcheck.sh\" inode=7348502 dev=00:61 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643174.847:6457775): cwd=\"/\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643174.847:6457775): argc=4 a0=\"/bin/bash\" a1=\"/usr/local/bin/healthcheck.sh\" a2=\"--connect\" a3=\"--innodb_initialized\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643174.847:6457775): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643174.847:6457775): arch=c000003e syscall=59 success=yes exit=0 a0=c0000289a0 a1=c000022aa0 a2=c00013a320 a3=0 items=3 ppid=5740 pid=1270175 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"healthcheck.sh\" exe=\"/usr/bin/bash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643174.799:6457774): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.799:6457774): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.799:6457774): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643174.799:6457774): cwd=\"/var/lib/docker/rootfs/overlayfs/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643174.799:6457774): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643174.799:6457774): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5890 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=1270163 pid=1270172 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643174.785:6457773): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F37656465303139653363623065383839303138636162386266"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.785:6457773): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.785:6457773): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643174.785:6457773): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643174.785:6457773): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3284391342\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7/7b4b07b4ffa816a84c5c8a0b4f4bacdf9f4a044239480df1e310511a4636b194.pid\" a14=\"7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643174.785:6457773): arch=c000003e syscall=59 success=yes exit=0 a0=c000401160 a1=c000001d00 a2=c000001d80 a3=0 items=2 ppid=5740 pid=1270163 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643174.737:6457772): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.737:6457772): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.737:6457772): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643174.737:6457772): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643174.737:6457772): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643174.737:6457772): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643174.737:6457772): arch=c000003e syscall=59 success=yes exit=0 a0=75b00d839d60 a1=75afebc00840 a2=572859f88650 a3=8 items=2 ppid=6470 pid=1270162 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643174.737:6457771): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.737:6457771): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643174.737:6457771): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643174.737:6457771): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00840 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1270162 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643174.736:6457770): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.736:6457770): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643174.736:6457770): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643174.736:6457770): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00840 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1270162 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643174.736:6457769): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.736:6457769): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643174.736:6457769): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643174.736:6457769): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00840 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1270162 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643174.736:6457768): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.736:6457768): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643174.736:6457768): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643174.736:6457768): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00840 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1270162 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643174.736:6457767): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.736:6457767): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643174.736:6457767): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643174.736:6457767): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00840 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1270162 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643174.736:6457766): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.736:6457766): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643174.736:6457766): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643174.736:6457766): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00840 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1270162 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643174.734:6457765): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.734:6457765): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.734:6457765): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643174.734:6457765): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643174.734:6457765): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643174.734:6457765): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643174.734:6457765): arch=c000003e syscall=59 success=yes exit=0 a0=75b00d839d60 a1=75afebc00880 a2=572859f88650 a3=8 items=2 ppid=6470 pid=1270161 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643174.733:6457764): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.733:6457764): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643174.733:6457764): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643174.733:6457764): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00880 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1270161 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643174.733:6457763): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.733:6457763): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643174.733:6457763): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643174.733:6457763): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00880 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1270161 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643174.733:6457762): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.733:6457762): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643174.733:6457762): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643174.733:6457762): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00880 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1270161 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643174.733:6457761): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.733:6457761): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643174.733:6457761): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643174.733:6457761): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00880 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1270161 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643174.733:6457760): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.733:6457760): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643174.733:6457760): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643174.733:6457760): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00880 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1270161 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643174.733:6457759): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.733:6457759): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643174.733:6457759): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643174.733:6457759): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00880 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1270161 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643174.730:6457758): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.730:6457758): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.730:6457758): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643174.730:6457758): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643174.730:6457758): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643174.730:6457758): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643174.730:6457758): arch=c000003e syscall=59 success=yes exit=0 a0=75b00d839d60 a1=75afebc00780 a2=572859f88650 a3=8 items=2 ppid=6470 pid=1270160 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643174.730:6457757): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.730:6457757): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643174.730:6457757): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643174.730:6457757): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00780 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1270160 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643174.730:6457756): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.730:6457756): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643174.730:6457756): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643174.730:6457756): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00780 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1270160 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643174.730:6457755): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.730:6457755): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643174.730:6457755): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643174.730:6457755): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00780 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1270160 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643174.730:6457754): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.730:6457754): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643174.730:6457754): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643174.730:6457754): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00780 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1270160 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643174.729:6457753): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.729:6457753): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643174.729:6457753): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643174.729:6457753): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00780 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1270160 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643174.729:6457752): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.729:6457752): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643174.729:6457752): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643174.729:6457752): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00780 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1270160 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643174.436:6457751): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.436:6457751): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.436:6457751): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643174.436:6457751): cwd=\"/var/lib/docker/rootfs/overlayfs/531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643174.436:6457751): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643174.436:6457751): arch=c000003e syscall=59 success=yes exit=0 a0=c000173860 a1=c000177338 a2=c000179c80 a3=0 items=2 ppid=1270141 pid=1270150 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643174.419:6457750): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F35333161623839363863653834346231386230623365626166"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.419:6457750): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.419:6457750): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643174.419:6457750): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643174.419:6457750): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process196738908\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50/2cbcd36c22d6a0ed8642283aef29d4874f99497e23996bcaae4243cd74ce392c.pid\" a14=\"531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643174.419:6457750): arch=c000003e syscall=59 success=yes exit=0 a0=c000098ab0 a1=c00030ea00 a2=c00030ec00 a3=0 items=2 ppid=5521 pid=1270141 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643174.054:6457749): proctitle=77676574002D2D737069646572002D7100687474703A2F2F3132372E302E302E313A383038302F737461747573"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.054:6457749): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:3e mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.054:6457749): item=0 name=\"/usr/bin/wget\" inode=3454556 dev=00:3e mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643174.054:6457749): cwd=\"/data\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643174.054:6457749): argc=4 a0=\"wget\" a1=\"--spider\" a2=\"-q\" a3=\"http://127.0.0.1:8080/status\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643174.054:6457749): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643174.054:6457749): arch=c000003e syscall=59 success=yes exit=0 a0=734396b24408 a1=734396b243b0 a2=734396b243d8 a3=8080808080808080 items=2 ppid=1270134 pid=1270140 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643174.051:6457748): proctitle=2F62696E2F7368002D630077676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A383038302F737461747573207C7C20657869742031"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.051:6457748): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:3e mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.051:6457748): item=0 name=\"/bin/sh\" inode=3454556 dev=00:3e mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643174.051:6457748): cwd=\"/data\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643174.051:6457748): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=77676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A383038302F737461747573207C7C20657869742031"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643174.051:6457748): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643174.051:6457748): arch=c000003e syscall=59 success=yes exit=0 a0=c00017ef58 a1=c000022680 a2=c0000226a0 a3=0 items=2 ppid=1270122 pid=1270134 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643174.009:6457747): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.009:6457747): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643174.009:6457747): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643174.009:6457747): cwd=\"/var/lib/docker/rootfs/overlayfs/dc584acf339b0dd02a15498b48f6353fdccfb4b26c1ae9c833c37fffce3c4bfa\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643174.009:6457747): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643174.009:6457747): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5870 a1=c0001c9350 a2=c0001cbc40 a3=0 items=2 ppid=1270122 pid=1270132 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643173.993:6457746): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F64633538346163663333396230646430326131353439386234"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643173.993:6457746): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643173.993:6457746): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643173.993:6457746): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/dc584acf339b0dd02a15498b48f6353fdccfb4b26c1ae9c833c37fffce3c4bfa\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643173.993:6457746): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/dc584acf339b0dd02a15498b48f6353fdccfb4b26c1ae9c833c37fffce3c4bfa/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3066431421\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/dc584acf339b0dd02a15498b48f6353fdccfb4b26c1ae9c833c37fffce3c4bfa/ec301533cf5dd145f82063570042ff9b2b9c4ae4811e4cb0bbaaac1c946ae28c.pid\" a14=\"dc584acf339b0dd02a15498b48f6353fdccfb4b26c1ae9c833c37fffce3c4bfa\""}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643173.993:6457746): arch=c000003e syscall=59 success=yes exit=0 a0=c00019d6d0 a1=c000202e00 a2=c000202e80 a3=0 items=2 ppid=3786 pid=1270122 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643173.903:6457745): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550067726F777468626F6F6B002D6400706F737467726573"}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643173.903:6457745): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643173.903:6457745): item=0 name=\"/usr/lib/postgresql/17/bin/pg_isready\" inode=3958125 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643173.903:6457745): cwd=\"/\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643173.903:6457745): argc=5 a0=\"/usr/lib/postgresql/17/bin/pg_isready\" a1=\"-U\" a2=\"growthbook\" a3=\"-d\" a4=\"postgres\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643173.903:6457745): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643173.903:6457745): arch=c000003e syscall=59 success=yes exit=0 a0=575b648a8310 a1=575b6495efe0 a2=575b645df970 a3=78ea6890ae70 items=2 ppid=1270114 pid=1270120 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/lib/postgresql/17/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643173.865:6457744): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550067726F777468626F6F6B002D6400706F737467726573"}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643173.865:6457744): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643173.865:6457744): item=1 name=\"/usr/bin/perl\" inode=6956288 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643173.865:6457744): item=0 name=\"/usr/bin/pg_isready\" inode=4211279 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643173.865:6457744): cwd=\"/\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643173.865:6457744): argc=6 a0=\"/usr/bin/perl\" a1=\"/usr/bin/pg_isready\" a2=\"-U\" a3=\"growthbook\" a4=\"-d\" a5=\"postgres\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643173.865:6457744): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643173.865:6457744): arch=c000003e syscall=59 success=yes exit=0 a0=5e422b0ed640 a1=5e42277a79a8 a2=5e422b0ed5d8 a3=8 items=3 ppid=1270114 pid=1270120 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/bin/perl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643173.861:6457743): proctitle=2F62696E2F7368002D630070675F69737265616479202D552067726F777468626F6F6B202D6420706F737467726573"}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643173.861:6457743): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643173.861:6457743): item=0 name=\"/bin/sh\" inode=6954646 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643173.861:6457743): cwd=\"/\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643173.861:6457743): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552067726F777468626F6F6B202D6420706F737467726573"}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643173.861:6457743): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643173.861:6457743): arch=c000003e syscall=59 success=yes exit=0 a0=c00017ae80 a1=c000022ac0 a2=c0001000c0 a3=0 items=2 ppid=1270102 pid=1270114 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/usr/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643173.811:6457742): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550070726F6D6574686575735F61646D696E002D640070726F6D6574686575735F61646D696E"}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643173.811:6457742): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=5581428 dev=00:95 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643173.811:6457742): item=0 name=\"/usr/lib/postgresql/17/bin/pg_isready\" inode=5809487 dev=00:95 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643173.811:6457742): cwd=\"/\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643173.811:6457742): argc=5 a0=\"/usr/lib/postgresql/17/bin/pg_isready\" a1=\"-U\" a2=\"prometheus_admin\" a3=\"-d\" a4=\"prometheus_admin\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643173.811:6457742): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643173.811:6457742): arch=c000003e syscall=59 success=yes exit=0 a0=5736a6994680 a1=5736a6a21560 a2=5736a6683970 a3=7fbb452d8e70 items=2 ppid=1270095 pid=1270101 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/lib/postgresql/17/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643173.806:6457741): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643173.806:6457741): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643173.806:6457741): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643173.806:6457741): cwd=\"/var/lib/docker/rootfs/overlayfs/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643173.806:6457741): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643173.806:6457741): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b830 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=1270102 pid=1270110 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643173.792:6457740): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F30326662356464303063653239313436373264356635333762"}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643173.792:6457740): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643173.792:6457740): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643173.792:6457740): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643173.792:6457740): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process116426018\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf/1dcb757ed38481a8d5ca1553855ef65c32db3377865234ac142e8858a3b5a1d9.pid\" a14=\"02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643173.792:6457740): arch=c000003e syscall=59 success=yes exit=0 a0=c0001dbb10 a1=c00037e180 a2=c00037e200 a3=0 items=2 ppid=4615 pid=1270102 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643173.771:6457739): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550070726F6D6574686575735F61646D696E002D640070726F6D6574686575735F61646D696E"}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643173.771:6457739): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=5581428 dev=00:95 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643173.771:6457739): item=1 name=\"/usr/bin/perl\" inode=5580916 dev=00:95 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643173.771:6457739): item=0 name=\"/usr/bin/pg_isready\" inode=5823482 dev=00:95 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643173.771:6457739): cwd=\"/\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643173.771:6457739): argc=6 a0=\"/usr/bin/perl\" a1=\"/usr/bin/pg_isready\" a2=\"-U\" a3=\"prometheus_admin\" a4=\"-d\" a5=\"prometheus_admin\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643173.771:6457739): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643173.771:6457739): arch=c000003e syscall=59 success=yes exit=0 a0=61e48af41678 a1=61e48af415e0 a2=61e48af41610 a3=8 items=3 ppid=1270095 pid=1270101 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/bin/perl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643173.766:6457738): proctitle=2F62696E2F7368002D630070675F69737265616479202D552070726F6D6574686575735F61646D696E202D642070726F6D6574686575735F61646D696E"}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643173.766:6457738): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=5581428 dev=00:95 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643173.766:6457738): item=0 name=\"/bin/sh\" inode=5580787 dev=00:95 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643173.766:6457738): cwd=\"/\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643173.766:6457738): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552070726F6D6574686575735F61646D696E202D642070726F6D6574686575735F61646D696E"}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643173.766:6457738): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643173.766:6457738): arch=c000003e syscall=59 success=yes exit=0 a0=c00018ae80 a1=c000022ac0 a2=c00018e0c0 a3=0 items=2 ppid=5764 pid=1270095 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/usr/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643173.717:6457737): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643173.717:6457737): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643173.717:6457737): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643173.717:6457737): cwd=\"/var/lib/docker/rootfs/overlayfs/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643173.717:6457737): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643173.717:6457737): arch=c000003e syscall=59 success=yes exit=0 a0=c0001eb830 a1=c0001ef338 a2=c0001f1c40 a3=0 items=2 ppid=1270083 pid=1270092 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643173.702:6457736): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F39366463666130373439336431613065353531353136646432"}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643173.702:6457736): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643173.702:6457736): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643173.702:6457736): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643173.702:6457736): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3522566460\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24/d6829952be95c100cf4bb4186bde5ef93b3236a9a78bebc317806940546dfcd2.pid\" a14=\"96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643173.702:6457736): arch=c000003e syscall=59 success=yes exit=0 a0=c000099580 a1=c0001eed00 a2=c0001eed80 a3=0 items=2 ppid=5764 pid=1270083 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643173.010:6457735): proctitle=77676574002D2D737069646572002D7100687474703A2F2F3132372E302E302E313A393333332F636C75737465722F737461747573"}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643173.010:6457735): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:65 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643173.010:6457735): item=0 name=\"/usr/bin/wget\" inode=3454556 dev=00:65 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643173.010:6457735): cwd=\"/data\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643173.010:6457735): argc=4 a0=\"wget\" a1=\"--spider\" a2=\"-q\" a3=\"http://127.0.0.1:9333/cluster/status\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643173.010:6457735): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643173.010:6457735): arch=c000003e syscall=59 success=yes exit=0 a0=7a302bb73420 a1=7a302bb733c8 a2=7a302bb733f0 a3=8080808080808080 items=2 ppid=1270074 pid=1270082 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643173.007:6457734): proctitle=2F62696E2F7368002D630077676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A393333332F636C75737465722F737461747573207C7C20657869742031"}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643173.007:6457734): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:65 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643173.007:6457734): item=0 name=\"/bin/sh\" inode=3454556 dev=00:65 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643173.007:6457734): cwd=\"/data\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643173.007:6457734): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=77676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A393333332F636C75737465722F737461747573207C7C20657869742031"}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643173.007:6457734): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643173.007:6457734): arch=c000003e syscall=59 success=yes exit=0 a0=c00017cf58 a1=c000022680 a2=c0000226a0 a3=0 items=2 ppid=1270061 pid=1270074 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643172.964:6457733): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643172.964:6457733): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643172.964:6457733): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643172.964:6457733): cwd=\"/var/lib/docker/rootfs/overlayfs/9612e9a9cd05b29cb2ee3eccae08eb37ef3d57af2d60123bf141f27ea9c04205\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643172.964:6457733): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643172.964:6457733): arch=c000003e syscall=59 success=yes exit=0 a0=c000245870 a1=c000249350 a2=c00024bc40 a3=0 items=2 ppid=1270061 pid=1270071 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643172.947:6457732): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F39363132653961396364303562323963623265653365636361"}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643172.947:6457732): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643172.947:6457732): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643172.947:6457732): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/9612e9a9cd05b29cb2ee3eccae08eb37ef3d57af2d60123bf141f27ea9c04205\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643172.947:6457732): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/9612e9a9cd05b29cb2ee3eccae08eb37ef3d57af2d60123bf141f27ea9c04205/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3152592931\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/9612e9a9cd05b29cb2ee3eccae08eb37ef3d57af2d60123bf141f27ea9c04205/61131e0397bd4c24d5e73c15e1bc1598cd77ee4c15832288bf93c16d909405a3.pid\" a14=\"9612e9a9cd05b29cb2ee3eccae08eb37ef3d57af2d60123bf141f27ea9c04205\""}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643172.947:6457732): arch=c000003e syscall=59 success=yes exit=0 a0=c000215df0 a1=c00025d480 a2=c00025d500 a3=0 items=2 ppid=3980 pid=1270061 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643172.802:6457731): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-19T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643172.802:6457731): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:4a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643172.802:6457731): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:4a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643172.802:6457731): cwd=\"/\""}
{"ts": "2026-04-19T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643172.802:6457731): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"postgres\""}
{"ts": "2026-04-19T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643172.802:6457731): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643172.802:6457731): arch=c000003e syscall=59 success=yes exit=0 a0=70a639220288 a1=70a6392201e8 a2=70a639220208 a3=0 items=2 ppid=4040 pid=1270048 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643172.799:6457730): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-19T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643172.799:6457730): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:4a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643172.799:6457730): item=0 name=\"/bin/sh\" inode=8589166 dev=00:4a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643172.799:6457730): cwd=\"/\""}
{"ts": "2026-04-19T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643172.799:6457730): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-19T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643172.799:6457730): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643172.799:6457730): arch=c000003e syscall=59 success=yes exit=0 a0=c00018cf38 a1=c000022ac0 a2=c0001348c0 a3=0 items=2 ppid=1270024 pid=1270048 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643172.748:6457729): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643172.748:6457729): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643172.748:6457729): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:11f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643172.748:6457729): cwd=\"/var/lib/docker/rootfs/overlayfs/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39\""}
{"ts": "2026-04-19T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643172.748:6457729): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643172.748:6457729): arch=c000003e syscall=59 success=yes exit=0 a0=c0001cd890 a1=c0001d1350 a2=c0001d3c80 a3=0 items=2 ppid=1270024 pid=1270042 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643172.744:6457728): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643172.744:6457728): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643172.744:6457728): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643172.744:6457728): cwd=\"/var/lib/docker/rootfs/overlayfs/b6eef535505c5b5978589dbba58145ab00c51591158662921782e671fddde370\""}
{"ts": "2026-04-19T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643172.744:6457728): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643172.744:6457728): arch=c000003e syscall=59 success=yes exit=0 a0=c000280010 a1=c000286000 a2=c000288000 a3=0 items=2 ppid=1270021 pid=1270037 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643172.733:6457727): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36653065616135386161643139626438656463306639353565"}
{"ts": "2026-04-19T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643172.733:6457727): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643172.733:6457727): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643172.733:6457727): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39\""}
{"ts": "2026-04-19T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643172.733:6457727): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process4171038995\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39/b40859bb8f59f21c01da17e797e604f795a956b5445d07553ac4610f1e544def.pid\" a14=\"6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39\""}
{"ts": "2026-04-19T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643172.733:6457727): arch=c000003e syscall=59 success=yes exit=0 a0=c0002afb20 a1=c00036a800 a2=c00036a880 a3=0 items=2 ppid=4040 pid=1270024 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643172.726:6457726): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F62366565663533353530356335623539373835383964626261"}
{"ts": "2026-04-19T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643172.726:6457726): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643172.726:6457726): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643172.726:6457726): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/b6eef535505c5b5978589dbba58145ab00c51591158662921782e671fddde370\""}
{"ts": "2026-04-19T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643172.726:6457726): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/b6eef535505c5b5978589dbba58145ab00c51591158662921782e671fddde370/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1302017424\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/b6eef535505c5b5978589dbba58145ab00c51591158662921782e671fddde370/42d75da6918505f7fa26197dc6603b60599c59eb9788aee4a7b560b5054a900b.pid\" a14=\"b6eef535505c5b5978589dbba58145ab00c51591158662921782e671fddde370\""}
{"ts": "2026-04-19T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643172.726:6457726): arch=c000003e syscall=59 success=yes exit=0 a0=c000010d20 a1=c000312a80 a2=c000312b00 a3=0 items=2 ppid=5166 pid=1270021 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643171.559:6457725): proctitle=6A71002D2D7261772D6F7574707574002E737461747573"}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643171.559:6457725): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643171.559:6457725): item=0 name=\"/usr/bin/jq\" inode=7115963 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643171.559:6457725): cwd=\"/app\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643171.559:6457725): argc=3 a0=\"jq\" a1=\"--raw-output\" a2=\".status\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643171.559:6457725): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643171.559:6457725): arch=c000003e syscall=59 success=yes exit=0 a0=62d057cdc9a0 a1=62d057cdd280 a2=62d057cd9300 a3=8 items=2 ppid=1270017 pid=1270019 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"jq\" exe=\"/usr/bin/jq\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643171.559:6457724): proctitle=6375726C002D2D73696C656E7400687474703A2F2F3132372E302E302E313A38312F6170692F"}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643171.559:6457724): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643171.559:6457724): item=0 name=\"/usr/bin/curl\" inode=7115848 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643171.559:6457724): cwd=\"/app\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643171.559:6457724): argc=3 a0=\"curl\" a1=\"--silent\" a2=\"http://127.0.0.1:81/api/\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643171.559:6457724): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643171.559:6457724): arch=c000003e syscall=59 success=yes exit=0 a0=62d057cdc9d0 a1=62d057cdd2b0 a2=62d057cd9300 a3=8 items=2 ppid=1270017 pid=1270018 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"curl\" exe=\"/usr/bin/curl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643171.552:6457723): proctitle=2F62696E2F62617368002F62696E2F636865636B2D6865616C7468"}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643171.552:6457723): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643171.552:6457723): item=1 name=\"/bin/bash\" inode=6954383 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643171.552:6457723): item=0 name=\"/bin/check-health\" inode=8694993 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643171.552:6457723): cwd=\"/app\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643171.552:6457723): argc=2 a0=\"/bin/bash\" a1=\"/bin/check-health\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643171.552:6457723): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643171.552:6457723): arch=c000003e syscall=59 success=yes exit=0 a0=c000027518 a1=c00002ae00 a2=c00018c280 a3=0 items=3 ppid=5314 pid=1270011 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"check-health\" exe=\"/usr/bin/bash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643171.512:6457722): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643171.512:6457722): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643171.512:6457722): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643171.512:6457722): cwd=\"/var/lib/docker/rootfs/overlayfs/3d00cea9d890ac76ec9bbdca47f4d82e83b0a918911a118694314103c0f1ab42\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643171.512:6457722): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643171.512:6457722): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c58b0 a1=c0001c9350 a2=c0001cbc40 a3=0 items=2 ppid=1269999 pid=1270008 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643171.494:6457721): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F33643030636561396438393061633736656339626264636134"}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643171.494:6457721): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643171.494:6457721): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643171.494:6457721): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/3d00cea9d890ac76ec9bbdca47f4d82e83b0a918911a118694314103c0f1ab42\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643171.494:6457721): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/3d00cea9d890ac76ec9bbdca47f4d82e83b0a918911a118694314103c0f1ab42/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1259827646\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/3d00cea9d890ac76ec9bbdca47f4d82e83b0a918911a118694314103c0f1ab42/d2e49661abd321bf5e0bca97555a752a44f1104cd17da651e8124cf43d951426.pid\" a14=\"3d00cea9d890ac76ec9bbdca47f4d82e83b0a918911a118694314103c0f1ab42\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643171.494:6457721): arch=c000003e syscall=59 success=yes exit=0 a0=c00031af60 a1=c00030b580 a2=c00030b600 a3=0 items=2 ppid=5314 pid=1269999 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643171.437:6457720): proctitle=677265700077696E646D696C6C"}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643171.437:6457720): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:bf mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643171.437:6457720): item=0 name=\"/usr/bin/grep\" inode=8524666 dev=00:bf mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643171.437:6457720): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643171.437:6457720): argc=2 a0=\"grep\" a1=\"windmill\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643171.437:6457720): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643171.437:6457720): arch=c000003e syscall=59 success=yes exit=0 a0=5654150268a8 a1=565415026800 a2=565415026818 a3=43e77d8d1a365482 items=2 ppid=1269991 pid=1269998 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"grep\" exe=\"/usr/bin/grep\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643171.436:6457719): proctitle=707300617578"}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643171.436:6457719): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:bf mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643171.436:6457719): item=0 name=\"/usr/bin/ps\" inode=8576698 dev=00:bf mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643171.436:6457719): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643171.436:6457719): argc=2 a0=\"ps\" a1=\"aux\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643171.436:6457719): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643171.436:6457719): arch=c000003e syscall=59 success=yes exit=0 a0=565415026888 a1=5654150267e0 a2=5654150267f8 a3=43e77d8d1a365482 items=2 ppid=1269991 pid=1269997 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"ps\" exe=\"/usr/bin/ps\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643171.429:6457718): proctitle=2F62696E2F7368002D6300707320617578207C20677265702077696E646D696C6C207C7C20657869742031"}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643171.429:6457718): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:bf mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643171.429:6457718): item=0 name=\"/bin/sh\" inode=8524584 dev=00:bf mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643171.429:6457718): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643171.429:6457718): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=707320617578207C20677265702077696E646D696C6C207C7C20657869742031"}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643171.429:6457718): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643171.429:6457718): arch=c000003e syscall=59 success=yes exit=0 a0=c00017ef50 a1=c000022680 a2=c000114a20 a3=0 items=2 ppid=4905 pid=1269991 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/usr/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643171.390:6457717): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643171.390:6457717): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643171.390:6457717): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643171.390:6457717): cwd=\"/var/lib/docker/rootfs/overlayfs/beba1a544e568fe258b36536f8a2534b89a2940ed13c0d80d5f6bf1281bee1a6\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643171.390:6457717): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643171.390:6457717): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b850 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=1269978 pid=1269989 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643171.375:6457716): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F62656261316135343465353638666532353862333635333666"}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643171.375:6457716): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643171.375:6457716): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643171.375:6457716): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/beba1a544e568fe258b36536f8a2534b89a2940ed13c0d80d5f6bf1281bee1a6\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643171.375:6457716): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/beba1a544e568fe258b36536f8a2534b89a2940ed13c0d80d5f6bf1281bee1a6/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2812794136\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/beba1a544e568fe258b36536f8a2534b89a2940ed13c0d80d5f6bf1281bee1a6/be49937ce062c9d00ee5ae6abdb7c90771747a3c27e3d981fe38115a75aa5122.pid\" a14=\"beba1a544e568fe258b36536f8a2534b89a2940ed13c0d80d5f6bf1281bee1a6\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643171.375:6457716): arch=c000003e syscall=59 success=yes exit=0 a0=c0002d0ac0 a1=c0001b3e00 a2=c0001b3e80 a3=0 items=2 ppid=4905 pid=1269978 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643171.245:6457715): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643171.245:6457715): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=5809101 dev=00:7a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643171.245:6457715): item=0 name=\"/usr/local/bin/redis-cli\" inode=928088 dev=00:7a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643171.245:6457715): cwd=\"/data\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643171.245:6457715): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643171.245:6457715): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643171.245:6457715): arch=c000003e syscall=59 success=yes exit=0 a0=c0000289a0 a1=c0000d3350 a2=c0000db1c0 a3=0 items=2 ppid=1269959 pid=1269972 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643171.203:6457714): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643171.203:6457714): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643171.203:6457714): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643171.203:6457714): cwd=\"/var/lib/docker/rootfs/overlayfs/7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643171.203:6457714): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643171.203:6457714): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5880 a1=c0001c9350 a2=c0001cbc40 a3=0 items=2 ppid=1269959 pid=1269968 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643171.189:6457713): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F37653133646436663732366137623537636331343730633130"}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643171.189:6457713): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643171.189:6457713): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643171.189:6457713): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643171.189:6457713): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process413724545\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc/332fed249db6e37842a7506c6827e11cc5c7da6ff26d6b43bcf4e39ac3481d98.pid\" a14=\"7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643171.189:6457713): arch=c000003e syscall=59 success=yes exit=0 a0=c0002fc620 a1=c000312a80 a2=c000312f80 a3=0 items=2 ppid=4347 pid=1269959 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643171.163:6457712): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643171.163:6457712): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6694357 dev=00:42 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643171.163:6457712): item=0 name=\"/usr/local/bin/redis-cli\" inode=6703632 dev=00:42 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643171.163:6457712): cwd=\"/data\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643171.163:6457712): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643171.163:6457712): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643171.163:6457712): arch=c000003e syscall=59 success=yes exit=0 a0=c0000289a0 a1=c0000d5350 a2=c0000dd1c0 a3=0 items=2 ppid=1269939 pid=1269953 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643171.104:6457711): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643171.104:6457711): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643171.104:6457711): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643171.104:6457711): cwd=\"/var/lib/docker/rootfs/overlayfs/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643171.104:6457711): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643171.104:6457711): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3830 a1=c0001f7338 a2=c0001f9c00 a3=0 items=2 ppid=1269939 pid=1269949 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643171.092:6457710): proctitle=77676574002D2D737069646572002D7100687474703A2F2F3132372E302E302E313A383838382F"}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643171.092:6457710): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:5e mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643171.092:6457710): item=0 name=\"/usr/bin/wget\" inode=3454556 dev=00:5e mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643171.092:6457710): cwd=\"/data\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643171.092:6457710): argc=4 a0=\"wget\" a1=\"--spider\" a2=\"-q\" a3=\"http://127.0.0.1:8888/\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643171.092:6457710): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643171.092:6457710): arch=c000003e syscall=59 success=yes exit=0 a0=7551d444e400 a1=7551d444e3a8 a2=7551d444e3d0 a3=8080808080808080 items=2 ppid=1269932 pid=1269940 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643171.088:6457709): proctitle=2F62696E2F7368002D630077676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A383838382F207C7C20657869742031"}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643171.088:6457709): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:5e mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643171.088:6457709): item=0 name=\"/bin/sh\" inode=3454556 dev=00:5e mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643171.088:6457709): cwd=\"/data\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643171.088:6457709): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=77676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A383838382F207C7C20657869742031"}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643171.088:6457709): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643171.088:6457709): arch=c000003e syscall=59 success=yes exit=0 a0=c000196f58 a1=c000022680 a2=c0000226a0 a3=0 items=2 ppid=1269920 pid=1269932 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643171.086:6457708): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F34636330343638363065393965643463653631636334663763"}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643171.086:6457708): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643171.086:6457708): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643171.086:6457708): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643171.086:6457708): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process740940089\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d/71fac92ec2a86456f5cd526d78b348f9c87668a8abe43a9731ab5719d36916ed.pid\" a14=\"4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643171.086:6457708): arch=c000003e syscall=59 success=yes exit=0 a0=c0003ff6c0 a1=c00038a680 a2=c00038a700 a3=0 items=2 ppid=4510 pid=1269939 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643171.042:6457707): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643171.042:6457707): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643171.042:6457707): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643171.042:6457707): cwd=\"/var/lib/docker/rootfs/overlayfs/c48103391501718c1e33efc112f009053e72dcf4e7593e8a482be8a6e48d9c87\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643171.042:6457707): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643171.042:6457707): arch=c000003e syscall=59 success=yes exit=0 a0=c00024d870 a1=c000251350 a2=c000253c00 a3=0 items=2 ppid=1269920 pid=1269929 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643171.027:6457706): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F63343831303333393135303137313863316533336566633131"}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643171.027:6457706): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643171.027:6457706): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643171.027:6457706): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/c48103391501718c1e33efc112f009053e72dcf4e7593e8a482be8a6e48d9c87\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643171.027:6457706): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/c48103391501718c1e33efc112f009053e72dcf4e7593e8a482be8a6e48d9c87/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2630057515\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/c48103391501718c1e33efc112f009053e72dcf4e7593e8a482be8a6e48d9c87/f3b7ff96f73fa76094064c2a0970d5af2257d9011a610aabe6090ee2f2910a23.pid\" a14=\"c48103391501718c1e33efc112f009053e72dcf4e7593e8a482be8a6e48d9c87\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643171.027:6457706): arch=c000003e syscall=59 success=yes exit=0 a0=c00024c410 a1=c0002cf380 a2=c0002cf400 a3=0 items=2 ppid=3946 pid=1269920 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643171.010:6457705): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520617065785F75736572202D6420617065785F6462"}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643171.010:6457705): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:77 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643171.010:6457705): item=0 name=\"/usr/local/bin/pg_isready\" inode=6091069 dev=00:77 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643171.010:6457705): cwd=\"/\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643171.010:6457705): argc=5 a0=\"pg_isready\" a1=\"-U\" a2=\"apex_user\" a3=\"-d\" a4=\"apex_db\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643171.010:6457705): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643171.010:6457705): arch=c000003e syscall=59 success=yes exit=0 a0=700690ee13f8 a1=700690ee1278 a2=700690ee1378 a3=0 items=2 ppid=5169 pid=1269911 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643171.007:6457704): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520617065785F75736572202D6420617065785F6462"}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643171.007:6457704): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:77 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643171.007:6457704): item=0 name=\"/bin/sh\" inode=3454556 dev=00:77 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643171.007:6457704): cwd=\"/\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643171.007:6457704): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520617065785F75736572202D6420617065785F6462"}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643171.007:6457704): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643171.007:6457704): arch=c000003e syscall=59 success=yes exit=0 a0=c00019ef68 a1=c000022680 a2=c0001508c0 a3=0 items=2 ppid=1269897 pid=1269911 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643170.973:6457703): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520666F7267656A6F"}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643170.973:6457703): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:b3 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643170.973:6457703): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:b3 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643170.973:6457703): cwd=\"/\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643170.973:6457703): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"forgejo\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643170.973:6457703): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643170.973:6457703): arch=c000003e syscall=59 success=yes exit=0 a0=7f7bf1b37278 a1=7f7bf1b371d8 a2=7f7bf1b371f8 a3=8080808080808080 items=2 ppid=4749 pid=1269892 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643170.969:6457702): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520666F7267656A6F"}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643170.969:6457702): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:b3 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643170.969:6457702): item=0 name=\"/bin/sh\" inode=8589166 dev=00:b3 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643170.969:6457702): cwd=\"/\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643170.969:6457702): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520666F7267656A6F"}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643170.969:6457702): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643170.969:6457702): arch=c000003e syscall=59 success=yes exit=0 a0=c00017af38 a1=c000022ac0 a2=c0000b48c0 a3=0 items=2 ppid=1269880 pid=1269892 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643170.951:6457701): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643170.951:6457701): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643170.951:6457701): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:11f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643170.951:6457701): cwd=\"/var/lib/docker/rootfs/overlayfs/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643170.951:6457701): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643170.951:6457701): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b840 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=1269897 pid=1269908 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643170.935:6457700): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F63316638663937643533353936653936373532306466353366"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643170.935:6457700): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643170.935:6457700): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643170.935:6457700): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643170.935:6457700): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2996106011\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83/7e3b6a40d3e87f284bd7c6a384890070a5bdc2361be7bedae8f621c7d108923d.pid\" a14=\"c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643170.935:6457700): arch=c000003e syscall=59 success=yes exit=0 a0=c00017ab60 a1=c000250b00 a2=c000250b80 a3=0 items=2 ppid=5169 pid=1269897 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643170.920:6457699): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643170.920:6457699): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643170.920:6457699): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643170.920:6457699): cwd=\"/var/lib/docker/rootfs/overlayfs/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643170.920:6457699): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643170.920:6457699): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5890 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=1269880 pid=1269890 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643170.903:6457698): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F32636464336430383963393436373631633432633763666334"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643170.903:6457698): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643170.903:6457698): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643170.903:6457698): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643170.903:6457698): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3319274029\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251/619ace9b9932ea2424ee1ef2183d7ad4522ee99e14b1f6ef4960038351e8dce9.pid\" a14=\"2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643170.903:6457698): arch=c000003e syscall=59 success=yes exit=0 a0=c0000fac70 a1=c0002ea680 a2=c0002ea900 a3=0 items=2 ppid=4749 pid=1269880 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643170.880:6457697): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643170.880:6457697): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643170.880:6457697): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643170.880:6457697): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643170.880:6457697): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643170.880:6457697): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643170.880:6457697): arch=c000003e syscall=59 success=yes exit=0 a0=7276055e5d60 a1=7275b0e0ad80 a2=5d751c63aa40 a3=8 items=2 ppid=6449 pid=1269879 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643170.880:6457696): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643170.880:6457696): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643170.880:6457696): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643170.880:6457696): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b0e0ad80 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1269879 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643170.880:6457695): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643170.880:6457695): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643170.880:6457695): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643170.880:6457695): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b0e0ad80 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1269879 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643170.880:6457694): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643170.880:6457694): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643170.880:6457694): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643170.880:6457694): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b0e0ad80 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1269879 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643170.880:6457693): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643170.880:6457693): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643170.880:6457693): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643170.880:6457693): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b0e0ad80 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1269879 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643170.880:6457692): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643170.880:6457692): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643170.880:6457692): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643170.880:6457692): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b0e0ad80 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1269879 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643170.880:6457691): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643170.880:6457691): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643170.880:6457691): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643170.880:6457691): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b0e0ad80 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1269879 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643170.877:6457690): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643170.877:6457690): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643170.877:6457690): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643170.877:6457690): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643170.877:6457690): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643170.877:6457690): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643170.877:6457690): arch=c000003e syscall=59 success=yes exit=0 a0=7276055e5d60 a1=72756be6dc80 a2=5d751c63aa40 a3=8 items=2 ppid=6449 pid=1269878 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643170.877:6457689): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643170.877:6457689): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643170.877:6457689): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643170.877:6457689): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=72756be6dc80 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1269878 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643170.877:6457688): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643170.877:6457688): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643170.877:6457688): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643170.877:6457688): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=72756be6dc80 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1269878 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643170.877:6457687): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643170.877:6457687): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643170.877:6457687): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643170.877:6457687): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=72756be6dc80 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1269878 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643170.877:6457686): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643170.877:6457686): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643170.877:6457686): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643170.877:6457686): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=72756be6dc80 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1269878 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643170.877:6457685): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643170.877:6457685): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643170.877:6457685): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643170.877:6457685): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=72756be6dc80 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1269878 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643170.877:6457684): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643170.877:6457684): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643170.877:6457684): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643170.877:6457684): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=72756be6dc80 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1269878 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643170.875:6457683): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643170.875:6457683): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643170.875:6457683): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643170.875:6457683): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643170.875:6457683): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643170.875:6457683): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643170.875:6457683): arch=c000003e syscall=59 success=yes exit=0 a0=7276055e5d60 a1=72756be6df80 a2=5d751c63aa40 a3=8 items=2 ppid=6449 pid=1269877 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643170.874:6457682): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643170.874:6457682): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643170.874:6457682): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643170.874:6457682): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=72756be6df80 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1269877 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643170.874:6457681): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643170.874:6457681): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643170.874:6457681): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643170.874:6457681): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=72756be6df80 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1269877 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643170.874:6457680): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643170.874:6457680): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643170.874:6457680): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643170.874:6457680): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=72756be6df80 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1269877 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643170.874:6457679): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643170.874:6457679): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643170.874:6457679): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643170.874:6457679): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=72756be6df80 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1269877 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643170.874:6457678): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643170.874:6457678): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643170.874:6457678): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643170.874:6457678): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=72756be6df80 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1269877 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643170.874:6457677): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643170.874:6457677): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643170.874:6457677): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643170.874:6457677): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=72756be6df80 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1269877 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643170.598:6457676): proctitle=77676574002D2D7175696574002D2D6E6F2D636865636B2D6365727469666963617465002D2D74726965733D31002D2D73706964657200687474703A2F2F6C6F63616C686F73743A393039312F6170692F6865616C7468"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643170.598:6457676): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=3678029 dev=00:38 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643170.598:6457676): item=0 name=\"/usr/bin/wget\" inode=3677985 dev=00:38 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643170.598:6457676): cwd=\"/app\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643170.598:6457676): argc=6 a0=\"wget\" a1=\"--quiet\" a2=\"--no-check-certificate\" a3=\"--tries=1\" a4=\"--spider\" a5=\"http://localhost:9091/api/health\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643170.598:6457676): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643170.598:6457676): arch=c000003e syscall=59 success=yes exit=0 a0=61d4edfabcb0 a1=61d4edfabc28 a2=61d4edfabc60 a3=714ebc0b5b38 items=2 ppid=1269869 pid=1269876 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/usr/bin/wget\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643170.592:6457675): proctitle=2F62696E2F7368002F6170702F6865616C7468636865636B2E7368"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643170.592:6457675): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=3678029 dev=00:38 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643170.592:6457675): item=1 name=\"/bin/sh\" inode=3675124 dev=00:38 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643170.592:6457675): item=0 name=\"/app/healthcheck.sh\" inode=3682079 dev=00:38 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643170.592:6457675): cwd=\"/app\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643170.592:6457675): argc=2 a0=\"/bin/sh\" a1=\"/app/healthcheck.sh\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643170.592:6457675): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643170.592:6457675): arch=c000003e syscall=59 success=yes exit=0 a0=c0000274b8 a1=c00002ae00 a2=c0000db1c0 a3=0 items=3 ppid=13558 pid=1269869 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"healthcheck.sh\" exe=\"/bin/sh\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643170.565:6457674): proctitle=77676574002D2D6E6F2D766572626F7365002D2D74726965733D31002D2D73706964657200687474703A2F2F6C6F63616C686F73743A393039312F6170692F6865616C7468"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643170.565:6457674): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=3678029 dev=00:9d mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643170.565:6457674): item=0 name=\"/usr/bin/wget\" inode=3677985 dev=00:9d mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643170.565:6457674): cwd=\"/app\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643170.565:6457674): argc=5 a0=\"wget\" a1=\"--no-verbose\" a2=\"--tries=1\" a3=\"--spider\" a4=\"http://localhost:9091/api/health\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643170.565:6457674): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643170.565:6457674): arch=c000003e syscall=59 success=yes exit=0 a0=64c7c8b485c0 a1=64c7c8b48540 a2=64c7c8b48570 a3=7461b41f3b38 items=2 ppid=1269850 pid=1269875 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/usr/bin/wget\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643170.560:6457673): proctitle=2F62696E2F7368002D630077676574202D2D6E6F2D766572626F7365202D2D74726965733D31202D2D73706964657220687474703A2F2F6C6F63616C686F73743A393039312F6170692F6865616C7468207C7C20657869742031"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643170.560:6457673): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=3678029 dev=00:9d mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643170.560:6457673): item=0 name=\"/bin/sh\" inode=3675124 dev=00:9d mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643170.560:6457673): cwd=\"/app\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643170.560:6457673): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=77676574202D2D6E6F2D766572626F7365202D2D74726965733D31202D2D73706964657220687474703A2F2F6C6F63616C686F73743A393039312F6170692F6865616C7468207C7C20657869742031"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643170.560:6457673): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643170.560:6457673): arch=c000003e syscall=59 success=yes exit=0 a0=c000196ea8 a1=c000022660 a2=c000165200 a3=0 items=2 ppid=5102 pid=1269850 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/sh\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643170.546:6457672): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643170.546:6457672): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643170.546:6457672): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:11f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643170.546:6457672): cwd=\"/var/lib/docker/rootfs/overlayfs/ab66ea4fa101df5daa4db29a135e222c8752757eb5ed52c6491a93f0b73700af\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643170.546:6457672): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643170.546:6457672): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c58a0 a1=c0001c9350 a2=c0001cbc40 a3=0 items=2 ppid=1269856 pid=1269865 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643170.532:6457671): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F61623636656134666131303164663564616134646232396131"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643170.532:6457671): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643170.532:6457671): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643170.532:6457671): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/ab66ea4fa101df5daa4db29a135e222c8752757eb5ed52c6491a93f0b73700af\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643170.532:6457671): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/ab66ea4fa101df5daa4db29a135e222c8752757eb5ed52c6491a93f0b73700af/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process70703227\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/ab66ea4fa101df5daa4db29a135e222c8752757eb5ed52c6491a93f0b73700af/0b21ed25d3204c796ef535bd4cefd4586d87ae3b94181e04db5c94103a44961a.pid\" a14=\"ab66ea4fa101df5daa4db29a135e222c8752757eb5ed52c6491a93f0b73700af\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643170.532:6457671): arch=c000003e syscall=59 success=yes exit=0 a0=c0001a0b30 a1=c0001fe700 a2=c0001fe780 a3=0 items=2 ppid=13558 pid=1269856 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643170.511:6457670): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643170.511:6457670): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643170.511:6457670): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643170.511:6457670): cwd=\"/var/lib/docker/rootfs/overlayfs/dded6b49287cffb7eb9d3e0e8fcca16ac4bcfe7f6ea4331cbfc92babc5585263\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643170.511:6457670): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643170.511:6457670): arch=c000003e syscall=59 success=yes exit=0 a0=c0002029f0 a1=c000208168 a2=c000218280 a3=0 items=2 ppid=1269838 pid=1269848 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643170.481:6457669): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F64646564366234393238376366666237656239643365306538"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643170.481:6457669): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643170.481:6457669): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643170.481:6457669): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/dded6b49287cffb7eb9d3e0e8fcca16ac4bcfe7f6ea4331cbfc92babc5585263\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643170.481:6457669): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/dded6b49287cffb7eb9d3e0e8fcca16ac4bcfe7f6ea4331cbfc92babc5585263/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3412601822\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/dded6b49287cffb7eb9d3e0e8fcca16ac4bcfe7f6ea4331cbfc92babc5585263/a871c93fc352f0133dea062eb989350e895e8238e66d521080fc3a8070ef62df.pid\" a14=\"dded6b49287cffb7eb9d3e0e8fcca16ac4bcfe7f6ea4331cbfc92babc5585263\""}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643170.481:6457669): arch=c000003e syscall=59 success=yes exit=0 a0=c0002407a0 a1=c0001f2280 a2=c0001f2300 a3=0 items=2 ppid=5102 pid=1269838 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643168.958:6457668): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.958:6457668): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:bf mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.958:6457668): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:bf mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643168.958:6457668): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643168.958:6457668): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643168.958:6457668): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643168.958:6457668): arch=c000003e syscall=59 success=yes exit=0 a0=7cf488ec7d60 a1=7cf439405000 a2=570e063f2a40 a3=8 items=2 ppid=6698 pid=1269837 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643168.958:6457667): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.958:6457667): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643168.958:6457667): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643168.958:6457667): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ec7d60 a1=7cf439405000 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1269837 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643168.958:6457666): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.958:6457666): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643168.958:6457666): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643168.958:6457666): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ec7d60 a1=7cf439405000 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1269837 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643168.958:6457665): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.958:6457665): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643168.958:6457665): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643168.958:6457665): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ec7d60 a1=7cf439405000 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1269837 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643168.958:6457664): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.958:6457664): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643168.958:6457664): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643168.958:6457664): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ec7d60 a1=7cf439405000 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1269837 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643168.958:6457663): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.958:6457663): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643168.958:6457663): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643168.958:6457663): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ec7d60 a1=7cf439405000 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1269837 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643168.957:6457662): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.957:6457662): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643168.957:6457662): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643168.957:6457662): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ec7d60 a1=7cf439405000 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1269837 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643168.954:6457661): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.954:6457661): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:bf mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.954:6457661): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:bf mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643168.954:6457661): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643168.954:6457661): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643168.954:6457661): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643168.954:6457661): arch=c000003e syscall=59 success=yes exit=0 a0=7cf488ec7d60 a1=7cf439403f80 a2=570e063f2a40 a3=8 items=2 ppid=6698 pid=1269835 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643168.954:6457660): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.954:6457660): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643168.954:6457660): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643168.954:6457660): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ec7d60 a1=7cf439403f80 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1269835 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643168.954:6457659): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.954:6457659): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643168.954:6457659): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643168.954:6457659): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ec7d60 a1=7cf439403f80 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1269835 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643168.954:6457658): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.954:6457658): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643168.954:6457658): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643168.954:6457658): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ec7d60 a1=7cf439403f80 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1269835 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643168.954:6457657): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.954:6457657): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643168.954:6457657): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643168.954:6457657): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ec7d60 a1=7cf439403f80 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1269835 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643168.954:6457656): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.954:6457656): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643168.954:6457656): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643168.954:6457656): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ec7d60 a1=7cf439403f80 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1269835 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643168.954:6457655): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.954:6457655): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643168.954:6457655): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643168.954:6457655): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ec7d60 a1=7cf439403f80 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1269835 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643168.950:6457654): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.950:6457654): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:bf mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.950:6457654): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:bf mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643168.950:6457654): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643168.950:6457654): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643168.950:6457654): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643168.950:6457654): arch=c000003e syscall=59 success=yes exit=0 a0=7cf488ec7d60 a1=7cf439403fe0 a2=570e063f2a40 a3=8 items=2 ppid=6698 pid=1269834 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643168.950:6457653): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.950:6457653): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643168.950:6457653): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643168.950:6457653): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ec7d60 a1=7cf439403fe0 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1269834 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643168.950:6457652): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.950:6457652): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643168.950:6457652): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643168.950:6457652): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ec7d60 a1=7cf439403fe0 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1269834 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643168.950:6457651): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.950:6457651): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643168.950:6457651): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643168.950:6457651): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ec7d60 a1=7cf439403fe0 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1269834 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643168.949:6457650): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.949:6457650): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643168.949:6457650): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643168.949:6457650): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ec7d60 a1=7cf439403fe0 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1269834 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643168.949:6457649): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.949:6457649): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643168.949:6457649): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643168.949:6457649): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ec7d60 a1=7cf439403fe0 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1269834 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643168.949:6457648): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.949:6457648): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643168.949:6457648): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643168.949:6457648): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ec7d60 a1=7cf439403fe0 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1269834 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643168.711:6457647): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.711:6457647): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.711:6457647): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643168.711:6457647): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643168.711:6457647): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643168.711:6457647): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643168.711:6457647): arch=c000003e syscall=59 success=yes exit=0 a0=75b00d839d60 a1=75afebc00880 a2=572859f88650 a3=8 items=2 ppid=6470 pid=1269832 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643168.711:6457646): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.711:6457646): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643168.711:6457646): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643168.711:6457646): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00880 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1269832 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643168.711:6457645): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.711:6457645): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643168.711:6457645): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643168.711:6457645): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00880 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1269832 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643168.711:6457644): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.711:6457644): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643168.711:6457644): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643168.711:6457644): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00880 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1269832 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643168.711:6457643): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.711:6457643): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643168.711:6457643): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643168.711:6457643): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00880 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1269832 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643168.711:6457642): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.711:6457642): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643168.711:6457642): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643168.711:6457642): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00880 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1269832 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643168.711:6457641): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.711:6457641): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643168.711:6457641): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643168.711:6457641): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00880 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1269832 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643168.708:6457640): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.708:6457640): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.708:6457640): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643168.708:6457640): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643168.708:6457640): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643168.708:6457640): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643168.708:6457640): arch=c000003e syscall=59 success=yes exit=0 a0=75b00d839d60 a1=75afebc00860 a2=572859f88650 a3=8 items=2 ppid=6470 pid=1269831 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643168.708:6457639): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.708:6457639): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643168.708:6457639): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643168.708:6457639): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00860 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1269831 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643168.708:6457638): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.708:6457638): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643168.708:6457638): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643168.708:6457638): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00860 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1269831 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643168.708:6457637): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.708:6457637): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643168.708:6457637): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643168.708:6457637): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00860 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1269831 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643168.708:6457636): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.708:6457636): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643168.708:6457636): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643168.708:6457636): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00860 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1269831 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643168.707:6457635): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.707:6457635): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643168.707:6457635): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643168.707:6457635): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00860 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1269831 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643168.707:6457634): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.707:6457634): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643168.707:6457634): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643168.707:6457634): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00860 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1269831 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643168.704:6457633): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.704:6457633): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.704:6457633): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643168.704:6457633): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643168.704:6457633): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643168.704:6457633): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643168.704:6457633): arch=c000003e syscall=59 success=yes exit=0 a0=75b00d839d60 a1=75afebc00820 a2=572859f88650 a3=8 items=2 ppid=6470 pid=1269830 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643168.704:6457632): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.704:6457632): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643168.704:6457632): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643168.704:6457632): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00820 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1269830 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643168.704:6457631): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.704:6457631): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643168.704:6457631): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643168.704:6457631): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00820 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1269830 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643168.704:6457630): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.704:6457630): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643168.704:6457630): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643168.704:6457630): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00820 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1269830 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643168.704:6457629): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.704:6457629): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643168.704:6457629): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643168.704:6457629): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00820 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1269830 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643168.704:6457628): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.704:6457628): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643168.704:6457628): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643168.704:6457628): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00820 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1269830 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643168.704:6457627): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.704:6457627): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643168.704:6457627): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643168.704:6457627): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75afebc00820 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1269830 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643168.537:6457626): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.537:6457626): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:ad mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.537:6457626): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:ad mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643168.537:6457626): cwd=\"/\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643168.537:6457626): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"postgres\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643168.537:6457626): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643168.537:6457626): arch=c000003e syscall=59 success=yes exit=0 a0=7560544c6288 a1=7560544c61e8 a2=7560544c6208 a3=0 items=2 ppid=5688 pid=1269823 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643168.534:6457625): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.534:6457625): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:ad mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.534:6457625): item=0 name=\"/bin/sh\" inode=8589166 dev=00:ad mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643168.534:6457625): cwd=\"/\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643168.534:6457625): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643168.534:6457625): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643168.534:6457625): arch=c000003e syscall=59 success=yes exit=0 a0=c00018af48 a1=c000022ac0 a2=c0001348c0 a3=0 items=2 ppid=1269810 pid=1269823 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643168.490:6457624): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.490:6457624): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.490:6457624): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643168.490:6457624): cwd=\"/var/lib/docker/rootfs/overlayfs/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643168.490:6457624): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643168.490:6457624): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b850 a1=c00017f338 a2=c000201c40 a3=0 items=2 ppid=1269810 pid=1269819 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643168.476:6457623): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36373039376639343730643235616536323333306332373865"}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.476:6457623): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.476:6457623): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643168.476:6457623): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643168.476:6457623): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1796934172\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41/e86ef9b43c9d9ca95beb94cb76e430cb38b70136148b59f26e926132e76cda3a.pid\" a14=\"67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643168.476:6457623): arch=c000003e syscall=59 success=yes exit=0 a0=c000382d00 a1=c0002b0e80 a2=c0002b0f00 a3=0 items=2 ppid=5688 pid=1269810 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643168.272:6457622): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520646F63757365616C"}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.272:6457622): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:a3 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.272:6457622): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:a3 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643168.272:6457622): cwd=\"/\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643168.272:6457622): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"docuseal\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643168.272:6457622): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643168.272:6457622): arch=c000003e syscall=59 success=yes exit=0 a0=752760943288 a1=7527609431e8 a2=752760943208 a3=0 items=2 ppid=1269790 pid=1269803 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643168.268:6457621): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520646F63757365616C"}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.268:6457621): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:a3 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.268:6457621): item=0 name=\"/bin/sh\" inode=8589166 dev=00:a3 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643168.268:6457621): cwd=\"/\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643168.268:6457621): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520646F63757365616C"}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643168.268:6457621): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643168.268:6457621): arch=c000003e syscall=59 success=yes exit=0 a0=c000196f68 a1=c000022680 a2=c0000d88c0 a3=0 items=2 ppid=1269790 pid=1269803 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643168.222:6457620): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.222:6457620): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.222:6457620): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643168.222:6457620): cwd=\"/var/lib/docker/rootfs/overlayfs/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643168.222:6457620): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643168.222:6457620): arch=c000003e syscall=59 success=yes exit=0 a0=c000245890 a1=c000249350 a2=c00024bc80 a3=0 items=2 ppid=1269790 pid=1269799 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643168.208:6457619): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F33363066643730616536656237636435653039353463653966"}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.208:6457619): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643168.208:6457619): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643168.208:6457619): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643168.208:6457619): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process609990318\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a/c09cb567c63be68523dc8fc5cd95e58947a253fc718b65b835dd28f799b429fd.pid\" a14=\"360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643168.208:6457619): arch=c000003e syscall=59 success=yes exit=0 a0=c0000115b0 a1=c000201300 a2=c000201380 a3=0 items=2 ppid=5572 pid=1269790 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643167.389:6457618): proctitle=6373636C69006D657472696373"}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643167.389:6457618): item=0 name=\"/usr/local/bin/cscli\" inode=7117508 dev=00:60 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643167.389:6457618): cwd=\"/\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643167.389:6457618): argc=2 a0=\"cscli\" a1=\"metrics\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643167.389:6457618): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643167.389:6457618): arch=c000003e syscall=59 success=yes exit=0 a0=c0000271b8 a1=c00009f350 a2=c0001558f0 a3=0 items=1 ppid=5108 pid=1269772 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cscli\" exe=\"/usr/local/bin/cscli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643167.346:6457617): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643167.346:6457617): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643167.346:6457617): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643167.346:6457617): cwd=\"/var/lib/docker/rootfs/overlayfs/6e240b3263a20143aa4d507e566bf8e51d46fe0f910bdfa8ddefa9a2f73124d3\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643167.346:6457617): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643167.346:6457617): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b840 a1=c00017f338 a2=c000181c00 a3=0 items=2 ppid=1269759 pid=1269769 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643167.331:6457616): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36653234306233323633613230313433616134643530376535"}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643167.331:6457616): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643167.331:6457616): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643167.331:6457616): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e240b3263a20143aa4d507e566bf8e51d46fe0f910bdfa8ddefa9a2f73124d3\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643167.331:6457616): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e240b3263a20143aa4d507e566bf8e51d46fe0f910bdfa8ddefa9a2f73124d3/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1305462748\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e240b3263a20143aa4d507e566bf8e51d46fe0f910bdfa8ddefa9a2f73124d3/7ae79fe77672331107dd6f0f6056fef4d23683468dd8893816180d4e4b7a31d4.pid\" a14=\"6e240b3263a20143aa4d507e566bf8e51d46fe0f910bdfa8ddefa9a2f73124d3\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643167.331:6457616): arch=c000003e syscall=59 success=yes exit=0 a0=c000010530 a1=c0001b2e80 a2=c0001b3480 a3=0 items=2 ppid=5108 pid=1269759 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643167.303:6457615): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643167.303:6457615): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6694357 dev=00:4b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643167.303:6457615): item=0 name=\"/usr/local/bin/redis-cli\" inode=6703632 dev=00:4b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643167.303:6457615): cwd=\"/data\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643167.303:6457615): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643167.303:6457615): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643167.303:6457615): arch=c000003e syscall=59 success=yes exit=0 a0=c000028760 a1=c0000a5350 a2=c0001651c0 a3=0 items=2 ppid=1269741 pid=1269753 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643167.254:6457614): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643167.254:6457614): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643167.254:6457614): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643167.254:6457614): cwd=\"/var/lib/docker/rootfs/overlayfs/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643167.254:6457614): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643167.254:6457614): arch=c000003e syscall=59 success=yes exit=0 a0=c0001eb830 a1=c0001ef338 a2=c0001f1c00 a3=0 items=2 ppid=1269741 pid=1269751 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643167.236:6457613): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F34383062353761303034306362373564646534356436663664"}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643167.236:6457613): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643167.236:6457613): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643167.236:6457613): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643167.236:6457613): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2200347305\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af/592a9799f0392b5da779d5fc8e53745ecd3e4447ceaff808b4acdd237ef1ba18.pid\" a14=\"480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643167.236:6457613): arch=c000003e syscall=59 success=yes exit=0 a0=c00034f760 a1=c00038cb80 a2=c00038cc00 a3=0 items=2 ppid=5107 pid=1269741 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643167.068:6457612): proctitle=2F62696E2F7368002D630070675F69737265616479202D552074797065626F74"}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643167.068:6457612): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:85 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643167.068:6457612): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:85 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643167.068:6457612): cwd=\"/\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643167.068:6457612): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"typebot\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643167.068:6457612): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643167.068:6457612): arch=c000003e syscall=59 success=yes exit=0 a0=7eb399eee278 a1=7eb399eee1d8 a2=7eb399eee1f8 a3=8080808080808080 items=2 ppid=4609 pid=1269724 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643167.064:6457611): proctitle=2F62696E2F7368002D630070675F69737265616479202D552074797065626F74"}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643167.064:6457611): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:85 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643167.064:6457611): item=0 name=\"/bin/sh\" inode=8589166 dev=00:85 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643167.064:6457611): cwd=\"/\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643167.064:6457611): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552074797065626F74"}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643167.064:6457611): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643167.064:6457611): arch=c000003e syscall=59 success=yes exit=0 a0=c000196f68 a1=c000022680 a2=c0000d88c0 a3=0 items=2 ppid=4609 pid=1269724 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643167.062:6457610): proctitle=2F62696E2F7368002D630070675F69737265616479202D552077696E646D696C6C5F75736572202D642077696E646D696C6C5F6462"}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643167.062:6457610): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643167.062:6457610): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643167.062:6457610): cwd=\"/\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643167.062:6457610): argc=5 a0=\"pg_isready\" a1=\"-U\" a2=\"windmill_user\" a3=\"-d\" a4=\"windmill_db\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643167.062:6457610): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643167.062:6457610): arch=c000003e syscall=59 success=yes exit=0 a0=750dd2d913f8 a1=750dd2d91290 a2=750dd2d91378 a3=0 items=2 ppid=4404 pid=1269734 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643167.059:6457609): proctitle=2F62696E2F7368002D630070675F69737265616479202D552077696E646D696C6C5F75736572202D642077696E646D696C6C5F6462"}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643167.059:6457609): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643167.059:6457609): item=0 name=\"/bin/sh\" inode=8589166 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643167.059:6457609): cwd=\"/\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643167.059:6457609): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552077696E646D696C6C5F75736572202D642077696E646D696C6C5F6462"}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643167.059:6457609): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643167.059:6457609): arch=c000003e syscall=59 success=yes exit=0 a0=c00017cf38 a1=c000022ac0 a2=c0000b48c0 a3=0 items=2 ppid=1269703 pid=1269734 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643167.019:6457608): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643167.019:6457608): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643167.019:6457608): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:11f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643167.019:6457608): cwd=\"/var/lib/docker/rootfs/overlayfs/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643167.019:6457608): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643167.019:6457608): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5890 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=1269703 pid=1269725 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643167.014:6457607): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643167.014:6457607): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643167.014:6457607): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643167.014:6457607): cwd=\"/var/lib/docker/rootfs/overlayfs/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643167.014:6457607): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643167.014:6457607): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b840 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=1269702 pid=1269717 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643167.003:6457606): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F32613336356335636263646565393463656638656238333338"}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643167.003:6457606): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643167.003:6457606): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643167.003:6457606): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643167.003:6457606): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2586090098\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c/2546407bda27497a61a4c4978a1c5e0756af1537887622c3ba28c2fc487315f9.pid\" a14=\"2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643167.003:6457606): arch=c000003e syscall=59 success=yes exit=0 a0=c000099950 a1=c00047c080 a2=c00047c100 a3=0 items=2 ppid=4404 pid=1269703 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643166.997:6457605): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F61353866643439636235323962633263336335663434343763"}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643166.997:6457605): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643166.997:6457605): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643166.997:6457605): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643166.997:6457605): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process4120312409\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b/269b2cd6201d7bec41ecec2b447f6165cc29ad2bdd3bfbf769e9851588f1f5d4.pid\" a14=\"a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b\""}
{"ts": "2026-04-19T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643166.997:6457605): arch=c000003e syscall=59 success=yes exit=0 a0=c0003231d0 a1=c000104e00 a2=c000104e80 a3=0 items=2 ppid=4609 pid=1269702 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643166.528:6457604): proctitle=6E6F6465002D65007265717569726528276874747027292E6765742827687474703A2F2F27202B207265717569726528276F7327292E686F73746E616D652829202B20273A333030302F272C2072203D3E2070726F636573732E657869742828722E737461747573436F6465203D3D3D20323030207C7C20722E737461747573"}
{"ts": "2026-04-19T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643166.528:6457604): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6834212 dev=00:62 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643166.528:6457604): item=0 name=\"/usr/local/bin/node\" inode=6881221 dev=00:62 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643166.528:6457604): cwd=\"/app\""}
{"ts": "2026-04-19T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643166.528:6457604): argc=3 a0=\"node\" a1=\"-e\" a2=7265717569726528276874747027292E6765742827687474703A2F2F27202B207265717569726528276F7327292E686F73746E616D652829202B20273A333030302F272C2072203D3E2070726F636573732E657869742828722E737461747573436F6465203D3D3D20323030207C7C20722E737461747573436F6465203D3D3D2033303729203F2030203A203129292E6F6E28276572726F72272C202829203D3E2070726F636573732E6578697428312929"}
{"ts": "2026-04-19T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643166.528:6457604): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643166.528:6457604): arch=c000003e syscall=59 success=yes exit=0 a0=557f79ff0c68 a1=557f79ff08f8 a2=557f79ff0ba8 a3=8 items=2 ppid=1269681 pid=1269687 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"node\" exe=\"/usr/local/bin/node\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643166.524:6457603): proctitle=2F62696E2F7368002D63006E6F6465202D6520227265717569726528276874747027292E6765742827687474703A2F2F27202B207265717569726528276F7327292E686F73746E616D652829202B20273A333030302F272C2072203D3E2070726F636573732E657869742828722E737461747573436F6465203D3D3D20323030"}
{"ts": "2026-04-19T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643166.524:6457603): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6834212 dev=00:62 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643166.524:6457603): item=0 name=\"/bin/sh\" inode=6832457 dev=00:62 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643166.524:6457603): cwd=\"/app\""}
{"ts": "2026-04-19T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643166.524:6457603): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=6E6F6465202D6520227265717569726528276874747027292E6765742827687474703A2F2F27202B207265717569726528276F7327292E686F73746E616D652829202B20273A333030302F272C2072203D3E2070726F636573732E657869742828722E737461747573436F6465203D3D3D20323030207C7C20722E737461747573436F6465203D3D3D2033303729203F2030203A203129292E6F6E28276572726F72272C202829203D3E2070726F636573732E657869742831292922"}
{"ts": "2026-04-19T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643166.524:6457603): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643166.524:6457603): arch=c000003e syscall=59 success=yes exit=0 a0=c00018ced8 a1=c000022ac0 a2=c000120240 a3=0 items=2 ppid=1269669 pid=1269681 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643166.480:6457602): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643166.480:6457602): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643166.480:6457602): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643166.480:6457602): cwd=\"/var/lib/docker/rootfs/overlayfs/62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638\""}
{"ts": "2026-04-19T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643166.480:6457602): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643166.480:6457602): arch=c000003e syscall=59 success=yes exit=0 a0=c0001eb860 a1=c0001ef338 a2=c0001f1c40 a3=0 items=2 ppid=1269669 pid=1269679 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643166.466:6457601): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36326666313836633935353866356138376238373161616432"}
{"ts": "2026-04-19T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643166.466:6457601): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643166.466:6457601): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643166.466:6457601): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638\""}
{"ts": "2026-04-19T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643166.466:6457601): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1358350597\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638/f096ac32e37f18efb67478b2c4fefe95cb42b8842b63db167647f6e17d47d7c7.pid\" a14=\"62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638\""}
{"ts": "2026-04-19T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643166.466:6457601): arch=c000003e syscall=59 success=yes exit=0 a0=c0000cebb0 a1=c000306c80 a2=c000306d00 a3=0 items=2 ppid=5827 pid=1269669 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643165.831:6457600): proctitle=67726570003A30424238002F70726F632F6E65742F746370"}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643165.831:6457600): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6834212 dev=00:78 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643165.831:6457600): item=0 name=\"/bin/grep\" inode=6832538 dev=00:78 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643165.831:6457600): cwd=\"/app\""}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643165.831:6457600): argc=3 a0=\"grep\" a1=\":0BB8\" a2=\"/proc/net/tcp\""}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643165.831:6457600): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643165.831:6457600): arch=c000003e syscall=59 success=yes exit=0 a0=60eaf92b8758 a1=60eac1cdd990 a2=60eaf92b86e8 a3=8 items=2 ppid=1269661 pid=1269668 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"grep\" exe=\"/bin/grep\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643165.828:6457599): proctitle=2F62696E2F7368002D630067726570203A30424238202F70726F632F6E65742F746370207C7C20657869742031"}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643165.828:6457599): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6834212 dev=00:78 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643165.828:6457599): item=0 name=\"/bin/sh\" inode=6832457 dev=00:78 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643165.828:6457599): cwd=\"/app\""}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643165.828:6457599): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=67726570203A30424238202F70726F632F6E65742F746370207C7C20657869742031"}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643165.828:6457599): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643165.828:6457599): arch=c000003e syscall=59 success=yes exit=0 a0=c0001b0ee8 a1=c000022680 a2=c0001588c0 a3=0 items=2 ppid=1269648 pid=1269661 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643165.786:6457598): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643165.786:6457598): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643165.786:6457598): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643165.786:6457598): cwd=\"/var/lib/docker/rootfs/overlayfs/99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2\""}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643165.786:6457598): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643165.786:6457598): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5890 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=1269648 pid=1269657 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643165.771:6457597): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F39393735326335353431306262366163653365353739303464"}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643165.771:6457597): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643165.771:6457597): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643165.771:6457597): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2\""}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643165.771:6457597): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process941059093\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2/a1bb458476141c88cbd84479c2109359665ed388d3e349c723505b0fe6e44c48.pid\" a14=\"99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2\""}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643165.771:6457597): arch=c000003e syscall=59 success=yes exit=0 a0=c00013eaf0 a1=c000207480 a2=c000207500 a3=0 items=2 ppid=5199 pid=1269648 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643165.284:6457596): proctitle=6375726C002D6600687474703A2F2F6C6F63616C686F73743A31373137302F"}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643165.284:6457596): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3566853 dev=00:81 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643165.284:6457596): item=0 name=\"/usr/bin/curl\" inode=3574788 dev=00:81 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643165.284:6457596): cwd=\"/app\""}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643165.284:6457596): argc=3 a0=\"curl\" a1=\"-f\" a2=\"http://localhost:17170/\""}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643165.284:6457596): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643165.284:6457596): arch=c000003e syscall=59 success=yes exit=0 a0=c00018b0f0 a1=c000022ac0 a2=c00013ec00 a3=0 items=2 ppid=1269630 pid=1269642 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"curl\" exe=\"/usr/bin/curl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643165.238:6457595): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643165.238:6457595): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643165.238:6457595): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643165.238:6457595): cwd=\"/var/lib/docker/rootfs/overlayfs/5bd3e1d5545f7ec51999f8794a4b4d6cc0fd1d92f87a78cfdfb129e440cd0559\""}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643165.238:6457595): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643165.238:6457595): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3840 a1=c0001f7338 a2=c0001f9c40 a3=0 items=2 ppid=1269630 pid=1269640 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643165.220:6457594): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F35626433653164353534356637656335313939396638373934"}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643165.220:6457594): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643165.220:6457594): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643165.220:6457594): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/5bd3e1d5545f7ec51999f8794a4b4d6cc0fd1d92f87a78cfdfb129e440cd0559\""}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643165.220:6457594): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/5bd3e1d5545f7ec51999f8794a4b4d6cc0fd1d92f87a78cfdfb129e440cd0559/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1678551275\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/5bd3e1d5545f7ec51999f8794a4b4d6cc0fd1d92f87a78cfdfb129e440cd0559/5532b885b256fd6ac70d6fc68ba9a9f0ec6f83f444cc67111543b6069c450a61.pid\" a14=\"5bd3e1d5545f7ec51999f8794a4b4d6cc0fd1d92f87a78cfdfb129e440cd0559\""}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643165.220:6457594): arch=c000003e syscall=59 success=yes exit=0 a0=c000314fb0 a1=c000320d80 a2=c000320e00 a3=0 items=2 ppid=5118 pid=1269630 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643165.195:6457593): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643165.195:6457593): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6694357 dev=00:6b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643165.195:6457593): item=0 name=\"/usr/local/bin/redis-cli\" inode=6703632 dev=00:6b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643165.195:6457593): cwd=\"/data\""}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643165.195:6457593): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643165.195:6457593): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643165.195:6457593): arch=c000003e syscall=59 success=yes exit=0 a0=c000028760 a1=c000117350 a2=c0000df1c0 a3=0 items=2 ppid=1269612 pid=1269624 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643165.142:6457592): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643165.142:6457592): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643165.142:6457592): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643165.142:6457592): cwd=\"/var/lib/docker/rootfs/overlayfs/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748\""}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643165.142:6457592): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643165.142:6457592): arch=c000003e syscall=59 success=yes exit=0 a0=c000245880 a1=c000249350 a2=c00024bc40 a3=0 items=2 ppid=1269612 pid=1269622 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643165.128:6457591): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F30613638333732643666643238323031363834626539383237"}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643165.128:6457591): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643165.128:6457591): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643165.128:6457591): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748\""}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643165.128:6457591): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1289875928\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748/69c897108f8cae57fea2e254e6a1c28e87d14e99c6a3b36939380c88a35cd1c1.pid\" a14=\"0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748\""}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643165.128:6457591): arch=c000003e syscall=59 success=yes exit=0 a0=c0000b6fa0 a1=c0001a9580 a2=c0001a9600 a3=0 items=2 ppid=4707 pid=1269612 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643164.844:6457590): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643164.844:6457590): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643164.844:6457590): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643164.844:6457590): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643164.844:6457590): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643164.844:6457590): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643164.844:6457590): arch=c000003e syscall=59 success=yes exit=0 a0=7276055e5d60 a1=7275b0442920 a2=5d751c63aa40 a3=8 items=2 ppid=6449 pid=1269609 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643164.844:6457589): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643164.844:6457589): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643164.844:6457589): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643164.844:6457589): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b0442920 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1269609 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643164.844:6457588): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643164.844:6457588): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643164.844:6457588): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643164.844:6457588): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b0442920 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1269609 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643164.844:6457587): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643164.844:6457587): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643164.844:6457587): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643164.844:6457587): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b0442920 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1269609 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643164.844:6457586): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643164.844:6457586): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643164.844:6457586): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643164.844:6457586): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b0442920 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1269609 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643164.844:6457585): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643164.844:6457585): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643164.844:6457585): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643164.844:6457585): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b0442920 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1269609 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643164.844:6457584): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643164.844:6457584): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643164.844:6457584): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643164.844:6457584): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b0442920 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1269609 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643164.841:6457583): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643164.841:6457583): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643164.841:6457583): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643164.841:6457583): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643164.841:6457583): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643164.841:6457583): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643164.841:6457583): arch=c000003e syscall=59 success=yes exit=0 a0=7276055e5d60 a1=7275b04428e0 a2=5d751c63aa40 a3=8 items=2 ppid=6449 pid=1269608 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643164.841:6457582): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643164.841:6457582): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643164.841:6457582): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643164.841:6457582): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b04428e0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1269608 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643164.841:6457581): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643164.841:6457581): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643164.841:6457581): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643164.841:6457581): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b04428e0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1269608 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643164.841:6457580): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643164.841:6457580): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643164.841:6457580): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643164.841:6457580): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b04428e0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1269608 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643164.841:6457579): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643164.841:6457579): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643164.841:6457579): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643164.841:6457579): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b04428e0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1269608 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643164.841:6457578): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643164.841:6457578): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643164.841:6457578): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643164.841:6457578): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b04428e0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1269608 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643164.841:6457577): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643164.841:6457577): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643164.841:6457577): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643164.841:6457577): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b04428e0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1269608 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643164.838:6457576): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643164.838:6457576): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643164.838:6457576): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643164.838:6457576): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643164.838:6457576): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643164.838:6457576): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643164.838:6457576): arch=c000003e syscall=59 success=yes exit=0 a0=7276055e5d60 a1=7275b04427c0 a2=5d751c63aa40 a3=8 items=2 ppid=6449 pid=1269607 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643164.837:6457575): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643164.837:6457575): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643164.837:6457575): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643164.837:6457575): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b04427c0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1269607 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643164.837:6457574): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643164.837:6457574): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643164.837:6457574): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643164.837:6457574): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b04427c0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1269607 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643164.837:6457573): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643164.837:6457573): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643164.837:6457573): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643164.837:6457573): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b04427c0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1269607 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643164.837:6457572): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643164.837:6457572): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643164.837:6457572): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643164.837:6457572): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b04427c0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1269607 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643164.837:6457571): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643164.837:6457571): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643164.837:6457571): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643164.837:6457571): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b04427c0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1269607 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643164.837:6457570): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643164.837:6457570): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643164.837:6457570): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643164.837:6457570): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b04427c0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1269607 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643164.763:6457569): proctitle=6D617269616462002D2D64656661756C74732D65787472612D66696C653D2F7661722F6C69622F6D7973716C2F2E6D792D6865616C7468636865636B2E636E66002D2D70726F746F636F6C00736F636B6574002D42002D2D736B69702D636F6C756D6E2D6E616D6573002D650073656C65637420312066726F6D20696E666F72"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643164.763:6457569): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:61 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643164.763:6457569): item=0 name=\"/usr/bin/mariadb\" inode=7117817 dev=00:61 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643164.763:6457569): cwd=\"/\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643164.763:6457569): argc=8 a0=\"mariadb\" a1=\"--defaults-extra-file=/var/lib/mysql/.my-healthcheck.cnf\" a2=\"--protocol\" a3=\"socket\" a4=\"-B\" a5=\"--skip-column-names\" a6=\"-e\" a7=73656C65637420312066726F6D20696E666F726D6174696F6E5F736368656D612E454E47494E455320574845524520656E67696E653D27696E6E6F64622720414E4420737570706F727420696E202827594553272C202744454641554C54272C2027454E41424C45442729"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643164.763:6457569): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643164.763:6457569): arch=c000003e syscall=59 success=yes exit=0 a0=619fb736e990 a1=619fb73909c0 a2=619fb736f860 a3=8 items=2 ppid=1269599 pid=1269606 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"mariadb\" exe=\"/usr/bin/mariadb\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643164.749:6457568): proctitle=6D617269616462002D2D64656661756C74732D65787472612D66696C653D2F7661722F6C69622F6D7973716C2F2E6D792D6865616C7468636865636B2E636E66002D2D70726F746F636F6C00736F636B6574002D42002D2D736B69702D636F6C756D6E2D6E616D6573002D650073656C656374204040736B69705F6E6574776F"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643164.749:6457568): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:61 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643164.749:6457568): item=0 name=\"/usr/bin/mariadb\" inode=7117817 dev=00:61 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643164.749:6457568): cwd=\"/\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643164.749:6457568): argc=8 a0=\"mariadb\" a1=\"--defaults-extra-file=/var/lib/mysql/.my-healthcheck.cnf\" a2=\"--protocol\" a3=\"socket\" a4=\"-B\" a5=\"--skip-column-names\" a6=\"-e\" a7=73656C656374204040736B69705F6E6574776F726B696E67"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643164.749:6457568): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643164.749:6457568): arch=c000003e syscall=59 success=yes exit=0 a0=619fb736efe0 a1=619fb7390810 a2=619fb736f4a0 a3=8 items=2 ppid=1269599 pid=1269605 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"mariadb\" exe=\"/usr/bin/mariadb\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643164.741:6457567): proctitle=2F62696E2F62617368002F7573722F6C6F63616C2F62696E2F6865616C7468636865636B2E7368002D2D636F6E6E656374002D2D696E6E6F64625F696E697469616C697A6564"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643164.741:6457567): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:61 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643164.741:6457567): item=1 name=\"/bin/bash\" inode=6963796 dev=00:61 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643164.741:6457567): item=0 name=\"/usr/local/bin/healthcheck.sh\" inode=7348502 dev=00:61 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643164.741:6457567): cwd=\"/\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643164.741:6457567): argc=4 a0=\"/bin/bash\" a1=\"/usr/local/bin/healthcheck.sh\" a2=\"--connect\" a3=\"--innodb_initialized\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643164.741:6457567): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643164.741:6457567): arch=c000003e syscall=59 success=yes exit=0 a0=c000028760 a1=c000022660 a2=c0000de320 a3=0 items=3 ppid=1269587 pid=1269599 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"healthcheck.sh\" exe=\"/usr/bin/bash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643164.697:6457566): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643164.697:6457566): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643164.697:6457566): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643164.697:6457566): cwd=\"/var/lib/docker/rootfs/overlayfs/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643164.697:6457566): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643164.697:6457566): arch=c000003e syscall=59 success=yes exit=0 a0=c00024d890 a1=c000251350 a2=c000253c40 a3=0 items=2 ppid=1269587 pid=1269597 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643164.682:6457565): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F37656465303139653363623065383839303138636162386266"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643164.682:6457565): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643164.682:6457565): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643164.682:6457565): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643164.682:6457565): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2466512113\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7/efc170a8515aae663546723a5d783d70b12cf9c7f6baecd7b5ce6348f31a1cfd.pid\" a14=\"7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643164.682:6457565): arch=c000003e syscall=59 success=yes exit=0 a0=c000400fe0 a1=c000000180 a2=c000001600 a3=0 items=2 ppid=5740 pid=1269587 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643164.528:6457564): proctitle=77676574002D2D737069646572002D7100687474703A2F2F3132372E302E302E313A333030302F"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643164.528:6457564): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6688979 dev=00:a6 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643164.528:6457564): item=0 name=\"/usr/bin/wget\" inode=6699356 dev=00:a6 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643164.528:6457564): cwd=\"/data/docuseal\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643164.528:6457564): argc=4 a0=\"wget\" a1=\"--spider\" a2=\"-q\" a3=\"http://127.0.0.1:3000/\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643164.528:6457564): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643164.528:6457564): arch=c000003e syscall=59 success=yes exit=0 a0=76a5aa72d558 a1=76a5aa72d478 a2=76a5aa72d4a0 a3=76a5aa7286a4 items=2 ppid=1269578 pid=1269584 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643164.522:6457563): proctitle=2F62696E2F7368002D630077676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A333030302F207C7C20657869742031"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643164.522:6457563): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6688979 dev=00:a6 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643164.522:6457563): item=0 name=\"/bin/sh\" inode=6699356 dev=00:a6 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643164.522:6457563): cwd=\"/data/docuseal\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643164.522:6457563): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=77676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A333030302F207C7C20657869742031"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643164.522:6457563): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643164.522:6457563): arch=c000003e syscall=59 success=yes exit=0 a0=c000198f98 a1=c000022680 a2=c0000bf290 a3=0 items=2 ppid=5836 pid=1269578 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643164.474:6457562): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643164.474:6457562): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643164.474:6457562): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643164.474:6457562): cwd=\"/var/lib/docker/rootfs/overlayfs/54b29fc0e66ed9250ab34b02c7796cc10123209dc181d39249b516ee4894714f\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643164.474:6457562): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643164.474:6457562): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5880 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=1269565 pid=1269574 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643164.460:6457561): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F35346232396663306536366564393235306162333462303263"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643164.460:6457561): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643164.460:6457561): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643164.460:6457561): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/54b29fc0e66ed9250ab34b02c7796cc10123209dc181d39249b516ee4894714f\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643164.460:6457561): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/54b29fc0e66ed9250ab34b02c7796cc10123209dc181d39249b516ee4894714f/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3447871073\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/54b29fc0e66ed9250ab34b02c7796cc10123209dc181d39249b516ee4894714f/68d0f6ca8206f2f68dbc7d19fb165b8fd11a5f4d19fe9613577ccc0a86549727.pid\" a14=\"54b29fc0e66ed9250ab34b02c7796cc10123209dc181d39249b516ee4894714f\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643164.460:6457561): arch=c000003e syscall=59 success=yes exit=0 a0=c0001ce920 a1=c0000c6280 a2=c0000c6300 a3=0 items=2 ppid=5836 pid=1269565 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643164.355:6457560): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643164.355:6457560): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643164.355:6457560): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643164.355:6457560): cwd=\"/var/lib/docker/rootfs/overlayfs/59582f7591559088714ccdef6fbea6ce773505523dcc785ab3c861f1c9a990ae\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643164.355:6457560): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643164.355:6457560): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3810 a1=c0001f7338 a2=c0001f9c40 a3=0 items=2 ppid=1269537 pid=1269548 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643164.338:6457559): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F35393538326637353931353539303838373134636364656636"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643164.338:6457559): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643164.338:6457559): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643164.338:6457559): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/59582f7591559088714ccdef6fbea6ce773505523dcc785ab3c861f1c9a990ae\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643164.338:6457559): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/59582f7591559088714ccdef6fbea6ce773505523dcc785ab3c861f1c9a990ae/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1800364524\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/59582f7591559088714ccdef6fbea6ce773505523dcc785ab3c861f1c9a990ae/19b2071e6722781ed9314e8d9e44190378487358f782bfc13da7dd77383a25dc.pid\" a14=\"59582f7591559088714ccdef6fbea6ce773505523dcc785ab3c861f1c9a990ae\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643164.338:6457559): arch=c000003e syscall=59 success=yes exit=0 a0=c0000104a0 a1=c00011cd80 a2=c00011ce00 a3=0 items=2 ppid=5731 pid=1269537 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643163.765:6457558): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550067726F777468626F6F6B002D6400706F737467726573"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643163.765:6457558): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643163.765:6457558): item=0 name=\"/usr/lib/postgresql/17/bin/pg_isready\" inode=3958125 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643163.765:6457558): cwd=\"/\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643163.765:6457558): argc=5 a0=\"/usr/lib/postgresql/17/bin/pg_isready\" a1=\"-U\" a2=\"growthbook\" a3=\"-d\" a4=\"postgres\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643163.765:6457558): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643163.765:6457558): arch=c000003e syscall=59 success=yes exit=0 a0=62fa2dc5ebd0 a1=62fa2ddd3310 a2=62fa2da52970 a3=7b8f19513e70 items=2 ppid=1269528 pid=1269535 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/lib/postgresql/17/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643163.724:6457557): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550067726F777468626F6F6B002D6400706F737467726573"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643163.724:6457557): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643163.724:6457557): item=1 name=\"/usr/bin/perl\" inode=6956288 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643163.724:6457557): item=0 name=\"/usr/bin/pg_isready\" inode=4211279 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643163.724:6457557): cwd=\"/\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643163.724:6457557): argc=6 a0=\"/usr/bin/perl\" a1=\"/usr/bin/pg_isready\" a2=\"-U\" a3=\"growthbook\" a4=\"-d\" a5=\"postgres\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643163.724:6457557): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643163.724:6457557): arch=c000003e syscall=59 success=yes exit=0 a0=5dcce98c9640 a1=5dccbdbca9a8 a2=5dcce98c95d8 a3=8 items=3 ppid=1269528 pid=1269535 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/bin/perl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643163.720:6457556): proctitle=2F62696E2F7368002D630070675F69737265616479202D552067726F777468626F6F6B202D6420706F737467726573"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643163.720:6457556): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643163.720:6457556): item=0 name=\"/bin/sh\" inode=6954646 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643163.720:6457556): cwd=\"/\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643163.720:6457556): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552067726F777468626F6F6B202D6420706F737467726573"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643163.720:6457556): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643163.720:6457556): arch=c000003e syscall=59 success=yes exit=0 a0=c00018ae80 a1=c000022ac0 a2=c0000940c0 a3=0 items=2 ppid=1269515 pid=1269528 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/usr/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643163.671:6457555): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550070726F6D6574686575735F61646D696E002D640070726F6D6574686575735F61646D696E"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643163.671:6457555): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=5581428 dev=00:95 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643163.671:6457555): item=0 name=\"/usr/lib/postgresql/17/bin/pg_isready\" inode=5809487 dev=00:95 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643163.671:6457555): cwd=\"/\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643163.671:6457555): argc=5 a0=\"/usr/lib/postgresql/17/bin/pg_isready\" a1=\"-U\" a2=\"prometheus_admin\" a3=\"-d\" a4=\"prometheus_admin\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643163.671:6457555): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643163.671:6457555): arch=c000003e syscall=59 success=yes exit=0 a0=5f0aec7cd320 a1=5f0aec7fa090 a2=5f0aec45c970 a3=7072992e2e70 items=2 ppid=1269507 pid=1269514 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/lib/postgresql/17/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643163.665:6457554): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643163.665:6457554): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643163.665:6457554): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643163.665:6457554): cwd=\"/var/lib/docker/rootfs/overlayfs/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643163.665:6457554): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643163.665:6457554): arch=c000003e syscall=59 success=yes exit=0 a0=c000245880 a1=c000249350 a2=c00024bc80 a3=0 items=2 ppid=1269515 pid=1269525 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643163.649:6457553): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F30326662356464303063653239313436373264356635333762"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643163.649:6457553): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643163.649:6457553): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643163.649:6457553): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643163.649:6457553): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3645416961\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf/c8a2f79bb32012c0aa48f102e200cda0edef5410bf123d519954355050e6bce0.pid\" a14=\"02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643163.649:6457553): arch=c000003e syscall=59 success=yes exit=0 a0=c0002680f0 a1=c000232700 a2=c000232780 a3=0 items=2 ppid=4615 pid=1269515 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643163.628:6457552): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550070726F6D6574686575735F61646D696E002D640070726F6D6574686575735F61646D696E"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643163.628:6457552): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=5581428 dev=00:95 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643163.628:6457552): item=1 name=\"/usr/bin/perl\" inode=5580916 dev=00:95 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643163.628:6457552): item=0 name=\"/usr/bin/pg_isready\" inode=5823482 dev=00:95 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643163.628:6457552): cwd=\"/\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643163.628:6457552): argc=6 a0=\"/usr/bin/perl\" a1=\"/usr/bin/pg_isready\" a2=\"-U\" a3=\"prometheus_admin\" a4=\"-d\" a5=\"prometheus_admin\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643163.628:6457552): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643163.628:6457552): arch=c000003e syscall=59 success=yes exit=0 a0=5fa0248e7678 a1=5fa0248e75e0 a2=5fa0248e7610 a3=8 items=3 ppid=1269507 pid=1269514 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/bin/perl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643163.624:6457551): proctitle=2F62696E2F7368002D630070675F69737265616479202D552070726F6D6574686575735F61646D696E202D642070726F6D6574686575735F61646D696E"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643163.624:6457551): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=5581428 dev=00:95 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643163.624:6457551): item=0 name=\"/bin/sh\" inode=5580787 dev=00:95 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643163.624:6457551): cwd=\"/\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643163.624:6457551): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552070726F6D6574686575735F61646D696E202D642070726F6D6574686575735F61646D696E"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643163.624:6457551): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643163.624:6457551): arch=c000003e syscall=59 success=yes exit=0 a0=c000196eb0 a1=c000022680 a2=c000025200 a3=0 items=2 ppid=1269495 pid=1269507 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/usr/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643163.585:6457550): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643163.585:6457550): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643163.585:6457550): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643163.585:6457550): cwd=\"/var/lib/docker/rootfs/overlayfs/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643163.585:6457550): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643163.585:6457550): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5880 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=1269495 pid=1269505 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643163.570:6457549): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F39366463666130373439336431613065353531353136646432"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643163.570:6457549): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643163.570:6457549): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643163.570:6457549): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643163.570:6457549): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3333982703\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24/411553e489ec70207f56cf764a7037be38f5a5acb07a186c282e8b0b832ca206.pid\" a14=\"96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643163.570:6457549): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f4860 a1=c0001b2c00 a2=c0001b2c80 a3=0 items=2 ppid=5764 pid=1269495 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643163.403:6457548): proctitle=62617368002D63006563686F203E202F6465762F7463702F3132372E302E302E312F3132333435"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643163.403:6457548): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6953729 dev=00:84 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643163.403:6457548): item=0 name=\"/usr/bin/bash\" inode=6837495 dev=00:84 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643163.403:6457548): cwd=\"/\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643163.403:6457548): argc=3 a0=\"bash\" a1=\"-c\" a2=6563686F203E202F6465762F7463702F3132372E302E302E312F3132333435"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643163.403:6457548): arch=c000003e syscall=59 success=yes exit=0 a0=59a8de4da610 a1=59a8de4da5c0 a2=59a8de4da5e0 a3=8 items=2 ppid=1269488 pid=1269494 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"bash\" exe=\"/usr/bin/bash\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643163.398:6457547): proctitle=2F62696E2F7368002D630062617368202D6320276563686F203E202F6465762F7463702F3132372E302E302E312F313233343527"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643163.398:6457547): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6953729 dev=00:84 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643163.398:6457547): item=0 name=\"/bin/sh\" inode=6838254 dev=00:84 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643163.398:6457547): cwd=\"/\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643163.398:6457547): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=62617368202D6320276563686F203E202F6465762F7463702F3132372E302E302E312F313233343527"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643163.398:6457547): arch=c000003e syscall=59 success=yes exit=0 a0=c0000dde38 a1=c000022900 a2=c0000d7500 a3=0 items=2 ppid=5965 pid=1269488 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/usr/bin/dash\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643163.373:6457546): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643163.373:6457546): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643163.373:6457546): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643163.373:6457546): cwd=\"/var/lib/docker/rootfs/overlayfs/704f47db7340fbf202e52c09aed8fcab63894411801fa550e7c197945447cbcc\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643163.373:6457546): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643163.373:6457546): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5c00 a1=c000011050 a2=c00007bc40 a3=0 items=2 ppid=1269476 pid=1269486 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643163.357:6457545): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F37303466343764623733343066626632303265353263303961"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643163.357:6457545): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643163.357:6457545): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643163.357:6457545): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/704f47db7340fbf202e52c09aed8fcab63894411801fa550e7c197945447cbcc\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643163.357:6457545): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/704f47db7340fbf202e52c09aed8fcab63894411801fa550e7c197945447cbcc/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process344110650\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/704f47db7340fbf202e52c09aed8fcab63894411801fa550e7c197945447cbcc/8c85beee5904c8557a96b24d373460a3aa81d940a79bd0ee043c0955718a1801.pid\" a14=\"704f47db7340fbf202e52c09aed8fcab63894411801fa550e7c197945447cbcc\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643163.357:6457545): arch=c000003e syscall=59 success=yes exit=0 a0=c0001ae610 a1=c000304800 a2=c000304880 a3=0 items=2 ppid=5965 pid=1269476 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643162.937:6457544): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.937:6457544): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:bf mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.937:6457544): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:bf mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643162.937:6457544): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643162.937:6457544): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643162.937:6457544): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643162.937:6457544): arch=c000003e syscall=59 success=yes exit=0 a0=7cf488ec7d60 a1=7cf467e012c0 a2=570e063f2a40 a3=8 items=2 ppid=6698 pid=1269475 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643162.937:6457543): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.937:6457543): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643162.937:6457543): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643162.937:6457543): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ec7d60 a1=7cf467e012c0 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1269475 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643162.937:6457542): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.937:6457542): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643162.937:6457542): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643162.937:6457542): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ec7d60 a1=7cf467e012c0 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1269475 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643162.937:6457541): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.937:6457541): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643162.937:6457541): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643162.937:6457541): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ec7d60 a1=7cf467e012c0 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1269475 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643162.937:6457540): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.937:6457540): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643162.937:6457540): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643162.937:6457540): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ec7d60 a1=7cf467e012c0 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1269475 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643162.936:6457539): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.936:6457539): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643162.936:6457539): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643162.936:6457539): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ec7d60 a1=7cf467e012c0 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1269475 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643162.936:6457538): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.936:6457538): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643162.936:6457538): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643162.936:6457538): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ec7d60 a1=7cf467e012c0 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1269475 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643162.933:6457537): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.933:6457537): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:bf mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.933:6457537): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:bf mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643162.933:6457537): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643162.933:6457537): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643162.933:6457537): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643162.933:6457537): arch=c000003e syscall=59 success=yes exit=0 a0=7cf488ec7d60 a1=7cf439403f60 a2=570e063f2a40 a3=8 items=2 ppid=6698 pid=1269474 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643162.933:6457536): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.933:6457536): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643162.933:6457536): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643162.933:6457536): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ec7d60 a1=7cf439403f60 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1269474 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643162.933:6457535): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.933:6457535): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643162.933:6457535): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643162.933:6457535): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ec7d60 a1=7cf439403f60 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1269474 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643162.933:6457534): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.933:6457534): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643162.933:6457534): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643162.933:6457534): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ec7d60 a1=7cf439403f60 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1269474 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643162.933:6457533): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.933:6457533): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643162.933:6457533): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643162.933:6457533): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ec7d60 a1=7cf439403f60 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1269474 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643162.933:6457532): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.933:6457532): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643162.933:6457532): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643162.933:6457532): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ec7d60 a1=7cf439403f60 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1269474 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643162.932:6457531): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.932:6457531): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643162.932:6457531): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643162.932:6457531): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ec7d60 a1=7cf439403f60 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1269474 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643162.926:6457530): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.926:6457530): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:bf mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.926:6457530): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:bf mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643162.926:6457530): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643162.926:6457530): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643162.926:6457530): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643162.926:6457530): arch=c000003e syscall=59 success=yes exit=0 a0=7cf488ec7d60 a1=7cf439405040 a2=570e063f2a40 a3=8 items=2 ppid=6698 pid=1269473 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643162.926:6457529): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.926:6457529): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643162.926:6457529): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643162.926:6457529): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ec7d60 a1=7cf439405040 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1269473 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643162.926:6457528): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.926:6457528): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643162.926:6457528): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643162.926:6457528): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ec7d60 a1=7cf439405040 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1269473 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643162.926:6457527): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.926:6457527): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643162.926:6457527): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643162.926:6457527): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ec7d60 a1=7cf439405040 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1269473 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643162.926:6457526): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.926:6457526): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643162.926:6457526): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643162.926:6457526): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ec7d60 a1=7cf439405040 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1269473 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643162.925:6457525): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.925:6457525): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643162.925:6457525): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643162.925:6457525): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ec7d60 a1=7cf439405040 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1269473 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643162.925:6457524): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.925:6457524): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643162.925:6457524): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643162.925:6457524): arch=c000003e syscall=59 success=no exit=-2 a0=7cf488ec7d60 a1=7cf439405040 a2=570e063f2a40 a3=8 items=1 ppid=6698 pid=1269473 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643162.708:6457523): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.708:6457523): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:4a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.708:6457523): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:4a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643162.708:6457523): cwd=\"/\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643162.708:6457523): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"postgres\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643162.708:6457523): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643162.708:6457523): arch=c000003e syscall=59 success=yes exit=0 a0=7cdd16c13288 a1=7cdd16c131e8 a2=7cdd16c13208 a3=0 items=2 ppid=4040 pid=1269451 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643162.702:6457522): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.702:6457522): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:4a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.702:6457522): item=0 name=\"/bin/sh\" inode=8589166 dev=00:4a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643162.702:6457522): cwd=\"/\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643162.702:6457522): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643162.702:6457522): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643162.702:6457522): arch=c000003e syscall=59 success=yes exit=0 a0=c0001a8f68 a1=c000022680 a2=c0001508c0 a3=0 items=2 ppid=4040 pid=1269451 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643162.665:6457521): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.665:6457521): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.665:6457521): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643162.665:6457521): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643162.665:6457521): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643162.665:6457521): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643162.665:6457521): arch=c000003e syscall=59 success=yes exit=0 a0=75b00d839d60 a1=75af72c00180 a2=572859f88650 a3=8 items=2 ppid=6470 pid=1269463 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643162.665:6457520): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.665:6457520): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643162.665:6457520): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643162.665:6457520): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75af72c00180 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1269463 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643162.665:6457519): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.665:6457519): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643162.665:6457519): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643162.665:6457519): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75af72c00180 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1269463 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643162.665:6457518): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.665:6457518): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643162.665:6457518): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643162.665:6457518): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75af72c00180 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1269463 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643162.665:6457517): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.665:6457517): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643162.665:6457517): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643162.665:6457517): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75af72c00180 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1269463 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643162.665:6457516): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.665:6457516): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643162.665:6457516): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643162.665:6457516): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75af72c00180 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1269463 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643162.664:6457515): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.664:6457515): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643162.664:6457515): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643162.664:6457515): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75af72c00180 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1269463 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643162.661:6457514): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.661:6457514): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.661:6457514): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643162.661:6457514): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643162.661:6457514): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643162.661:6457514): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643162.661:6457514): arch=c000003e syscall=59 success=yes exit=0 a0=75b00d839d60 a1=75af72c001c0 a2=572859f88650 a3=8 items=2 ppid=6470 pid=1269462 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643162.661:6457513): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.661:6457513): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643162.661:6457513): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643162.661:6457513): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75af72c001c0 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1269462 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643162.661:6457512): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.661:6457512): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643162.661:6457512): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643162.661:6457512): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75af72c001c0 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1269462 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643162.661:6457511): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.661:6457511): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643162.661:6457511): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643162.661:6457511): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75af72c001c0 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1269462 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643162.661:6457510): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.661:6457510): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643162.661:6457510): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643162.661:6457510): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75af72c001c0 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1269462 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643162.661:6457509): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.661:6457509): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643162.661:6457509): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643162.661:6457509): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75af72c001c0 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1269462 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643162.661:6457508): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.661:6457508): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643162.661:6457508): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643162.661:6457508): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75af72c001c0 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1269462 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643162.657:6457507): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.657:6457507): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.657:6457507): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:68 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643162.657:6457507): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643162.657:6457507): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643162.657:6457507): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643162.657:6457507): arch=c000003e syscall=59 success=yes exit=0 a0=75b00d839d60 a1=75af72c00200 a2=572859f88650 a3=8 items=2 ppid=6470 pid=1269459 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643162.657:6457506): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.657:6457506): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643162.657:6457506): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643162.657:6457506): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75af72c00200 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1269459 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643162.657:6457505): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.657:6457505): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643162.657:6457505): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643162.657:6457505): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75af72c00200 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1269459 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643162.657:6457504): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.657:6457504): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643162.657:6457504): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643162.657:6457504): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75af72c00200 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1269459 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643162.657:6457503): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.657:6457503): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643162.657:6457503): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643162.657:6457503): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75af72c00200 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1269459 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643162.657:6457502): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.657:6457502): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643162.657:6457502): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643162.657:6457502): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75af72c00200 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1269459 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643162.656:6457501): proctitle=\"windmill\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.656:6457501): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643162.656:6457501): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643162.656:6457501): arch=c000003e syscall=59 success=no exit=-2 a0=75b00d839d60 a1=75af72c00200 a2=572859f88650 a3=8 items=1 ppid=6470 pid=1269459 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643162.647:6457500): proctitle=746F66750076657273696F6E"}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.647:6457500): item=0 name=\"/usr/local/bin/tofu\" inode=6721579 dev=00:40 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643162.647:6457500): cwd=\"/tofu\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643162.647:6457500): argc=2 a0=\"tofu\" a1=\"version\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643162.647:6457500): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643162.647:6457500): arch=c000003e syscall=59 success=yes exit=0 a0=c0000271d0 a1=c000117350 a2=c000022680 a3=0 items=1 ppid=1269418 pid=1269431 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tofu\" exe=\"/usr/local/bin/tofu\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643162.640:6457499): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.640:6457499): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.640:6457499): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:11f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643162.640:6457499): cwd=\"/var/lib/docker/rootfs/overlayfs/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643162.640:6457499): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643162.640:6457499): arch=c000003e syscall=59 success=yes exit=0 a0=c000245890 a1=c000249350 a2=c00024bc80 a3=0 items=2 ppid=1269437 pid=1269445 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643162.623:6457498): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36653065616135386161643139626438656463306639353565"}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.623:6457498): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.623:6457498): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643162.623:6457498): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643162.623:6457498): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2059686175\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39/433e86e38814dc2c6b8f4e18602ec3b9edcb33f00dd6dba5c7c9414101a6c7a4.pid\" a14=\"6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643162.623:6457498): arch=c000003e syscall=59 success=yes exit=0 a0=c0002af5f0 a1=c00036a180 a2=c00036a200 a3=0 items=2 ppid=4040 pid=1269437 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643162.582:6457497): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.582:6457497): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.582:6457497): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643162.582:6457497): cwd=\"/var/lib/docker/rootfs/overlayfs/10004f011cbcd1aef0e4860649cf41d88193ca12b52cd9b892a7426c383f0f44\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643162.582:6457497): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643162.582:6457497): arch=c000003e syscall=59 success=yes exit=0 a0=c0001fb850 a1=c0001ff338 a2=c000281bc0 a3=0 items=2 ppid=1269418 pid=1269427 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643162.568:6457496): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F31303030346630313163626364316165663065343836303634"}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.568:6457496): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643162.568:6457496): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643162.568:6457496): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/10004f011cbcd1aef0e4860649cf41d88193ca12b52cd9b892a7426c383f0f44\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643162.568:6457496): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/10004f011cbcd1aef0e4860649cf41d88193ca12b52cd9b892a7426c383f0f44/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3879130735\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/10004f011cbcd1aef0e4860649cf41d88193ca12b52cd9b892a7426c383f0f44/d668f61db31b9c83977c4d069999784c39f07cb0f743ce7d33ed1743d0a1785f.pid\" a14=\"10004f011cbcd1aef0e4860649cf41d88193ca12b52cd9b892a7426c383f0f44\""}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643162.568:6457496): arch=c000003e syscall=59 success=yes exit=0 a0=c00033e1d0 a1=c000132680 a2=c000132700 a3=0 items=2 ppid=3745 pid=1269418 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643161.235:6457495): proctitle=77676574002D2D6E6F2D766572626F7365002D2D74726965733D31002D2D73706964657200687474703A2F2F3132372E302E302E313A33303030"}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643161.235:6457495): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6974781 dev=00:52 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643161.235:6457495): item=0 name=\"/usr/bin/wget\" inode=7120693 dev=00:52 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643161.235:6457495): cwd=\"/usr/local/src/app\""}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643161.235:6457495): argc=5 a0=\"wget\" a1=\"--no-verbose\" a2=\"--tries=1\" a3=\"--spider\" a4=\"http://127.0.0.1:3000\""}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643161.235:6457495): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643161.235:6457495): arch=c000003e syscall=59 success=yes exit=0 a0=622412d21830 a1=622412d21768 a2=622412d21798 a3=8 items=2 ppid=1269368 pid=1269417 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/usr/bin/wget\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643161.230:6457494): proctitle=2F62696E2F7368002D630077676574202D2D6E6F2D766572626F7365202D2D74726965733D31202D2D73706964657220687474703A2F2F3132372E302E302E313A33303030207C7C20657869742031"}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643161.230:6457494): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6974781 dev=00:52 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643161.230:6457494): item=0 name=\"/bin/sh\" inode=6955544 dev=00:52 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643161.230:6457494): cwd=\"/usr/local/src/app\""}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643161.230:6457494): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=77676574202D2D6E6F2D766572626F7365202D2D74726965733D31202D2D73706964657220687474703A2F2F3132372E302E302E313A33303030207C7C20657869742031"}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643161.230:6457494): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643161.230:6457494): arch=c000003e syscall=59 success=yes exit=0 a0=c00018ce50 a1=c000022ac0 a2=c000170900 a3=0 items=2 ppid=4470 pid=1269368 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/usr/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643161.173:6457493): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643161.173:6457493): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=5809101 dev=00:7a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643161.173:6457493): item=0 name=\"/usr/local/bin/redis-cli\" inode=928088 dev=00:7a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643161.173:6457493): cwd=\"/data\""}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643161.173:6457493): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643161.173:6457493): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643161.173:6457493): arch=c000003e syscall=59 success=yes exit=0 a0=c000028760 a1=c00009f350 a2=c0001671c0 a3=0 items=2 ppid=4347 pid=1269411 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643161.125:6457492): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643161.125:6457492): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643161.125:6457492): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643161.125:6457492): cwd=\"/var/lib/docker/rootfs/overlayfs/7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc\""}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643161.125:6457492): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643161.125:6457492): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b830 a1=c00017f338 a2=c000181c00 a3=0 items=2 ppid=1269398 pid=1269407 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643161.109:6457491): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F37653133646436663732366137623537636331343730633130"}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643161.109:6457491): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643161.109:6457491): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643161.109:6457491): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc\""}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643161.109:6457491): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2785362640\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc/04c93ba098667a368064403d4c0be778b29a0e740cc721dfb0cffa41f268107b.pid\" a14=\"7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc\""}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643161.109:6457491): arch=c000003e syscall=59 success=yes exit=0 a0=c0002fc630 a1=c000312a80 a2=c000312f80 a3=0 items=2 ppid=4347 pid=1269398 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643161.067:6457490): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643161.067:6457490): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6694357 dev=00:42 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643161.067:6457490): item=0 name=\"/usr/local/bin/redis-cli\" inode=6703632 dev=00:42 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643161.067:6457490): cwd=\"/data\""}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643161.067:6457490): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643161.067:6457490): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643161.067:6457490): arch=c000003e syscall=59 success=yes exit=0 a0=c000028760 a1=c00009f350 a2=c0001671c0 a3=0 items=2 ppid=1269378 pid=1269392 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643161.025:6457489): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643161.025:6457489): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643161.025:6457489): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643161.025:6457489): cwd=\"/var/lib/docker/rootfs/overlayfs/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d\""}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643161.025:6457489): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643161.025:6457489): arch=c000003e syscall=59 success=yes exit=0 a0=c0001cf880 a1=c0001d3350 a2=c0001d5c00 a3=0 items=2 ppid=1269378 pid=1269387 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643161.009:6457488): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F34636330343638363065393965643463653631636334663763"}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643161.009:6457488): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643161.009:6457488): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643161.009:6457488): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d\""}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643161.009:6457488): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1066151984\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d/7351ede91803b7cb5f5c7d46b2a31b9bcc7f3fbf3c9cbd259921a45958a7250b.pid\" a14=\"4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d\""}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643161.009:6457488): arch=c000003e syscall=59 success=yes exit=0 a0=c0003ff2a0 a1=c00038a500 a2=c00038a580 a3=0 items=2 ppid=4510 pid=1269378 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643160.913:6457487): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520617065785F75736572202D6420617065785F6462"}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643160.913:6457487): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:77 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643160.913:6457487): item=0 name=\"/usr/local/bin/pg_isready\" inode=6091069 dev=00:77 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643160.913:6457487): cwd=\"/\""}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643160.913:6457487): argc=5 a0=\"pg_isready\" a1=\"-U\" a2=\"apex_user\" a3=\"-d\" a4=\"apex_db\""}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643160.913:6457487): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643160.913:6457487): arch=c000003e syscall=59 success=yes exit=0 a0=7f7248ed93f8 a1=7f7248ed9278 a2=7f7248ed9378 a3=0 items=2 ppid=5169 pid=1269355 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643160.907:6457486): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520617065785F75736572202D6420617065785F6462"}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643160.907:6457486): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:77 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643160.907:6457486): item=0 name=\"/bin/sh\" inode=3454556 dev=00:77 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643160.907:6457486): cwd=\"/\""}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643160.907:6457486): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520617065785F75736572202D6420617065785F6462"}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643160.907:6457486): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643160.907:6457486): arch=c000003e syscall=59 success=yes exit=0 a0=c000196f68 a1=c000022680 a2=c0000d88c0 a3=0 items=2 ppid=5169 pid=1269355 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643160.880:6457485): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520666F7267656A6F"}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643160.880:6457485): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:b3 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643160.880:6457485): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:b3 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643160.880:6457485): cwd=\"/\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643160.880:6457485): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"forgejo\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643160.880:6457485): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643160.880:6457485): arch=c000003e syscall=59 success=yes exit=0 a0=778941748278 a1=7789417481d8 a2=7789417481f8 a3=8080808080808080 items=2 ppid=4749 pid=1269333 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643160.877:6457484): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520666F7267656A6F"}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643160.877:6457484): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:b3 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643160.877:6457484): item=0 name=\"/bin/sh\" inode=8589166 dev=00:b3 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643160.877:6457484): cwd=\"/\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643160.877:6457484): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520666F7267656A6F"}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643160.877:6457484): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643160.877:6457484): arch=c000003e syscall=59 success=yes exit=0 a0=c00017cf38 a1=c000022ac0 a2=c0000b48c0 a3=0 items=2 ppid=1269318 pid=1269333 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643160.863:6457483): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643160.863:6457483): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643160.863:6457483): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:15a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643160.863:6457483): cwd=\"/var/lib/docker/rootfs/overlayfs/5888ec9fb62609ee738ffa3ec0dea0a3b09c0ee8b022a2fd7583416eadaeefe6\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643160.863:6457483): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643160.863:6457483): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b820 a1=c00017f338 a2=c000201c40 a3=0 items=2 ppid=1269343 pid=1269361 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643160.855:6457482): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643160.855:6457482): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643160.855:6457482): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:11f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643160.855:6457482): cwd=\"/var/lib/docker/rootfs/overlayfs/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643160.855:6457482): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643160.855:6457482): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5890 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=1269326 pid=1269350 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643160.846:6457481): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F35383838656339666236323630396565373338666661336563"}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643160.846:6457481): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643160.846:6457481): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643160.846:6457481): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/5888ec9fb62609ee738ffa3ec0dea0a3b09c0ee8b022a2fd7583416eadaeefe6\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643160.846:6457481): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/5888ec9fb62609ee738ffa3ec0dea0a3b09c0ee8b022a2fd7583416eadaeefe6/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1739010563\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/5888ec9fb62609ee738ffa3ec0dea0a3b09c0ee8b022a2fd7583416eadaeefe6/4c2a90a480a8a07d89be56d4c1491e6ea2ee2be9cf8cffd7ff66d3d1248b2058.pid\" a14=\"5888ec9fb62609ee738ffa3ec0dea0a3b09c0ee8b022a2fd7583416eadaeefe6\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643160.846:6457481): arch=c000003e syscall=59 success=yes exit=0 a0=c000430240 a1=c0002a8780 a2=c0002a8800 a3=0 items=2 ppid=4470 pid=1269343 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643160.828:6457480): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643160.828:6457480): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643160.828:6457480): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643160.828:6457480): cwd=\"/var/lib/docker/rootfs/overlayfs/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643160.828:6457480): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643160.828:6457480): arch=c000003e syscall=59 success=yes exit=0 a0=c000173840 a1=c000177338 a2=c000179c80 a3=0 items=2 ppid=1269318 pid=1269329 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643160.827:6457479): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F63316638663937643533353936653936373532306466353366"}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643160.827:6457479): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643160.827:6457479): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643160.827:6457479): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643160.827:6457479): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process913201839\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83/94458d3bc98213985ae382aa412ab3216d07b9b71b016ec269c1cc042b98995e.pid\" a14=\"c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643160.827:6457479): arch=c000003e syscall=59 success=yes exit=0 a0=c0003c2770 a1=c000258e00 a2=c000258e80 a3=0 items=2 ppid=5169 pid=1269326 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643160.816:6457478): proctitle=636174002F746D702F66616C636F5F6865616C7468"}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643160.816:6457478): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8279763 dev=00:54 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643160.816:6457478): item=0 name=\"/bin/cat\" inode=8279592 dev=00:54 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643160.816:6457478): cwd=\"/\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643160.816:6457478): argc=2 a0=\"cat\" a1=\"/tmp/falco_health\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643160.816:6457478): arch=c000003e syscall=59 success=yes exit=0 a0=5c077b586c50 a1=5c077b585758 a2=5c077b586bb8 a3=4 items=2 ppid=1269312 pid=1269325 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/bin/busybox\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643160.810:6457477): proctitle=2F62696E2F7368002D6300636174202F746D702F66616C636F5F6865616C7468207C7C20657869742030"}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643160.810:6457477): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8279763 dev=00:54 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643160.810:6457477): item=0 name=\"/bin/sh\" inode=8279592 dev=00:54 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643160.810:6457477): cwd=\"/\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643160.810:6457477): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=636174202F746D702F66616C636F5F6865616C7468207C7C20657869742030"}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643160.810:6457477): arch=c000003e syscall=59 success=yes exit=0 a0=c000167cc8 a1=c0000224e0 a2=c000114e10 a3=0 items=2 ppid=1269300 pid=1269312 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643160.804:6457476): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F32636464336430383963393436373631633432633763666334"}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643160.804:6457476): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643160.804:6457476): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643160.804:6457476): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643160.804:6457476): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process4136153089\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251/0c349eabc1988bb5a2987b674bd5a16fea981243f489028da126643348205850.pid\" a14=\"2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643160.804:6457476): arch=c000003e syscall=59 success=yes exit=0 a0=c000272720 a1=c0002ea900 a2=c0002ead00 a3=0 items=2 ppid=4749 pid=1269318 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643160.786:6457475): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643160.786:6457475): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643160.786:6457475): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643160.786:6457475): cwd=\"/var/lib/docker/rootfs/overlayfs/293239633a2ddf31b93206215b8746aa165b26f8930bdc103230de7930321e5e\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643160.786:6457475): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643160.786:6457475): arch=c000003e syscall=59 success=yes exit=0 a0=c0001d5c80 a1=c000011050 a2=c00007bc40 a3=0 items=2 ppid=1269300 pid=1269310 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643160.770:6457474): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F32393332333936333361326464663331623933323036323135"}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643160.770:6457474): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643160.770:6457474): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643160.770:6457474): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/293239633a2ddf31b93206215b8746aa165b26f8930bdc103230de7930321e5e\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643160.770:6457474): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/293239633a2ddf31b93206215b8746aa165b26f8930bdc103230de7930321e5e/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2445967695\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/293239633a2ddf31b93206215b8746aa165b26f8930bdc103230de7930321e5e/94aabaeefbea7e9eb7d085b7c650ba7120b911d1b104cae93b790d5aab745bae.pid\" a14=\"293239633a2ddf31b93206215b8746aa165b26f8930bdc103230de7930321e5e\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643160.770:6457474): arch=c000003e syscall=59 success=yes exit=0 a0=c000200ef0 a1=c000184e00 a2=c000185000 a3=0 items=2 ppid=5778 pid=1269300 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643160.690:6457473): proctitle=6375726C002D6600687474703A2F2F6C6F63616C686F73743A383030302F6865616C74687A"}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643160.690:6457473): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643160.690:6457473): item=0 name=\"/usr/bin/curl\" inode=8530521 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643160.690:6457473): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643160.690:6457473): argc=3 a0=\"curl\" a1=\"-f\" a2=\"http://localhost:8000/healthz\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643160.690:6457473): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643160.690:6457473): arch=c000003e syscall=59 success=yes exit=0 a0=c000196f80 a1=c000022680 a2=c000114a20 a3=0 items=2 ppid=1269281 pid=1269293 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"curl\" exe=\"/usr/bin/curl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643160.642:6457472): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643160.642:6457472): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643160.642:6457472): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643160.642:6457472): cwd=\"/var/lib/docker/rootfs/overlayfs/85b545c504cd648e96e62b4ba6066cca7e4a8b207e2cdfa5efa782d8a3e3241b\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643160.642:6457472): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643160.642:6457472): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c58a0 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=1269281 pid=1269290 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643160.627:6457471): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F38356235343563353034636436343865393665363262346261"}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643160.627:6457471): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643160.627:6457471): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643160.627:6457471): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/85b545c504cd648e96e62b4ba6066cca7e4a8b207e2cdfa5efa782d8a3e3241b\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643160.627:6457471): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/85b545c504cd648e96e62b4ba6066cca7e4a8b207e2cdfa5efa782d8a3e3241b/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2424357653\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/85b545c504cd648e96e62b4ba6066cca7e4a8b207e2cdfa5efa782d8a3e3241b/a6b134409a4784b2857657797e8887ef1a6165b4301dc94a8e38c5fb69162577.pid\" a14=\"85b545c504cd648e96e62b4ba6066cca7e4a8b207e2cdfa5efa782d8a3e3241b\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643160.627:6457471): arch=c000003e syscall=59 success=yes exit=0 a0=c0002b4d50 a1=c00017f480 a2=c00017fe00 a3=0 items=2 ppid=4871 pid=1269281 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643159.746:6457470): proctitle=2F7573722F62696E2F6E6F646500646973742F7365727665722E6A73"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643159.746:6457470): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6974781 dev=00:52 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643159.746:6457470): item=0 name=\"/usr/local/bin/python3\" inode=7100313 dev=00:52 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643159.746:6457470): cwd=\"/usr/local/src/app/packages/back-end\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643159.746:6457470): argc=3 a0=\"python3\" a1=\"-u\" a2=\"/usr/local/src/app/packages/back-end/scripts/stats_server.py\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643159.746:6457470): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643159.746:6457470): arch=c000003e syscall=59 success=yes exit=0 a0=7ffd70c8e6b0 a1=260bd070 a2=26172310 a3=8 items=2 ppid=13641 pid=1269273 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"python3\" exe=\"/usr/local/bin/python3.11\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643159.752:6457469): proctitle=77676574002D2D737069646572002D2D717569657400687474703A2F2F6C6F63616C686F73743A39303030"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643159.752:6457469): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6690187 dev=00:53 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643159.752:6457469): item=0 name=\"/usr/bin/wget\" inode=6689540 dev=00:53 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643159.752:6457469): cwd=\"/\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643159.752:6457469): argc=4 a0=\"wget\" a1=\"--spider\" a2=\"--quiet\" a3=\"http://localhost:9000\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643159.752:6457469): arch=c000003e syscall=59 success=yes exit=0 a0=c000153e70 a1=c00014d560 a2=c0000224e0 a3=0 items=2 ppid=1269255 pid=1269267 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/bin/busybox\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643159.746:6457468): proctitle=2F7573722F62696E2F6E6F646500646973742F7365727665722E6A73"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643159.746:6457468): item=0 name=\"/usr/bin/node_modules/npm/bin/node-gyp-bin/python3\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643159.746:6457468): cwd=\"/usr/local/src/app/packages/back-end\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643159.746:6457468): arch=c000003e syscall=59 success=no exit=-2 a0=7ffd70c8e6b0 a1=260bd070 a2=26172310 a3=8 items=1 ppid=13641 pid=1269273 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"node\" exe=\"/usr/bin/node\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643159.745:6457467): proctitle=2F7573722F62696E2F6E6F646500646973742F7365727665722E6A73"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643159.745:6457467): item=0 name=\"/usr/lib/node_modules/npm/bin/node-gyp-bin/python3\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643159.745:6457467): cwd=\"/usr/local/src/app/packages/back-end\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643159.745:6457467): arch=c000003e syscall=59 success=no exit=-2 a0=7ffd70c8e6b0 a1=260bd070 a2=26172310 a3=8 items=1 ppid=13641 pid=1269273 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"node\" exe=\"/usr/bin/node\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643159.745:6457466): proctitle=2F7573722F62696E2F6E6F646500646973742F7365727665722E6A73"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643159.745:6457466): item=0 name=\"/usr/libexec/lib/node_modules/npm/bin/node-gyp-bin/python3\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643159.745:6457466): cwd=\"/usr/local/src/app/packages/back-end\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643159.745:6457466): arch=c000003e syscall=59 success=no exit=-2 a0=7ffd70c8e6b0 a1=260bd070 a2=26172310 a3=8 items=1 ppid=13641 pid=1269273 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"node\" exe=\"/usr/bin/node\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643159.745:6457465): proctitle=2F7573722F62696E2F6E6F646500646973742F7365727665722E6A73"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643159.745:6457465): item=0 name=\"/usr/local/src/app/node_modules/.bin/python3\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643159.745:6457465): cwd=\"/usr/local/src/app/packages/back-end\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643159.745:6457465): arch=c000003e syscall=59 success=no exit=-2 a0=7ffd70c8e6b0 a1=260bd070 a2=26172310 a3=8 items=1 ppid=13641 pid=1269273 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"node\" exe=\"/usr/bin/node\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643159.745:6457464): proctitle=2F7573722F62696E2F6E6F646500646973742F7365727665722E6A73"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643159.745:6457464): item=0 name=\"/usr/local/share/.config/yarn/link/node_modules/.bin/python3\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643159.745:6457464): cwd=\"/usr/local/src/app/packages/back-end\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643159.745:6457464): arch=c000003e syscall=59 success=no exit=-2 a0=7ffd70c8e6b0 a1=260bd070 a2=26172310 a3=8 items=1 ppid=13641 pid=1269273 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"node\" exe=\"/usr/bin/node\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643159.745:6457463): proctitle=2F7573722F62696E2F6E6F646500646973742F7365727665722E6A73"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643159.745:6457463): item=0 name=\"/usr/local/src/app/node_modules/.bin/python3\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643159.745:6457463): cwd=\"/usr/local/src/app/packages/back-end\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643159.745:6457463): arch=c000003e syscall=59 success=no exit=-2 a0=7ffd70c8e6b0 a1=260bd070 a2=26172310 a3=8 items=1 ppid=13641 pid=1269273 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"node\" exe=\"/usr/bin/node\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643159.745:6457462): proctitle=2F7573722F62696E2F6E6F646500646973742F7365727665722E6A73"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643159.745:6457462): item=0 name=\"/tmp/yarn--1776341792145-0.602553751928236/python3\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643159.745:6457462): cwd=\"/usr/local/src/app/packages/back-end\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643159.745:6457462): arch=c000003e syscall=59 success=no exit=-2 a0=7ffd70c8e6b0 a1=260bd070 a2=26172310 a3=8 items=1 ppid=13641 pid=1269273 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"node\" exe=\"/usr/bin/node\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643159.745:6457461): proctitle=2F7573722F62696E2F6E6F646500646973742F7365727665722E6A73"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643159.745:6457461): item=0 name=\"/usr/bin/node_modules/npm/bin/node-gyp-bin/python3\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643159.745:6457461): cwd=\"/usr/local/src/app/packages/back-end\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643159.745:6457461): arch=c000003e syscall=59 success=no exit=-2 a0=7ffd70c8e6b0 a1=260bd070 a2=26172310 a3=8 items=1 ppid=13641 pid=1269273 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"node\" exe=\"/usr/bin/node\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643159.745:6457460): proctitle=2F7573722F62696E2F6E6F646500646973742F7365727665722E6A73"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643159.745:6457460): item=0 name=\"/usr/lib/node_modules/npm/bin/node-gyp-bin/python3\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643159.745:6457460): cwd=\"/usr/local/src/app/packages/back-end\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643159.745:6457460): arch=c000003e syscall=59 success=no exit=-2 a0=7ffd70c8e6b0 a1=260bd070 a2=26172310 a3=8 items=1 ppid=13641 pid=1269273 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"node\" exe=\"/usr/bin/node\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643159.745:6457459): proctitle=2F7573722F62696E2F6E6F646500646973742F7365727665722E6A73"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643159.745:6457459): item=0 name=\"/usr/libexec/lib/node_modules/npm/bin/node-gyp-bin/python3\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643159.745:6457459): cwd=\"/usr/local/src/app/packages/back-end\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643159.745:6457459): arch=c000003e syscall=59 success=no exit=-2 a0=7ffd70c8e6b0 a1=260bd070 a2=26172310 a3=8 items=1 ppid=13641 pid=1269273 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"node\" exe=\"/usr/bin/node\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643159.745:6457458): proctitle=2F7573722F62696E2F6E6F646500646973742F7365727665722E6A73"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643159.745:6457458): item=0 name=\"/usr/local/src/app/node_modules/.bin/python3\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643159.745:6457458): cwd=\"/usr/local/src/app/packages/back-end\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643159.745:6457458): arch=c000003e syscall=59 success=no exit=-2 a0=7ffd70c8e6b0 a1=260bd070 a2=26172310 a3=8 items=1 ppid=13641 pid=1269273 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"node\" exe=\"/usr/bin/node\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643159.745:6457457): proctitle=2F7573722F62696E2F6E6F646500646973742F7365727665722E6A73"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643159.745:6457457): item=0 name=\"/usr/local/share/.config/yarn/link/node_modules/.bin/python3\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643159.745:6457457): cwd=\"/usr/local/src/app/packages/back-end\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643159.745:6457457): arch=c000003e syscall=59 success=no exit=-2 a0=7ffd70c8e6b0 a1=260bd070 a2=26172310 a3=8 items=1 ppid=13641 pid=1269273 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"node\" exe=\"/usr/bin/node\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643159.745:6457456): proctitle=2F7573722F62696E2F6E6F646500646973742F7365727665722E6A73"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643159.745:6457456): item=0 name=\"/usr/local/src/app/packages/back-end/node_modules/.bin/python3\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643159.745:6457456): cwd=\"/usr/local/src/app/packages/back-end\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643159.745:6457456): arch=c000003e syscall=59 success=no exit=-2 a0=7ffd70c8e6b0 a1=260bd070 a2=26172310 a3=8 items=1 ppid=13641 pid=1269273 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"node\" exe=\"/usr/bin/node\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643159.745:6457455): proctitle=2F7573722F62696E2F6E6F646500646973742F7365727665722E6A73"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643159.745:6457455): item=0 name=\"/tmp/yarn--1776341803926-0.7481873751934174/python3\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643159.745:6457455): cwd=\"/usr/local/src/app/packages/back-end\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643159.745:6457455): arch=c000003e syscall=59 success=no exit=-2 a0=7ffd70c8e6b0 a1=260bd070 a2=26172310 a3=8 items=1 ppid=13641 pid=1269273 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"node\" exe=\"/usr/bin/node\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643159.729:6457454): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643159.729:6457454): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643159.729:6457454): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643159.729:6457454): cwd=\"/var/lib/docker/rootfs/overlayfs/08ef8e2f2653a795b49f9c31d690e5615c19f87e004231b8cb85077d9147f610\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643159.729:6457454): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643159.729:6457454): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5b80 a1=c000011050 a2=c00007bc00 a3=0 items=2 ppid=1269255 pid=1269264 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643159.714:6457453): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F30386566386532663236353361373935623439663963333164"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643159.714:6457453): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643159.714:6457453): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643159.714:6457453): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/08ef8e2f2653a795b49f9c31d690e5615c19f87e004231b8cb85077d9147f610\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643159.714:6457453): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/08ef8e2f2653a795b49f9c31d690e5615c19f87e004231b8cb85077d9147f610/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1255318921\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/08ef8e2f2653a795b49f9c31d690e5615c19f87e004231b8cb85077d9147f610/b985ffeb716d8b2313dd514f85deb4d5f49cdd66c27a3f53d84d4df8ec72cbb5.pid\" a14=\"08ef8e2f2653a795b49f9c31d690e5615c19f87e004231b8cb85077d9147f610\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643159.714:6457453): arch=c000003e syscall=59 success=yes exit=0 a0=c000222640 a1=c00021bb80 a2=c00021bc00 a3=0 items=2 ppid=4151 pid=1269255 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643159.350:6457452): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643159.350:6457452): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643159.350:6457452): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643159.350:6457452): cwd=\"/var/lib/docker/rootfs/overlayfs/531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643159.350:6457452): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643159.350:6457452): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3860 a1=c0001f7338 a2=c0001f9c40 a3=0 items=2 ppid=1269237 pid=1269246 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643159.335:6457451): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F35333161623839363863653834346231386230623365626166"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643159.335:6457451): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643159.335:6457451): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643159.335:6457451): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643159.335:6457451): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2132608152\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50/7a856e23ded2daf7a454f2d594f98652b30f59e1e39d7654d726af455a97e0c8.pid\" a14=\"531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643159.335:6457451): arch=c000003e syscall=59 success=yes exit=0 a0=c0000110a0 a1=c000132a00 a2=c000132a80 a3=0 items=2 ppid=5521 pid=1269237 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643158.796:6457450): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643158.796:6457450): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643158.796:6457450): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643158.796:6457450): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643158.796:6457450): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643158.796:6457450): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643158.796:6457450): arch=c000003e syscall=59 success=yes exit=0 a0=7276055e5d60 a1=7275b0442640 a2=5d751c63aa40 a3=8 items=2 ppid=6449 pid=1269234 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643158.796:6457449): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643158.796:6457449): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643158.796:6457449): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643158.796:6457449): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b0442640 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1269234 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643158.796:6457448): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643158.796:6457448): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643158.796:6457448): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643158.796:6457448): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b0442640 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1269234 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643158.796:6457447): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643158.796:6457447): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643158.796:6457447): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643158.796:6457447): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b0442640 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1269234 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643158.796:6457446): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643158.796:6457446): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643158.796:6457446): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643158.796:6457446): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b0442640 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1269234 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643158.796:6457445): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643158.796:6457445): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643158.796:6457445): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643158.796:6457445): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b0442640 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1269234 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643158.796:6457444): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643158.796:6457444): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643158.796:6457444): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643158.796:6457444): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=7275b0442640 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1269234 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643158.794:6457443): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643158.794:6457443): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643158.794:6457443): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643158.794:6457443): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643158.794:6457443): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643158.794:6457443): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643158.794:6457443): arch=c000003e syscall=59 success=yes exit=0 a0=7276055e5d60 a1=72756be6dbc0 a2=5d751c63aa40 a3=8 items=2 ppid=6449 pid=1269233 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643158.793:6457442): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643158.793:6457442): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643158.793:6457442): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643158.793:6457442): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=72756be6dbc0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1269233 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643158.793:6457441): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643158.793:6457441): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643158.793:6457441): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643158.793:6457441): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=72756be6dbc0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1269233 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643158.793:6457440): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643158.793:6457440): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643158.793:6457440): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643158.793:6457440): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=72756be6dbc0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1269233 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643158.793:6457439): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643158.793:6457439): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643158.793:6457439): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643158.793:6457439): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=72756be6dbc0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1269233 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643158.793:6457438): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643158.793:6457438): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643158.793:6457438): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643158.793:6457438): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=72756be6dbc0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1269233 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643158.793:6457437): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643158.793:6457437): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643158.793:6457437): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643158.793:6457437): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=72756be6dbc0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1269233 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643158.790:6457436): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643158.790:6457436): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643158.790:6457436): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:63 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643158.790:6457436): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643158.790:6457436): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643158.790:6457436): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643158.790:6457436): arch=c000003e syscall=59 success=yes exit=0 a0=7276055e5d60 a1=72756be6ddc0 a2=5d751c63aa40 a3=8 items=2 ppid=6449 pid=1269232 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643158.790:6457435): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643158.790:6457435): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643158.790:6457435): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643158.790:6457435): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=72756be6ddc0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1269232 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643158.790:6457434): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643158.790:6457434): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643158.790:6457434): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643158.790:6457434): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=72756be6ddc0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1269232 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643158.790:6457433): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643158.790:6457433): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643158.790:6457433): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643158.790:6457433): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=72756be6ddc0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1269232 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643158.790:6457432): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643158.790:6457432): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643158.790:6457432): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643158.790:6457432): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=72756be6ddc0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1269232 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643158.790:6457431): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643158.790:6457431): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643158.790:6457431): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643158.790:6457431): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=72756be6ddc0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1269232 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643158.790:6457430): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643158.790:6457430): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643158.790:6457430): cwd=\"/usr/src/app\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643158.790:6457430): arch=c000003e syscall=59 success=no exit=-2 a0=7276055e5d60 a1=72756be6ddc0 a2=5d751c63aa40 a3=8 items=1 ppid=6449 pid=1269232 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643158.455:6457429): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643158.455:6457429): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:ad mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643158.455:6457429): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:ad mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643158.455:6457429): cwd=\"/\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643158.455:6457429): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"postgres\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643158.455:6457429): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643158.455:6457429): arch=c000003e syscall=59 success=yes exit=0 a0=707137a4e288 a1=707137a4e1e8 a2=707137a4e208 a3=0 items=2 ppid=5688 pid=1269225 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643158.452:6457428): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643158.452:6457428): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:ad mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643158.452:6457428): item=0 name=\"/bin/sh\" inode=8589166 dev=00:ad mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643158.452:6457428): cwd=\"/\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643158.452:6457428): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643158.452:6457428): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643158.452:6457428): arch=c000003e syscall=59 success=yes exit=0 a0=c000196f78 a1=c000022680 a2=c0000d88c0 a3=0 items=2 ppid=1269212 pid=1269225 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643158.405:6457427): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643158.405:6457427): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643158.405:6457427): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643158.405:6457427): cwd=\"/var/lib/docker/rootfs/overlayfs/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643158.405:6457427): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643158.405:6457427): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c58a0 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=1269212 pid=1269221 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643158.390:6457426): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36373039376639343730643235616536323333306332373865"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643158.390:6457426): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643158.390:6457426): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643158.390:6457426): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643158.390:6457426): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1473899854\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41/8dda568e16ad570b3f55bc7b7366cd168e29c8212328c23582eba993bf93e44e.pid\" a14=\"67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643158.390:6457426): arch=c000003e syscall=59 success=yes exit=0 a0=c0003d4130 a1=c0000ffe80 a2=c0000fff00 a3=0 items=2 ppid=5688 pid=1269212 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643158.182:6457425): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520646F63757365616C"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643158.182:6457425): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:a3 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643158.182:6457425): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:a3 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643158.182:6457425): cwd=\"/\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643158.182:6457425): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"docuseal\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643158.182:6457425): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643158.182:6457425): arch=c000003e syscall=59 success=yes exit=0 a0=78fd8d755288 a1=78fd8d7551e8 a2=78fd8d755208 a3=0 items=2 ppid=5572 pid=1269204 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643158.179:6457424): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520646F63757365616C"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643158.179:6457424): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:a3 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643158.179:6457424): item=0 name=\"/bin/sh\" inode=8589166 dev=00:a3 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643158.179:6457424): cwd=\"/\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643158.179:6457424): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520646F63757365616C"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643158.179:6457424): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643158.179:6457424): arch=c000003e syscall=59 success=yes exit=0 a0=c00011af68 a1=c000022680 a2=c0001d08c0 a3=0 items=2 ppid=1269191 pid=1269204 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643158.132:6457423): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643158.132:6457423): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643158.132:6457423): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643158.132:6457423): cwd=\"/var/lib/docker/rootfs/overlayfs/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643158.132:6457423): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643158.132:6457423): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3840 a1=c0001f7338 a2=c0001f9c40 a3=0 items=2 ppid=1269191 pid=1269200 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643158.117:6457422): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F33363066643730616536656237636435653039353463653966"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643158.117:6457422): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643158.117:6457422): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643158.117:6457422): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643158.117:6457422): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2412595486\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a/50bfbe414fd5e30f9c6b4b27ee3c15d0a05d5cd9d5af47459c226be2424a139f.pid\" a14=\"360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643158.117:6457422): arch=c000003e syscall=59 success=yes exit=0 a0=c0002afe30 a1=c00031b680 a2=c00031b700 a3=0 items=2 ppid=5572 pid=1269191 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643157.297:6457421): proctitle=6375726C002D6600687474703A2F2F6C6F63616C686F73743A383030302F6170692F76312F686561727462656174"}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643157.297:6457421): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6817536 dev=00:9b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643157.297:6457421): item=0 name=\"/usr/bin/curl\" inode=6830784 dev=00:9b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643157.297:6457421): cwd=\"/chroma\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643157.297:6457421): argc=3 a0=\"curl\" a1=\"-f\" a2=\"http://localhost:8000/api/v1/heartbeat\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643157.297:6457421): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643157.297:6457421): arch=c000003e syscall=59 success=yes exit=0 a0=c000196ee0 a1=c000022680 a2=c0000d8930 a3=0 items=2 ppid=1269170 pid=1269184 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"curl\" exe=\"/usr/bin/curl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643157.246:6457420): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643157.246:6457420): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643157.246:6457420): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643157.246:6457420): cwd=\"/var/lib/docker/rootfs/overlayfs/15d7c01eab750dd5d1697f885100eb074f3a5095b1e73b1cc7a531eedb613268\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643157.246:6457420): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643157.246:6457420): arch=c000003e syscall=59 success=yes exit=0 a0=c0001eb840 a1=c0001ef338 a2=c0001f1c40 a3=0 items=2 ppid=1269170 pid=1269180 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643157.231:6457419): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F31356437633031656162373530646435643136393766383835"}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643157.231:6457419): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643157.231:6457419): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643157.231:6457419): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/15d7c01eab750dd5d1697f885100eb074f3a5095b1e73b1cc7a531eedb613268\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643157.231:6457419): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/15d7c01eab750dd5d1697f885100eb074f3a5095b1e73b1cc7a531eedb613268/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process300891516\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/15d7c01eab750dd5d1697f885100eb074f3a5095b1e73b1cc7a531eedb613268/225faa197471074fccddd3616978556180a5f2465720f3f9366a01a2c2b6cfdf.pid\" a14=\"15d7c01eab750dd5d1697f885100eb074f3a5095b1e73b1cc7a531eedb613268\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643157.231:6457419): arch=c000003e syscall=59 success=yes exit=0 a0=c0003366a0 a1=c0000fef80 a2=c0000ff000 a3=0 items=2 ppid=5955 pid=1269170 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643157.219:6457418): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643157.219:6457418): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6694357 dev=00:4b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643157.219:6457418): item=0 name=\"/usr/local/bin/redis-cli\" inode=6703632 dev=00:4b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643157.219:6457418): cwd=\"/data\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643157.219:6457418): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643157.219:6457418): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643157.219:6457418): arch=c000003e syscall=59 success=yes exit=0 a0=c000028760 a1=c000117350 a2=c0000df1c0 a3=0 items=2 ppid=1269132 pid=1269144 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643157.218:6457417): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643157.218:6457417): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643157.218:6457417): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:11f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643157.218:6457417): cwd=\"/var/lib/docker/rootfs/overlayfs/3e0f242a61d6e8b956bebbedf55cd341a641a0c92a666bac96a26e3688f4ea4e\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643157.218:6457417): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643157.218:6457417): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3840 a1=c0001f7338 a2=c0001f9c40 a3=0 items=2 ppid=1269150 pid=1269159 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643157.202:6457416): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F33653066323432613631643665386239353662656262656466"}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643157.202:6457416): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643157.202:6457416): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643157.202:6457416): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/3e0f242a61d6e8b956bebbedf55cd341a641a0c92a666bac96a26e3688f4ea4e\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643157.202:6457416): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/3e0f242a61d6e8b956bebbedf55cd341a641a0c92a666bac96a26e3688f4ea4e/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3246687632\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/3e0f242a61d6e8b956bebbedf55cd341a641a0c92a666bac96a26e3688f4ea4e/029c89776e413f15ad16dbaaf8119b57924b402ea917c7700e2dfcfffe25d88f.pid\" a14=\"3e0f242a61d6e8b956bebbedf55cd341a641a0c92a666bac96a26e3688f4ea4e\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643157.202:6457416): arch=c000003e syscall=59 success=yes exit=0 a0=c0003042f0 a1=c000329500 a2=c000329580 a3=0 items=2 ppid=3760 pid=1269150 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643157.170:6457415): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643157.170:6457415): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643157.170:6457415): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643157.170:6457415): cwd=\"/var/lib/docker/rootfs/overlayfs/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643157.170:6457415): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643157.170:6457415): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5880 a1=c0001c9350 a2=c0001cbc40 a3=0 items=2 ppid=1269132 pid=1269142 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643157.155:6457414): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F34383062353761303034306362373564646534356436663664"}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643157.155:6457414): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643157.155:6457414): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643157.155:6457414): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643157.155:6457414): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2543788270\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af/e8b1f3bc1d7b770aa05491a848b3cd16a1561c2b9ad53235591a564da61cf1b9.pid\" a14=\"480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643157.155:6457414): arch=c000003e syscall=59 success=yes exit=0 a0=c00034fba0 a1=c00038cb80 a2=c00038cc00 a3=0 items=2 ppid=5107 pid=1269132 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643156.977:6457413): proctitle=2F62696E2F7368002D630070675F69737265616479202D552077696E646D696C6C5F75736572202D642077696E646D696C6C5F6462"}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643156.977:6457413): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643156.977:6457413): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643156.977:6457413): cwd=\"/\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643156.977:6457413): argc=5 a0=\"pg_isready\" a1=\"-U\" a2=\"windmill_user\" a3=\"-d\" a4=\"windmill_db\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643156.977:6457413): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643156.977:6457413): arch=c000003e syscall=59 success=yes exit=0 a0=7aec5ac7a3f8 a1=7aec5ac7a290 a2=7aec5ac7a378 a3=0 items=2 ppid=4404 pid=1269098 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643156.973:6457412): proctitle=2F62696E2F7368002D630070675F69737265616479202D552077696E646D696C6C5F75736572202D642077696E646D696C6C5F6462"}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643156.973:6457412): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643156.973:6457412): item=0 name=\"/bin/sh\" inode=8589166 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643156.973:6457412): cwd=\"/\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643156.973:6457412): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552077696E646D696C6C5F75736572202D642077696E646D696C6C5F6462"}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643156.973:6457412): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643156.973:6457412): arch=c000003e syscall=59 success=yes exit=0 a0=c00019ef68 a1=c000022680 a2=c0001508c0 a3=0 items=2 ppid=1269072 pid=1269098 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643156.971:6457411): proctitle=2F62696E2F7368002D630070675F69737265616479202D552074797065626F74"}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643156.971:6457411): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:85 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643156.971:6457411): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:85 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643156.971:6457411): cwd=\"/\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643156.971:6457411): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"typebot\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643156.971:6457411): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643156.971:6457411): arch=c000003e syscall=59 success=yes exit=0 a0=7bc71fc68278 a1=7bc71fc681d8 a2=7bc71fc681f8 a3=8080808080808080 items=2 ppid=1269071 pid=1269097 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643156.966:6457410): proctitle=2F62696E2F7368002D630070675F69737265616479202D552074797065626F74"}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643156.966:6457410): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:85 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643156.966:6457410): item=0 name=\"/bin/sh\" inode=8589166 dev=00:85 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643156.966:6457410): cwd=\"/\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643156.966:6457410): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552074797065626F74"}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1776643156.966:6457410): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643156.966:6457410): arch=c000003e syscall=59 success=yes exit=0 a0=c000194f68 a1=c000022680 a2=c0000d88c0 a3=0 items=2 ppid=1269071 pid=1269097 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643156.950:6457409): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643156.950:6457409): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643156.950:6457409): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:15a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643156.950:6457409): cwd=\"/var/lib/docker/rootfs/overlayfs/d8657209894f56f3640212d72fbd7b3cd015708249d96b584cbbea09abc6e165\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643156.950:6457409): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643156.950:6457409): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5870 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=1269109 pid=1269118 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643156.935:6457408): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F64383635373230393839346635366633363430323132643732"}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643156.935:6457408): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643156.935:6457408): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643156.935:6457408): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/d8657209894f56f3640212d72fbd7b3cd015708249d96b584cbbea09abc6e165\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643156.935:6457408): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/d8657209894f56f3640212d72fbd7b3cd015708249d96b584cbbea09abc6e165/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3666296309\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/d8657209894f56f3640212d72fbd7b3cd015708249d96b584cbbea09abc6e165/e9f4cc52badbb68c47b4e50ffe56c170d96a8c7a59e633e6722ba4abd2d4bc2d.pid\" a14=\"d8657209894f56f3640212d72fbd7b3cd015708249d96b584cbbea09abc6e165\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643156.935:6457408): arch=c000003e syscall=59 success=yes exit=0 a0=c0000107d0 a1=c0001aa900 a2=c0001aa980 a3=0 items=2 ppid=5261 pid=1269109 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643156.921:6457407): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643156.921:6457407): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643156.921:6457407): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:10b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643156.921:6457407): cwd=\"/var/lib/docker/rootfs/overlayfs/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643156.921:6457407): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643156.921:6457407): arch=c000003e syscall=59 success=yes exit=0 a0=c000173840 a1=c000177338 a2=c000179c80 a3=0 items=2 ppid=1269072 pid=1269088 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643156.921:6457406): proctitle=72756E6300696E6974"}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643156.921:6457406): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643156.921:6457406): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:11f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643156.921:6457406): cwd=\"/var/lib/docker/rootfs/overlayfs/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643156.921:6457406): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643156.921:6457406): arch=c000003e syscall=59 success=yes exit=0 a0=c00024d890 a1=c000251350 a2=c000253c80 a3=0 items=2 ppid=1269071 pid=1269092 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643156.906:6457405): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F32613336356335636263646565393463656638656238333338"}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643156.906:6457405): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643156.906:6457405): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643156.906:6457405): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643156.906:6457405): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2119814425\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c/f35f8a6904c256ac12fa541450d0ec9ff44cf20b7193aa73c7b6cc2f64213c6d.pid\" a14=\"2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643156.906:6457405): arch=c000003e syscall=59 success=yes exit=0 a0=c000099dd0 a1=c00047c500 a2=c00047c580 a3=0 items=2 ppid=4404 pid=1269072 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1776643156.905:6457404): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F61353866643439636235323962633263336335663434343763"}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643156.905:6457404): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1776643156.905:6457404): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1776643156.905:6457404): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1776643156.905:6457404): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process4291101615\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b/51203ea1c4dabf4094fc43e86a7c71311eae9a95e1e1f4038d48b5277e2babfb.pid\" a14=\"a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1776643156.905:6457404): arch=c000003e syscall=59 success=yes exit=0 a0=c00036c2e0 a1=c0002f4680 a2=c0002f4700 a3=0 items=2 ppid=4609 pid=1269071 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-19T23:59:49Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-os-backend", "detected_level": "info", "service_name": "/prometheus-os-backend"}, "msg": "{\"time\":\"2026-04-19T23:59:49.575728323Z\",\"level\":\"INFO\",\"msg\":\"http request\",\"method\":\"GET\",\"path\":\"/health\",\"status\":200,\"duration_ms\":0,\"remote_addr\":\"[::1]:46976\"}"}
{"ts": "2026-04-19T23:59:49Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-os-backend", "detected_level": "info", "service_name": "/prometheus-os-backend"}, "msg": "{\"time\":\"2026-04-19T23:59:49.189075414Z\",\"level\":\"INFO\",\"msg\":\"http request\",\"method\":\"GET\",\"path\":\"/metrics\",\"status\":200,\"duration_ms\":0,\"remote_addr\":\"172.18.0.56:47378\"}"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-os-backend", "detected_level": "info", "service_name": "/prometheus-os-backend"}, "msg": "{\"time\":\"2026-04-19T23:59:34.482122132Z\",\"level\":\"INFO\",\"msg\":\"http request\",\"method\":\"GET\",\"path\":\"/health\",\"status\":200,\"duration_ms\":0,\"remote_addr\":\"[::1]:59216\"}"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-os-backend", "detected_level": "info", "service_name": "/prometheus-os-backend"}, "msg": "{\"time\":\"2026-04-19T23:59:34.189070723Z\",\"level\":\"INFO\",\"msg\":\"http request\",\"method\":\"GET\",\"path\":\"/metrics\",\"status\":200,\"duration_ms\":0,\"remote_addr\":\"172.18.0.56:47378\"}"}
{"ts": "2026-04-19T23:59:33Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-os-backend", "detected_level": "info", "service_name": "/prometheus-os-backend"}, "msg": "{\"time\":\"2026-04-19T23:59:33.411474404Z\",\"level\":\"INFO\",\"msg\":\"[Scheduler] Checking for scheduled AI Agent runs...\"}"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-os-backend", "detected_level": "info", "service_name": "/prometheus-os-backend"}, "msg": "{\"time\":\"2026-04-19T23:59:19.407352778Z\",\"level\":\"INFO\",\"msg\":\"http request\",\"method\":\"GET\",\"path\":\"/health\",\"status\":200,\"duration_ms\":0,\"remote_addr\":\"[::1]:52708\"}"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-os-backend", "detected_level": "info", "service_name": "/prometheus-os-backend"}, "msg": "{\"time\":\"2026-04-19T23:59:19.189570967Z\",\"level\":\"INFO\",\"msg\":\"http request\",\"method\":\"GET\",\"path\":\"/metrics\",\"status\":200,\"duration_ms\":0,\"remote_addr\":\"172.18.0.56:47378\"}"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-windmill-worker-1", "detected_level": "info", "service_name": "/prometheus-holding-windmill-worker-1"}, "msg": "\u001b[2m2026-04-19T23:59:53.113794Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2mwindmill-worker/src/worker_utils.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m84\u001b[0m\u001b[2m:\u001b[0m ping update, memory: container=144MB, windmill=227MB \u001b[3mworker\u001b[0m\u001b[2m=\u001b[0mwk-default-beba1a544e56-qYjrK \u001b[3mhostname\u001b[0m\u001b[2m=\u001b[0mbeba1a544e56"}
{"ts": "2026-04-19T23:59:50Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-windmill-worker-1", "detected_level": "info", "service_name": "/prometheus-holding-windmill-worker-1"}, "msg": "\u001b[2m2026-04-19T23:59:50.988686Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2msrc/main.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m1541\u001b[0m\u001b[2m:\u001b[0m monitor task finished"}
{"ts": "2026-04-19T23:59:50Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-windmill-worker-1", "detected_level": "info", "service_name": "/prometheus-holding-windmill-worker-1"}, "msg": "\u001b[2m2026-04-19T23:59:50.822236Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2msrc/main.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m1522\u001b[0m\u001b[2m:\u001b[0m monitor task started"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-windmill-worker-1", "detected_level": "info", "service_name": "/prometheus-holding-windmill-worker-1"}, "msg": "\u001b[2m2026-04-19T23:59:47.092717Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2mwindmill-worker/src/worker_utils.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m84\u001b[0m\u001b[2m:\u001b[0m ping update, memory: container=144MB, windmill=227MB \u001b[3mworker\u001b[0m\u001b[2m=\u001b[0mwk-default-beba1a544e56-qYjrK \u001b[3mhostname\u001b[0m\u001b[2m=\u001b[0mbeba1a544e56"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-windmill-worker-1", "detected_level": "info", "service_name": "/prometheus-holding-windmill-worker-1"}, "msg": "\u001b[2m2026-04-19T23:59:41.029986Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2mwindmill-worker/src/worker_utils.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m84\u001b[0m\u001b[2m:\u001b[0m ping update, memory: container=144MB, windmill=227MB \u001b[3mworker\u001b[0m\u001b[2m=\u001b[0mwk-default-beba1a544e56-qYjrK \u001b[3mhostname\u001b[0m\u001b[2m=\u001b[0mbeba1a544e56"}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-windmill-worker-1", "detected_level": "info", "service_name": "/prometheus-holding-windmill-worker-1"}, "msg": "\u001b[2m2026-04-19T23:59:35.007476Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2mwindmill-worker/src/worker_utils.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m84\u001b[0m\u001b[2m:\u001b[0m ping update, memory: container=144MB, windmill=227MB \u001b[3mworker\u001b[0m\u001b[2m=\u001b[0mwk-default-beba1a544e56-qYjrK \u001b[3mhostname\u001b[0m\u001b[2m=\u001b[0mbeba1a544e56"}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-windmill-worker-1", "detected_level": "info", "service_name": "/prometheus-holding-windmill-worker-1"}, "msg": "\u001b[2m2026-04-19T23:59:28.964104Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2mwindmill-worker/src/worker_utils.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m84\u001b[0m\u001b[2m:\u001b[0m ping update, memory: container=143MB, windmill=227MB \u001b[3mworker\u001b[0m\u001b[2m=\u001b[0mwk-default-beba1a544e56-qYjrK \u001b[3mhostname\u001b[0m\u001b[2m=\u001b[0mbeba1a544e56"}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-windmill-worker-1", "detected_level": "info", "service_name": "/prometheus-holding-windmill-worker-1"}, "msg": "\u001b[2m2026-04-19T23:59:22.944650Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2mwindmill-worker/src/worker_utils.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m84\u001b[0m\u001b[2m:\u001b[0m ping update, memory: container=143MB, windmill=227MB \u001b[3mworker\u001b[0m\u001b[2m=\u001b[0mwk-default-beba1a544e56-qYjrK \u001b[3mhostname\u001b[0m\u001b[2m=\u001b[0mbeba1a544e56"}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-windmill-worker-1", "detected_level": "info", "service_name": "/prometheus-holding-windmill-worker-1"}, "msg": "\u001b[2m2026-04-19T23:59:20.820805Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2msrc/main.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m1541\u001b[0m\u001b[2m:\u001b[0m monitor task finished"}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-windmill-worker-1", "detected_level": "info", "service_name": "/prometheus-holding-windmill-worker-1"}, "msg": "\u001b[2m2026-04-19T23:59:20.658525Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2msrc/main.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m1522\u001b[0m\u001b[2m:\u001b[0m monitor task started"}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-windmill-server-1", "detected_level": "info", "service_name": "/prometheus-holding-windmill-server-1"}, "msg": "\u001b[2m2026-04-19T23:59:54.956712Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2mwindmill-worker/src/worker_utils.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m84\u001b[0m\u001b[2m:\u001b[0m ping update, memory: container=129MB, windmill=224MB \u001b[3mworker\u001b[0m\u001b[2m=\u001b[0mwk-default-85b545c504cd-316GV \u001b[3mhostname\u001b[0m\u001b[2m=\u001b[0m85b545c504cd"}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-windmill-server-1", "detected_level": "info", "service_name": "/prometheus-holding-windmill-server-1"}, "msg": "\u001b[2m2026-04-19T23:59:51.633893Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2msrc/main.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m1541\u001b[0m\u001b[2m:\u001b[0m monitor task finished"}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-windmill-server-1", "detected_level": "info", "service_name": "/prometheus-holding-windmill-server-1"}, "msg": "\u001b[2m2026-04-19T23:59:51.487432Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2msrc/main.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m1522\u001b[0m\u001b[2m:\u001b[0m monitor task started"}
{"ts": "2026-04-19T23:59:50Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-windmill-server-1", "detected_level": "info", "service_name": "/prometheus-holding-windmill-server-1"}, "msg": "\u001b[2m2026-04-19T23:59:50.807931Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[1mrequest\u001b[0m: \u001b[2mwindmill-api/src/tracing_init.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m35\u001b[0m\u001b[2m:\u001b[0m response \u001b[3mlatency\u001b[0m\u001b[2m=\u001b[0m0 \u001b[3mstatus\u001b[0m\u001b[2m=\u001b[0m200 \u001b[2m\u001b[3mmethod\u001b[0m\u001b[2m=\u001b[0mGET \u001b[3muri\u001b[0m\u001b[2m=\u001b[0m/healthz \u001b[3mtraceId\u001b[0m\u001b[2m=\u001b[0m\"3d27b9d1-f35a-4230-9dd6-37474620d29d\"\u001b[0m"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-windmill-server-1", "detected_level": "info", "service_name": "/prometheus-holding-windmill-server-1"}, "msg": "\u001b[2m2026-04-19T23:59:48.940663Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2mwindmill-worker/src/worker_utils.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m84\u001b[0m\u001b[2m:\u001b[0m ping update, memory: container=129MB, windmill=224MB \u001b[3mworker\u001b[0m\u001b[2m=\u001b[0mwk-default-85b545c504cd-316GV \u001b[3mhostname\u001b[0m\u001b[2m=\u001b[0m85b545c504cd"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-windmill-server-1", "detected_level": "info", "service_name": "/prometheus-holding-windmill-server-1"}, "msg": "\u001b[2m2026-04-19T23:59:42.926485Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2mwindmill-worker/src/worker_utils.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m84\u001b[0m\u001b[2m:\u001b[0m ping update, memory: container=129MB, windmill=224MB \u001b[3mworker\u001b[0m\u001b[2m=\u001b[0mwk-default-85b545c504cd-316GV \u001b[3mhostname\u001b[0m\u001b[2m=\u001b[0m85b545c504cd"}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-windmill-server-1", "detected_level": "info", "service_name": "/prometheus-holding-windmill-server-1"}, "msg": "\u001b[2m2026-04-19T23:59:36.909495Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2mwindmill-worker/src/worker_utils.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m84\u001b[0m\u001b[2m:\u001b[0m ping update, memory: container=128MB, windmill=224MB \u001b[3mworker\u001b[0m\u001b[2m=\u001b[0mwk-default-85b545c504cd-316GV \u001b[3mhostname\u001b[0m\u001b[2m=\u001b[0m85b545c504cd"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-windmill-server-1", "detected_level": "info", "service_name": "/prometheus-holding-windmill-server-1"}, "msg": "\u001b[2m2026-04-19T23:59:30.886100Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2mwindmill-worker/src/worker_utils.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m84\u001b[0m\u001b[2m:\u001b[0m ping update, memory: container=129MB, windmill=224MB \u001b[3mworker\u001b[0m\u001b[2m=\u001b[0mwk-default-85b545c504cd-316GV \u001b[3mhostname\u001b[0m\u001b[2m=\u001b[0m85b545c504cd"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-windmill-server-1", "detected_level": "info", "service_name": "/prometheus-holding-windmill-server-1"}, "msg": "\u001b[2m2026-04-19T23:59:24.850486Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2mwindmill-worker/src/worker_utils.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m84\u001b[0m\u001b[2m:\u001b[0m ping update, memory: container=128MB, windmill=224MB \u001b[3mworker\u001b[0m\u001b[2m=\u001b[0mwk-default-85b545c504cd-316GV \u001b[3mhostname\u001b[0m\u001b[2m=\u001b[0m85b545c504cd"}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-windmill-server-1", "detected_level": "info", "service_name": "/prometheus-holding-windmill-server-1"}, "msg": "\u001b[2m2026-04-19T23:59:21.486014Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2msrc/main.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m1541\u001b[0m\u001b[2m:\u001b[0m monitor task finished"}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-windmill-server-1", "detected_level": "info", "service_name": "/prometheus-holding-windmill-server-1"}, "msg": "\u001b[2m2026-04-19T23:59:21.310162Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2msrc/main.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m1522\u001b[0m\u001b[2m:\u001b[0m monitor task started"}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-windmill-server-1", "detected_level": "info", "service_name": "/prometheus-holding-windmill-server-1"}, "msg": "\u001b[2m2026-04-19T23:59:20.710516Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[1mrequest\u001b[0m: \u001b[2mwindmill-api/src/tracing_init.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m35\u001b[0m\u001b[2m:\u001b[0m response \u001b[3mlatency\u001b[0m\u001b[2m=\u001b[0m0 \u001b[3mstatus\u001b[0m\u001b[2m=\u001b[0m200 \u001b[2m\u001b[3mmethod\u001b[0m\u001b[2m=\u001b[0mGET \u001b[3muri\u001b[0m\u001b[2m=\u001b[0m/healthz \u001b[3mtraceId\u001b[0m\u001b[2m=\u001b[0m\"e4c5f493-7dde-42c7-9dae-2e9b619e21e6\"\u001b[0m"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-windmill-server-1", "detected_level": "info", "service_name": "/prometheus-holding-windmill-server-1"}, "msg": "\u001b[2m2026-04-19T23:59:18.801922Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2mwindmill-worker/src/worker_utils.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m84\u001b[0m\u001b[2m:\u001b[0m ping update, memory: container=129MB, windmill=224MB \u001b[3mworker\u001b[0m\u001b[2m=\u001b[0mwk-default-85b545c504cd-316GV \u001b[3mhostname\u001b[0m\u001b[2m=\u001b[0m85b545c504cd"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-windmill-db-1", "detected_level": "unknown", "service_name": "/prometheus-holding-windmill-db-1"}, "msg": "2026-04-19 23:59:53.009 UTC [228523] FATAL:  role \"postgres\" does not exist"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-windmill-db-1", "detected_level": "unknown", "service_name": "/prometheus-holding-windmill-db-1"}, "msg": "2026-04-19 23:59:42.905 UTC [228515] FATAL:  role \"postgres\" does not exist"}
{"ts": "2026-04-19T23:59:32Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-windmill-db-1", "detected_level": "unknown", "service_name": "/prometheus-holding-windmill-db-1"}, "msg": "2026-04-19 23:59:32.814 UTC [228507] FATAL:  role \"postgres\" does not exist"}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-windmill-db-1", "detected_level": "unknown", "service_name": "/prometheus-holding-windmill-db-1"}, "msg": "2026-04-19 23:59:22.720 UTC [228499] FATAL:  role \"postgres\" does not exist"}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-seaweedfs-filer-1", "detected_level": "unknown", "service_name": "/prometheus-holding-seaweedfs-filer-1"}, "msg": "I0419 23:59:31.096904 filer_server_handlers_read_dir.go:106 request_id:674f96f4-e621-4b94-afa4-fc8e97f117ca Template Execute Error: write tcp 127.0.0.1:8888->127.0.0.1:34076: write: connection reset by peer"}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-seaweedfs-1", "detected_level": "unknown", "service_name": "/prometheus-holding-seaweedfs-1"}, "msg": "127.0.0.1 - - [19/Apr/2026:23:59:37 +0000] \"GET / HTTP/1.1\" 200 12123 \"-\" \"Wget\" \"-\""}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-ntfy-1", "detected_level": "info", "service_name": "/prometheus-holding-ntfy-1"}, "msg": "2026/04/19 23:59:40 INFO Server stats (emails_received=0, emails_received_failure=0, emails_received_success=0, emails_sent=0, emails_sent_failure=0, emails_sent_success=0, messages_cached=0, messages_published=4, subscribers=0, tag=manager, topics_active=3, users=0, visitors=18)"}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:35.675064291Z caller=marker.go:202 msg=\"no marks file found\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:31.351262878Z caller=recalculate_owned_streams.go:52 msg=\"completed recalculate owned streams job\""}
{"ts": "2026-04-19T23:59:31Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:31.351171864Z caller=recalculate_owned_streams.go:49 msg=\"starting recalculate owned streams job\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.555761217Z caller=index_set.go:186 msg=\"cleaning up unwanted indexes from table index_20551\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.555749886Z caller=index_set.go:107 msg=\"finished uploading table index_20551\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.555741806Z caller=index_set.go:86 msg=\"uploading table index_20551\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.555729116Z caller=index_set.go:186 msg=\"cleaning up unwanted indexes from table index_20559\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.555719336Z caller=index_set.go:107 msg=\"finished uploading table index_20559\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.555709595Z caller=index_set.go:86 msg=\"uploading table index_20559\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.555696825Z caller=index_set.go:186 msg=\"cleaning up unwanted indexes from table index_20556\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.555687955Z caller=index_set.go:107 msg=\"finished uploading table index_20556\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.555679564Z caller=index_set.go:86 msg=\"uploading table index_20556\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.555663184Z caller=index_set.go:186 msg=\"cleaning up unwanted indexes from table index_20549\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.555652764Z caller=index_set.go:107 msg=\"finished uploading table index_20549\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.555629573Z caller=index_set.go:86 msg=\"uploading table index_20549\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.55553149Z caller=index_set.go:186 msg=\"cleaning up unwanted indexes from table index_20547\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.55552282Z caller=index_set.go:107 msg=\"finished uploading table index_20547\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.55551497Z caller=index_set.go:86 msg=\"uploading table index_20547\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.555502969Z caller=index_set.go:186 msg=\"cleaning up unwanted indexes from table index_20558\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.555494279Z caller=index_set.go:107 msg=\"finished uploading table index_20558\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.555486499Z caller=index_set.go:86 msg=\"uploading table index_20558\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.555472978Z caller=index_set.go:186 msg=\"cleaning up unwanted indexes from table index_20545\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.555458988Z caller=index_set.go:107 msg=\"finished uploading table index_20545\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.555438297Z caller=index_set.go:86 msg=\"uploading table index_20545\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.555383856Z caller=index_set.go:186 msg=\"cleaning up unwanted indexes from table index_20546\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.555368145Z caller=index_set.go:107 msg=\"finished uploading table index_20546\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.555153979Z caller=index_set.go:86 msg=\"uploading table index_20546\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.555142009Z caller=index_set.go:186 msg=\"cleaning up unwanted indexes from table index_20557\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.555134038Z caller=index_set.go:107 msg=\"finished uploading table index_20557\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.555125828Z caller=index_set.go:86 msg=\"uploading table index_20557\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.555113168Z caller=index_set.go:186 msg=\"cleaning up unwanted indexes from table index_20540\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.555104408Z caller=index_set.go:107 msg=\"finished uploading table index_20540\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.555096137Z caller=index_set.go:86 msg=\"uploading table index_20540\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.555083637Z caller=index_set.go:186 msg=\"cleaning up unwanted indexes from table index_20537\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.555071527Z caller=index_set.go:107 msg=\"finished uploading table index_20537\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.555063516Z caller=index_set.go:86 msg=\"uploading table index_20537\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.555050336Z caller=index_set.go:186 msg=\"cleaning up unwanted indexes from table index_20541\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.555038406Z caller=index_set.go:107 msg=\"finished uploading table index_20541\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.555030335Z caller=index_set.go:86 msg=\"uploading table index_20541\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.555018215Z caller=index_set.go:186 msg=\"cleaning up unwanted indexes from table index_20539\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.555009035Z caller=index_set.go:107 msg=\"finished uploading table index_20539\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.555001125Z caller=index_set.go:86 msg=\"uploading table index_20539\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.554988734Z caller=index_set.go:186 msg=\"cleaning up unwanted indexes from table index_20544\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.554978854Z caller=index_set.go:107 msg=\"finished uploading table index_20544\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.554970664Z caller=index_set.go:86 msg=\"uploading table index_20544\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.554955423Z caller=index_set.go:186 msg=\"cleaning up unwanted indexes from table index_20550\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.554946273Z caller=index_set.go:107 msg=\"finished uploading table index_20550\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.554937973Z caller=index_set.go:86 msg=\"uploading table index_20550\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.554924182Z caller=index_set.go:186 msg=\"cleaning up unwanted indexes from table index_20561\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.554911962Z caller=index_set.go:107 msg=\"finished uploading table index_20561\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.554900952Z caller=index_set.go:86 msg=\"uploading table index_20561\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.554886281Z caller=index_set.go:186 msg=\"cleaning up unwanted indexes from table index_20560\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.554872831Z caller=index_set.go:107 msg=\"finished uploading table index_20560\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.554864441Z caller=index_set.go:86 msg=\"uploading table index_20560\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.55485005Z caller=index_set.go:186 msg=\"cleaning up unwanted indexes from table index_20548\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.55484201Z caller=index_set.go:107 msg=\"finished uploading table index_20548\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.55483398Z caller=index_set.go:86 msg=\"uploading table index_20548\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.554820989Z caller=index_set.go:186 msg=\"cleaning up unwanted indexes from table index_20543\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.554811789Z caller=index_set.go:107 msg=\"finished uploading table index_20543\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.554803279Z caller=index_set.go:86 msg=\"uploading table index_20543\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.554791928Z caller=index_set.go:186 msg=\"cleaning up unwanted indexes from table index_20542\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.554784778Z caller=index_set.go:107 msg=\"finished uploading table index_20542\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.554777738Z caller=index_set.go:86 msg=\"uploading table index_20542\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.554765448Z caller=index_set.go:186 msg=\"cleaning up unwanted indexes from table index_20538\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.554757257Z caller=index_set.go:107 msg=\"finished uploading table index_20538\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.554749827Z caller=index_set.go:86 msg=\"uploading table index_20538\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.554738987Z caller=index_set.go:186 msg=\"cleaning up unwanted indexes from table index_20555\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.554731577Z caller=index_set.go:107 msg=\"finished uploading table index_20555\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.554725187Z caller=index_set.go:86 msg=\"uploading table index_20555\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.554713276Z caller=index_set.go:186 msg=\"cleaning up unwanted indexes from table index_20562\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.554706366Z caller=index_set.go:107 msg=\"finished uploading table index_20562\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.554698346Z caller=index_set.go:86 msg=\"uploading table index_20562\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.554687295Z caller=index_set.go:186 msg=\"cleaning up unwanted indexes from table index_20553\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.554680545Z caller=index_set.go:107 msg=\"finished uploading table index_20553\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.554674105Z caller=index_set.go:86 msg=\"uploading table index_20553\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.554662965Z caller=index_set.go:186 msg=\"cleaning up unwanted indexes from table index_20552\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.554655124Z caller=index_set.go:107 msg=\"finished uploading table index_20552\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.554644104Z caller=index_set.go:86 msg=\"uploading table index_20552\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.554552051Z caller=index_set.go:186 msg=\"cleaning up unwanted indexes from table index_20554\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.554541401Z caller=index_set.go:107 msg=\"finished uploading table index_20554\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.554527191Z caller=index_set.go:86 msg=\"uploading table index_20554\""}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-loki-1", "detected_level": "info", "service_name": "/prometheus-holding-loki-1"}, "msg": "level=info ts=2026-04-19T23:59:29.554257424Z caller=table_manager.go:136 index-store=tsdb-2024-04-01 msg=\"uploading tables\""}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:57.118 UTC [31] LOG:  cron job 3 COMMAND completed: CALL "}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:57.107 UTC [31] LOG:  cron job 3 starting: CALL documentdb_api_internal.build_index_concurrently(2);"}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:57.085 UTC [31] LOG:  cron job 2 COMMAND completed: CALL "}
{"ts": "2026-04-19T23:59:57Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:57.072 UTC [31] LOG:  cron job 2 starting: CALL documentdb_api_internal.build_index_concurrently(1);"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:55.110 UTC [31] LOG:  cron job 3 COMMAND completed: CALL "}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:55.097 UTC [31] LOG:  cron job 3 starting: CALL documentdb_api_internal.build_index_concurrently(2);"}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:55.074 UTC [31] LOG:  cron job 2 COMMAND completed: CALL "}
{"ts": "2026-04-19T23:59:55Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:55.061 UTC [31] LOG:  cron job 2 starting: CALL documentdb_api_internal.build_index_concurrently(1);"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:53.104 UTC [31] LOG:  cron job 3 COMMAND completed: CALL "}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:53.078 UTC [31] LOG:  cron job 3 starting: CALL documentdb_api_internal.build_index_concurrently(2);"}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:53.068 UTC [31] LOG:  cron job 2 COMMAND completed: CALL "}
{"ts": "2026-04-19T23:59:53Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:53.050 UTC [31] LOG:  cron job 2 starting: CALL documentdb_api_internal.build_index_concurrently(1);"}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:51.079 UTC [31] LOG:  cron job 3 COMMAND completed: CALL "}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:51.068 UTC [31] LOG:  cron job 3 starting: CALL documentdb_api_internal.build_index_concurrently(2);"}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:51.053 UTC [31] LOG:  cron job 2 COMMAND completed: CALL "}
{"ts": "2026-04-19T23:59:51Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:51.040 UTC [31] LOG:  cron job 2 starting: CALL documentdb_api_internal.build_index_concurrently(1);"}
{"ts": "2026-04-19T23:59:49Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:49.072 UTC [31] LOG:  cron job 3 COMMAND completed: CALL "}
{"ts": "2026-04-19T23:59:49Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:49.059 UTC [31] LOG:  cron job 3 starting: CALL documentdb_api_internal.build_index_concurrently(2);"}
{"ts": "2026-04-19T23:59:49Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:49.044 UTC [31] LOG:  cron job 2 COMMAND completed: CALL "}
{"ts": "2026-04-19T23:59:49Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:49.030 UTC [31] LOG:  cron job 2 starting: CALL documentdb_api_internal.build_index_concurrently(1);"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:47.061 UTC [31] LOG:  cron job 3 COMMAND completed: CALL "}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:47.050 UTC [31] LOG:  cron job 3 starting: CALL documentdb_api_internal.build_index_concurrently(2);"}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:47.035 UTC [31] LOG:  cron job 2 COMMAND completed: CALL "}
{"ts": "2026-04-19T23:59:47Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:47.020 UTC [31] LOG:  cron job 2 starting: CALL documentdb_api_internal.build_index_concurrently(1);"}
{"ts": "2026-04-19T23:59:45Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:45.053 UTC [31] LOG:  cron job 3 COMMAND completed: CALL "}
{"ts": "2026-04-19T23:59:45Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:45.041 UTC [31] LOG:  cron job 3 starting: CALL documentdb_api_internal.build_index_concurrently(2);"}
{"ts": "2026-04-19T23:59:45Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:45.023 UTC [31] LOG:  cron job 2 COMMAND completed: CALL "}
{"ts": "2026-04-19T23:59:45Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:45.011 UTC [31] LOG:  cron job 2 starting: CALL documentdb_api_internal.build_index_concurrently(1);"}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:43.045 UTC [31] LOG:  cron job 3 COMMAND completed: CALL "}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:43.030 UTC [31] LOG:  cron job 3 starting: CALL documentdb_api_internal.build_index_concurrently(2);"}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:43.013 UTC [31] LOG:  cron job 2 COMMAND completed: CALL "}
{"ts": "2026-04-19T23:59:43Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:43.000 UTC [31] LOG:  cron job 2 starting: CALL documentdb_api_internal.build_index_concurrently(1);"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:41.037 UTC [31] LOG:  cron job 3 COMMAND completed: CALL "}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:41.017 UTC [31] LOG:  cron job 3 starting: CALL documentdb_api_internal.build_index_concurrently(2);"}
{"ts": "2026-04-19T23:59:41Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:41.004 UTC [31] LOG:  cron job 2 COMMAND completed: CALL "}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:40.990 UTC [31] LOG:  cron job 2 starting: CALL documentdb_api_internal.build_index_concurrently(1);"}
{"ts": "2026-04-19T23:59:39Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:39.019 UTC [31] LOG:  cron job 3 COMMAND completed: CALL "}
{"ts": "2026-04-19T23:59:39Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:39.005 UTC [31] LOG:  cron job 3 starting: CALL documentdb_api_internal.build_index_concurrently(2);"}
{"ts": "2026-04-19T23:59:38Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:38.993 UTC [31] LOG:  cron job 2 COMMAND completed: CALL "}
{"ts": "2026-04-19T23:59:38Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:38.981 UTC [31] LOG:  cron job 2 starting: CALL documentdb_api_internal.build_index_concurrently(1);"}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:37.009 UTC [31] LOG:  cron job 3 COMMAND completed: CALL "}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:36.995 UTC [31] LOG:  cron job 3 starting: CALL documentdb_api_internal.build_index_concurrently(2);"}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:36.984 UTC [31] LOG:  cron job 2 COMMAND completed: CALL "}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:36.972 UTC [31] LOG:  cron job 2 starting: CALL documentdb_api_internal.build_index_concurrently(1);"}
{"ts": "2026-04-19T23:59:35Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:35.003 UTC [31] LOG:  cron job 3 COMMAND completed: CALL "}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:34.986 UTC [31] LOG:  cron job 3 starting: CALL documentdb_api_internal.build_index_concurrently(2);"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:34.975 UTC [31] LOG:  cron job 2 COMMAND completed: CALL "}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:34.961 UTC [31] LOG:  cron job 2 starting: CALL documentdb_api_internal.build_index_concurrently(1);"}
{"ts": "2026-04-19T23:59:32Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:32.989 UTC [31] LOG:  cron job 3 COMMAND completed: CALL "}
{"ts": "2026-04-19T23:59:32Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:32.976 UTC [31] LOG:  cron job 3 starting: CALL documentdb_api_internal.build_index_concurrently(2);"}
{"ts": "2026-04-19T23:59:32Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:32.966 UTC [31] LOG:  cron job 2 COMMAND completed: CALL "}
{"ts": "2026-04-19T23:59:32Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:32.949 UTC [31] LOG:  cron job 2 starting: CALL documentdb_api_internal.build_index_concurrently(1);"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:30.980 UTC [31] LOG:  cron job 3 COMMAND completed: CALL "}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:30.966 UTC [31] LOG:  cron job 3 starting: CALL documentdb_api_internal.build_index_concurrently(2);"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:30.953 UTC [31] LOG:  cron job 2 COMMAND completed: CALL "}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:30.938 UTC [31] LOG:  cron job 2 starting: CALL documentdb_api_internal.build_index_concurrently(1);"}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:28.969 UTC [31] LOG:  cron job 3 COMMAND completed: CALL "}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:28.953 UTC [31] LOG:  cron job 3 starting: CALL documentdb_api_internal.build_index_concurrently(2);"}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:28.942 UTC [31] LOG:  cron job 2 COMMAND completed: CALL "}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:28.926 UTC [31] LOG:  cron job 2 starting: CALL documentdb_api_internal.build_index_concurrently(1);"}
{"ts": "2026-04-19T23:59:26Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:26.956 UTC [31] LOG:  cron job 3 COMMAND completed: CALL "}
{"ts": "2026-04-19T23:59:26Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:26.940 UTC [31] LOG:  cron job 3 starting: CALL documentdb_api_internal.build_index_concurrently(2);"}
{"ts": "2026-04-19T23:59:26Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:26.929 UTC [31] LOG:  cron job 2 COMMAND completed: CALL "}
{"ts": "2026-04-19T23:59:26Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:26.917 UTC [31] LOG:  cron job 2 starting: CALL documentdb_api_internal.build_index_concurrently(1);"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:24.944 UTC [31] LOG:  cron job 3 COMMAND completed: CALL "}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:24.927 UTC [31] LOG:  cron job 3 starting: CALL documentdb_api_internal.build_index_concurrently(2);"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:24.919 UTC [31] LOG:  cron job 2 COMMAND completed: CALL "}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:24.906 UTC [31] LOG:  cron job 2 starting: CALL documentdb_api_internal.build_index_concurrently(1);"}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:22.931 UTC [31] LOG:  cron job 3 COMMAND completed: CALL "}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:22.917 UTC [31] LOG:  cron job 3 starting: CALL documentdb_api_internal.build_index_concurrently(2);"}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:22.909 UTC [31] LOG:  cron job 2 COMMAND completed: CALL "}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:22.897 UTC [31] LOG:  cron job 2 starting: CALL documentdb_api_internal.build_index_concurrently(1);"}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:20.921 UTC [31] LOG:  cron job 3 COMMAND completed: CALL "}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:20.904 UTC [31] LOG:  cron job 3 starting: CALL documentdb_api_internal.build_index_concurrently(2);"}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:20.901 UTC [31] LOG:  cron job 2 COMMAND completed: CALL "}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:20.886 UTC [31] LOG:  cron job 2 starting: CALL documentdb_api_internal.build_index_concurrently(1);"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:18.904 UTC [31] LOG:  cron job 3 COMMAND completed: CALL "}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:18.893 UTC [31] LOG:  cron job 3 starting: CALL documentdb_api_internal.build_index_concurrently(2);"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:18.889 UTC [31] LOG:  cron job 2 COMMAND completed: CALL "}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-postgres-1", "detected_level": "unknown", "service_name": "/prometheus-holding-growthbook-postgres-1"}, "msg": "2026-04-19 23:59:18.877 UTC [31] LOG:  cron job 2 starting: CALL documentdb_api_internal.build_index_concurrently(1);"}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:54.883Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"5.169502ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:54.881Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"6.18927ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:54.881Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.952479ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:54.881Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.707821ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:54.880Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.929547ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:54.880Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.408322ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:54.879Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.780954ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:54.879Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.102273ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:54.879Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.932446ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:54.879Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.130434ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:54.879Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.064192ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:54.879Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.549991ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:54.879Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.67487ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:54.878Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.279578ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:54.878Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.046379ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:54.877Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.444013ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:54.877Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.884337ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:54.877Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.140743ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:54.877Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.956744ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:54.876Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.832704ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:54.876Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.055717ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:50Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:50.735Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"hello\",\"duration\":\"112.513\u00b5s\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:49Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:49.878Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"5.589047ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:49Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:49.878Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"7.923301ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:49Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:49.877Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"7.24934ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:49Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:49.876Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"4.098332ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:49Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:49.876Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"5.949988ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:49Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:49.875Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"5.813915ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:49Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:49.875Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.867621ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:49Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:49.875Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.909599ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:49Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:49.875Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"5.53617ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:49Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:49.875Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"5.154993ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:49Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:49.875Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"5.40739ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:49Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:49.875Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.592098ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:49Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:49.874Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"5.063111ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:49Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:49.873Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"988.836\u00b5s\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:49Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:49.872Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.902566ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:49Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:49.872Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.903049ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:49Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:49.872Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.643042ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:49Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:49.872Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.584101ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:49Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:49.872Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.286112ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:49Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:49.871Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.020305ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:49Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:49.871Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.056133ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:48.701Z\tINFO\tclientconn/listener.go:322\tConnection stopped\t{\"conn\":\"127.0.0.1:43468 -> 127.0.0.1:27017\",\"name\":\"listener\"}"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:48.700Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"ping\",\"duration\":\"952.776\u00b5s\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:48.697Z\tINFO\tclientconn/listener.go:316\tConnection started\t{\"conn\":\"127.0.0.1:43468 -> 127.0.0.1:27017\",\"name\":\"listener\"}"}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:44.878Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.742003ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:44.878Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.913048ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:44.877Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"6.10886ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:44.877Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"5.978779ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:44.877Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.663798ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:44.877Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"5.802866ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:44.875Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.484796ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:44.876Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.584388ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:44.876Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.404014ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:44.876Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.821432ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:44.875Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.671953ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:44.875Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"5.186516ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:44.875Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"5.800166ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:44.875Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.924129ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:44.875Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.631088ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:44.873Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.902098ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:44.873Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.724072ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:44.873Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.310598ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:44.872Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.231485ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:44.872Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.357411ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:44.872Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.131733ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:40.733Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"hello\",\"duration\":\"82.623\u00b5s\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:39Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:39.875Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"4.486802ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:39Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:39.874Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"4.301356ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:39Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:39.874Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"4.079357ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:39Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:39.874Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.885282ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:39Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:39.874Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.596318ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:39Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:39.873Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.17691ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:39Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:39.873Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"4.578238ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:39Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:39.873Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"4.228226ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:39Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:39.872Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.593297ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:39Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:39.872Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.380378ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:39Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:39.872Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.36565ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:39Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:39.871Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.442313ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:39Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:39.871Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.1111ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:39Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:39.871Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.373327ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:39Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:39.871Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.083124ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:39Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:39.870Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.06499ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:39Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:39.870Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.072033ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:39Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:39.870Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.059677ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:39Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:39.870Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.730105ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:39Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:39.870Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.779064ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:39Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:39.869Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.431139ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:34.875Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"9.637507ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:34.873Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"7.6999ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:34.871Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"5.02595ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:34.870Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"6.512355ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:34.870Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"5.015342ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:34.870Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"5.972867ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:34.870Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"4.600897ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:34.870Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"6.039931ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:34.869Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"4.030451ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:34.869Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.624389ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:34.869Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"6.510636ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:34.869Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"5.019181ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:34.867Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.37809ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:34.867Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.707441ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:34.867Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.031563ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:34.867Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.897768ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:34.866Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.056694ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:34.866Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.76196ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:34.865Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.450055ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:34.865Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.548697ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:34.865Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.410851ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:30.730Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"hello\",\"duration\":\"74.472\u00b5s\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:29.867Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"5.139134ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:29.867Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"5.11317ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:29.867Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"4.604971ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:29.866Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.78621ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:29.866Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.63494ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:29.866Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"4.860866ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:29.865Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.386352ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:29.865Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"5.173588ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:29.865Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.556912ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:29.865Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.588344ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:29.865Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"4.911586ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:29.865Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.805763ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:29.864Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"4.41182ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:29.864Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.687622ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:29.863Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.461634ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:29.863Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.847145ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:29.863Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.340707ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:29.862Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.984684ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:29.862Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.315569ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:29.862Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.585389ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:29Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:29.862Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.766254ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:25.035Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.491074ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:25.034Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.035746ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:25.034Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.168711ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:25.034Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.001159ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:25.033Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.686586ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:25.033Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.805778ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:25.033Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.985445ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:25.032Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.591628ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:25.032Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.938582ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:25.032Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.547107ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:25Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:25.032Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.543656ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:24.941Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"7.878163ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:24.940Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"8.505423ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:24.939Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"4.369061ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:24.938Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"4.991699ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:24.937Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.106793ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:24.936Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.082345ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:24.934Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.912198ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:24.934Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.144116ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:24.934Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.00311ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:24.934Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.083913ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:20.542Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"hello\",\"duration\":\"77.163\u00b5s\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:20.345Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.711561ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:20.341Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"find\",\"duration\":\"1.456166ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:20.338Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"find\",\"duration\":\"1.521418ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:20.335Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"find\",\"duration\":\"986.74\u00b5s\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:20.332Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"find\",\"duration\":\"1.401092ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:20.241Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"find\",\"duration\":\"1.724843ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:20.236Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.749291ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:20.235Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"find\",\"duration\":\"3.717653ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:20.142Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"find\",\"duration\":\"2.943407ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:20.138Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.478503ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:20.135Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"4.983441ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:20.038Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"962.305\u00b5s\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:20.037Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"1.79273ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:19.946Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"12.970496ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:19.944Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"6.673765ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:19.944Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"7.176837ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:19.944Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"6.953425ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:19.942Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"7.218909ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:19.942Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"4.820417ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:19.942Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"8.731241ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:19.942Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"6.127405ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:19.942Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"5.389819ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:19.940Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.350488ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:19.940Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"7.670557ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:19.940Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"6.894657ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:19.939Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"4.742314ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:19.939Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"4.307891ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:19.939Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.529368ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:19.939Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"4.593145ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:19.938Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"4.127941ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:19.938Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.337041ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:19.937Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.263878ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:19.936Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"3.566154ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-growthbook-ferretdb-1", "detected_level": "info", "service_name": "/prometheus-holding-growthbook-ferretdb-1"}, "msg": "2026-04-19T23:59:19.935Z\tINFO\tmiddleware/dispatcher.go:131\tCommand handled\t{\"command\":\"findAndModify\",\"duration\":\"2.515876ms\",\"handler\":\"documentdb\",\"name\":\"middleware\",\"result\":\"ok\"}"}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-grafana-1", "detected_level": "info", "service_name": "/prometheus-holding-grafana-1"}, "msg": "logger=ngalert.sender.router rule_uid=ffd10vkgv6xvke org_id=1 t=2026-04-19T23:59:21.678012187Z level=info msg=\"Sending alerts to local notifier\" count=1"}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-grafana-1", "detected_level": "info", "service_name": "/prometheus-holding-grafana-1"}, "msg": "logger=ngalert.sender.router rule_uid=ffd10vhdvpcsgb org_id=1 t=2026-04-19T23:59:20.591670008Z level=info msg=\"Sending alerts to local notifier\" count=1"}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-grafana-1", "detected_level": "info", "service_name": "/prometheus-holding-grafana-1"}, "msg": "logger=ngalert.sender.router rule_uid=efd10vjayw934f org_id=1 t=2026-04-19T23:59:19.830244538Z level=info msg=\"Sending alerts to local notifier\" count=1"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-grafana-1", "detected_level": "info", "service_name": "/prometheus-holding-grafana-1"}, "msg": "logger=ngalert.sender.router rule_uid=efd10vi287q4gc org_id=1 t=2026-04-19T23:59:18.839763812Z level=info msg=\"Sending alerts to local notifier\" count=1"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-grafana-1", "detected_level": "info", "service_name": "/prometheus-holding-grafana-1"}, "msg": "logger=ngalert.sender.router rule_uid=dfd10vlfjs6psa org_id=1 t=2026-04-19T23:59:18.140783464Z level=info msg=\"Sending alerts to local notifier\" count=1"}
{"ts": "2026-04-19T23:59:21Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-grafana-1", "detected_level": "error", "service_name": "/prometheus-holding-grafana-1"}, "msg": "logger=ngalert.scheduler rule_uid=ffd10vkgv6xvke org_id=1 version=1 fingerprint=99a002851c21c2da now=2026-04-19T23:59:10Z traceID=761a5a166c8d2fbbc3e238789c2f2510 rule_uid=ffd10vkgv6xvke org_id=1 t=2026-04-19T23:59:21.670544115Z level=error msg=\"Failed to build rule evaluator\" error=\"failed to build query 'A': data source not found\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-grafana-1", "detected_level": "error", "service_name": "/prometheus-holding-grafana-1"}, "msg": "logger=ngalert.scheduler rule_uid=ffd10vhdvpcsgb org_id=1 version=1 fingerprint=13e71251a4364f0a now=2026-04-19T23:59:10Z traceID=f02ac5dbe47f044a22607db9debe9092 rule_uid=ffd10vhdvpcsgb org_id=1 t=2026-04-19T23:59:20.584620116Z level=error msg=\"Failed to build rule evaluator\" error=\"failed to build query 'A': data source not found\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-grafana-1", "detected_level": "error", "service_name": "/prometheus-holding-grafana-1"}, "msg": "logger=ngalert.scheduler rule_uid=ffd10vkgv6xvke org_id=1 version=1 fingerprint=99a002851c21c2da now=2026-04-19T23:59:10Z traceID=1ff19b611984044c94ee466b32b9bf10 rule_uid=ffd10vkgv6xvke org_id=1 t=2026-04-19T23:59:20.030661795Z level=error msg=\"Failed to evaluate rule\" attempt=2 max_attempts=3 next_attempt_in=1.638335103s error=\"server side expressions pipeline returned an error: failed to build query 'A': data source not found\""}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-grafana-1", "detected_level": "error", "service_name": "/prometheus-holding-grafana-1"}, "msg": "logger=ngalert.scheduler rule_uid=ffd10vkgv6xvke org_id=1 version=1 fingerprint=99a002851c21c2da now=2026-04-19T23:59:10Z traceID=1ff19b611984044c94ee466b32b9bf10 rule_uid=ffd10vkgv6xvke org_id=1 t=2026-04-19T23:59:20.030554361Z level=error msg=\"Failed to build rule evaluator\" error=\"failed to build query 'A': data source not found\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-grafana-1", "detected_level": "error", "service_name": "/prometheus-holding-grafana-1"}, "msg": "logger=ngalert.scheduler rule_uid=efd10vjayw934f org_id=1 version=1 fingerprint=5f12d71bd4a98f4f now=2026-04-19T23:59:10Z traceID=22b83404dbce94194784e25c54727f90 rule_uid=efd10vjayw934f org_id=1 t=2026-04-19T23:59:19.823487412Z level=error msg=\"Failed to build rule evaluator\" error=\"failed to build query 'A': data source not found\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-grafana-1", "detected_level": "error", "service_name": "/prometheus-holding-grafana-1"}, "msg": "logger=ngalert.scheduler rule_uid=ffd10vhdvpcsgb org_id=1 version=1 fingerprint=13e71251a4364f0a now=2026-04-19T23:59:10Z traceID=11a00d5f1b3671e2e1d037e57ea01e6c rule_uid=ffd10vhdvpcsgb org_id=1 t=2026-04-19T23:59:19.178649755Z level=error msg=\"Failed to evaluate rule\" attempt=2 max_attempts=3 next_attempt_in=1.403924092s error=\"server side expressions pipeline returned an error: failed to build query 'A': data source not found\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-grafana-1", "detected_level": "error", "service_name": "/prometheus-holding-grafana-1"}, "msg": "logger=ngalert.scheduler rule_uid=ffd10vhdvpcsgb org_id=1 version=1 fingerprint=13e71251a4364f0a now=2026-04-19T23:59:10Z traceID=11a00d5f1b3671e2e1d037e57ea01e6c rule_uid=ffd10vhdvpcsgb org_id=1 t=2026-04-19T23:59:19.178537442Z level=error msg=\"Failed to build rule evaluator\" error=\"failed to build query 'A': data source not found\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-grafana-1", "detected_level": "error", "service_name": "/prometheus-holding-grafana-1"}, "msg": "logger=ngalert.scheduler rule_uid=ffd10vkgv6xvke org_id=1 version=1 fingerprint=99a002851c21c2da now=2026-04-19T23:59:10Z traceID=9418a3efff09c34c3a543893e0ca2049 rule_uid=ffd10vkgv6xvke org_id=1 t=2026-04-19T23:59:19.095900912Z level=error msg=\"Failed to evaluate rule\" attempt=1 max_attempts=3 next_attempt_in=932.854066ms error=\"server side expressions pipeline returned an error: failed to build query 'A': data source not found\""}
{"ts": "2026-04-19T23:59:19Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-grafana-1", "detected_level": "error", "service_name": "/prometheus-holding-grafana-1"}, "msg": "logger=ngalert.scheduler rule_uid=ffd10vkgv6xvke org_id=1 version=1 fingerprint=99a002851c21c2da now=2026-04-19T23:59:10Z traceID=9418a3efff09c34c3a543893e0ca2049 rule_uid=ffd10vkgv6xvke org_id=1 t=2026-04-19T23:59:19.095784208Z level=error msg=\"Failed to build rule evaluator\" error=\"failed to build query 'A': data source not found\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-grafana-1", "detected_level": "error", "service_name": "/prometheus-holding-grafana-1"}, "msg": "logger=ngalert.scheduler rule_uid=efd10vi287q4gc org_id=1 version=1 fingerprint=57ee27c9c77e1827 now=2026-04-19T23:59:10Z traceID=f5efcbc0f23fb5a27dd9883e9d67a435 rule_uid=efd10vi287q4gc org_id=1 t=2026-04-19T23:59:18.832987499Z level=error msg=\"Failed to build rule evaluator\" error=\"failed to build query 'A': data source not found\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-grafana-1", "detected_level": "error", "service_name": "/prometheus-holding-grafana-1"}, "msg": "logger=ngalert.scheduler rule_uid=efd10vjayw934f org_id=1 version=1 fingerprint=5f12d71bd4a98f4f now=2026-04-19T23:59:10Z traceID=1d78e63ce428239127e35073e83344a8 rule_uid=efd10vjayw934f org_id=1 t=2026-04-19T23:59:18.282997728Z level=error msg=\"Failed to evaluate rule\" attempt=2 max_attempts=3 next_attempt_in=1.539121575s error=\"server side expressions pipeline returned an error: failed to build query 'A': data source not found\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-grafana-1", "detected_level": "error", "service_name": "/prometheus-holding-grafana-1"}, "msg": "logger=ngalert.scheduler rule_uid=efd10vjayw934f org_id=1 version=1 fingerprint=5f12d71bd4a98f4f now=2026-04-19T23:59:10Z traceID=1d78e63ce428239127e35073e83344a8 rule_uid=efd10vjayw934f org_id=1 t=2026-04-19T23:59:18.282910935Z level=error msg=\"Failed to build rule evaluator\" error=\"failed to build query 'A': data source not found\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-grafana-1", "detected_level": "error", "service_name": "/prometheus-holding-grafana-1"}, "msg": "logger=ngalert.scheduler rule_uid=ffd10vhdvpcsgb org_id=1 version=1 fingerprint=13e71251a4364f0a now=2026-04-19T23:59:10Z traceID=28a15b809f1072eb73e4b5a74168fb45 rule_uid=ffd10vhdvpcsgb org_id=1 t=2026-04-19T23:59:18.187127476Z level=error msg=\"Failed to evaluate rule\" attempt=1 max_attempts=3 next_attempt_in=989.763819ms error=\"server side expressions pipeline returned an error: failed to build query 'A': data source not found\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-grafana-1", "detected_level": "error", "service_name": "/prometheus-holding-grafana-1"}, "msg": "logger=ngalert.scheduler rule_uid=ffd10vhdvpcsgb org_id=1 version=1 fingerprint=13e71251a4364f0a now=2026-04-19T23:59:10Z traceID=28a15b809f1072eb73e4b5a74168fb45 rule_uid=ffd10vhdvpcsgb org_id=1 t=2026-04-19T23:59:18.186717713Z level=error msg=\"Failed to build rule evaluator\" error=\"failed to build query 'A': data source not found\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-grafana-1", "detected_level": "error", "service_name": "/prometheus-holding-grafana-1"}, "msg": "logger=ngalert.scheduler rule_uid=dfd10vlfjs6psa org_id=1 version=1 fingerprint=79c8bd87c6a352eb now=2026-04-19T23:59:10Z traceID=1ff0ff77f940667a2c2a0d15455cf2cf rule_uid=dfd10vlfjs6psa org_id=1 t=2026-04-19T23:59:18.130916764Z level=error msg=\"Failed to build rule evaluator\" error=\"failed to build query 'A': data source not found\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-grafana-1", "detected_level": "error", "service_name": "/prometheus-holding-grafana-1"}, "msg": "logger=ngalert.scheduler rule_uid=efd10vi287q4gc org_id=1 version=1 fingerprint=57ee27c9c77e1827 now=2026-04-19T23:59:10Z traceID=754e07dab571482321bdbf3697d11b25 rule_uid=efd10vi287q4gc org_id=1 t=2026-04-19T23:59:17.327773178Z level=error msg=\"Failed to evaluate rule\" attempt=2 max_attempts=3 next_attempt_in=1.503385893s error=\"server side expressions pipeline returned an error: failed to build query 'A': data source not found\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-grafana-1", "detected_level": "error", "service_name": "/prometheus-holding-grafana-1"}, "msg": "logger=ngalert.scheduler rule_uid=efd10vi287q4gc org_id=1 version=1 fingerprint=57ee27c9c77e1827 now=2026-04-19T23:59:10Z traceID=754e07dab571482321bdbf3697d11b25 rule_uid=efd10vi287q4gc org_id=1 t=2026-04-19T23:59:17.327684235Z level=error msg=\"Failed to build rule evaluator\" error=\"failed to build query 'A': data source not found\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-grafana-1", "detected_level": "error", "service_name": "/prometheus-holding-grafana-1"}, "msg": "logger=ngalert.scheduler rule_uid=efd10vjayw934f org_id=1 version=1 fingerprint=5f12d71bd4a98f4f now=2026-04-19T23:59:10Z traceID=12a6e72db9e258310815f409a8725733 rule_uid=efd10vjayw934f org_id=1 t=2026-04-19T23:59:17.278645124Z level=error msg=\"Failed to evaluate rule\" attempt=1 max_attempts=3 next_attempt_in=1.00257546s error=\"server side expressions pipeline returned an error: failed to build query 'A': data source not found\""}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-grafana-1", "detected_level": "error", "service_name": "/prometheus-holding-grafana-1"}, "msg": "logger=ngalert.scheduler rule_uid=efd10vjayw934f org_id=1 version=1 fingerprint=5f12d71bd4a98f4f now=2026-04-19T23:59:10Z traceID=12a6e72db9e258310815f409a8725733 rule_uid=efd10vjayw934f org_id=1 t=2026-04-19T23:59:17.27852978Z level=error msg=\"Failed to build rule evaluator\" error=\"failed to build query 'A': data source not found\""}
{"ts": "2026-04-19T23:59:58Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-forgejo-1", "detected_level": "unknown", "service_name": "/prometheus-holding-forgejo-1"}, "msg": "2026/04/19 23:59:58 ...eb/routing/logger.go:102:func1() [I] router: completed POST /api/actions/runner.v1.RunnerService/FetchTask for 172.18.0.11:37154, 200 OK in 12.6ms @ <autogenerated>:1(http.Handler.ServeHTTP-fm)"}
{"ts": "2026-04-19T23:59:56Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-forgejo-1", "detected_level": "unknown", "service_name": "/prometheus-holding-forgejo-1"}, "msg": "2026/04/19 23:59:56 ...eb/routing/logger.go:102:func1() [I] router: completed POST /api/actions/runner.v1.RunnerService/FetchTask for 172.18.0.11:37154, 200 OK in 10.5ms @ <autogenerated>:1(http.Handler.ServeHTTP-fm)"}
{"ts": "2026-04-19T23:59:54Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-forgejo-1", "detected_level": "unknown", "service_name": "/prometheus-holding-forgejo-1"}, "msg": "2026/04/19 23:59:54 ...eb/routing/logger.go:102:func1() [I] router: completed POST /api/actions/runner.v1.RunnerService/FetchTask for 172.18.0.11:37154, 200 OK in 13.4ms @ <autogenerated>:1(http.Handler.ServeHTTP-fm)"}
{"ts": "2026-04-19T23:59:52Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-forgejo-1", "detected_level": "unknown", "service_name": "/prometheus-holding-forgejo-1"}, "msg": "2026/04/19 23:59:52 ...eb/routing/logger.go:102:func1() [I] router: completed POST /api/actions/runner.v1.RunnerService/FetchTask for 172.18.0.11:37154, 200 OK in 11.6ms @ <autogenerated>:1(http.Handler.ServeHTTP-fm)"}
{"ts": "2026-04-19T23:59:50Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-forgejo-1", "detected_level": "unknown", "service_name": "/prometheus-holding-forgejo-1"}, "msg": "2026/04/19 23:59:50 ...eb/routing/logger.go:102:func1() [I] router: completed POST /api/actions/runner.v1.RunnerService/FetchTask for 172.18.0.11:37154, 200 OK in 11.0ms @ <autogenerated>:1(http.Handler.ServeHTTP-fm)"}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-forgejo-1", "detected_level": "unknown", "service_name": "/prometheus-holding-forgejo-1"}, "msg": "2026/04/19 23:59:48 ...eb/routing/logger.go:102:func1() [I] router: completed POST /api/actions/runner.v1.RunnerService/FetchTask for 172.18.0.11:37154, 200 OK in 11.5ms @ <autogenerated>:1(http.Handler.ServeHTTP-fm)"}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-forgejo-1", "detected_level": "unknown", "service_name": "/prometheus-holding-forgejo-1"}, "msg": "2026/04/19 23:59:46 ...eb/routing/logger.go:102:func1() [I] router: completed POST /api/actions/runner.v1.RunnerService/FetchTask for 172.18.0.11:37154, 200 OK in 11.3ms @ <autogenerated>:1(http.Handler.ServeHTTP-fm)"}
{"ts": "2026-04-19T23:59:44Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-forgejo-1", "detected_level": "unknown", "service_name": "/prometheus-holding-forgejo-1"}, "msg": "2026/04/19 23:59:44 ...eb/routing/logger.go:102:func1() [I] router: completed POST /api/actions/runner.v1.RunnerService/FetchTask for 172.18.0.11:37154, 200 OK in 11.2ms @ <autogenerated>:1(http.Handler.ServeHTTP-fm)"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-forgejo-1", "detected_level": "unknown", "service_name": "/prometheus-holding-forgejo-1"}, "msg": "2026/04/19 23:59:42 ...eb/routing/logger.go:102:func1() [I] router: completed POST /api/actions/runner.v1.RunnerService/FetchTask for 172.18.0.11:37154, 200 OK in 12.2ms @ <autogenerated>:1(http.Handler.ServeHTTP-fm)"}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-forgejo-1", "detected_level": "unknown", "service_name": "/prometheus-holding-forgejo-1"}, "msg": "2026/04/19 23:59:40 ...eb/routing/logger.go:102:func1() [I] router: completed POST /api/actions/runner.v1.RunnerService/FetchTask for 172.18.0.11:37154, 200 OK in 12.8ms @ <autogenerated>:1(http.Handler.ServeHTTP-fm)"}
{"ts": "2026-04-19T23:59:38Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-forgejo-1", "detected_level": "unknown", "service_name": "/prometheus-holding-forgejo-1"}, "msg": "2026/04/19 23:59:38 ...eb/routing/logger.go:102:func1() [I] router: completed POST /api/actions/runner.v1.RunnerService/FetchTask for 172.18.0.11:37154, 200 OK in 13.4ms @ <autogenerated>:1(http.Handler.ServeHTTP-fm)"}
{"ts": "2026-04-19T23:59:36Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-forgejo-1", "detected_level": "unknown", "service_name": "/prometheus-holding-forgejo-1"}, "msg": "2026/04/19 23:59:36 ...eb/routing/logger.go:102:func1() [I] router: completed POST /api/actions/runner.v1.RunnerService/FetchTask for 172.18.0.11:37154, 200 OK in 11.9ms @ <autogenerated>:1(http.Handler.ServeHTTP-fm)"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-forgejo-1", "detected_level": "unknown", "service_name": "/prometheus-holding-forgejo-1"}, "msg": "2026/04/19 23:59:34 ...eb/routing/logger.go:102:func1() [I] router: completed POST /api/actions/runner.v1.RunnerService/FetchTask for 172.18.0.11:37154, 200 OK in 10.3ms @ <autogenerated>:1(http.Handler.ServeHTTP-fm)"}
{"ts": "2026-04-19T23:59:32Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-forgejo-1", "detected_level": "unknown", "service_name": "/prometheus-holding-forgejo-1"}, "msg": "2026/04/19 23:59:32 ...eb/routing/logger.go:102:func1() [I] router: completed POST /api/actions/runner.v1.RunnerService/FetchTask for 172.18.0.11:37154, 200 OK in 11.9ms @ <autogenerated>:1(http.Handler.ServeHTTP-fm)"}
{"ts": "2026-04-19T23:59:30Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-forgejo-1", "detected_level": "unknown", "service_name": "/prometheus-holding-forgejo-1"}, "msg": "2026/04/19 23:59:30 ...eb/routing/logger.go:102:func1() [I] router: completed POST /api/actions/runner.v1.RunnerService/FetchTask for 172.18.0.11:37154, 200 OK in 15.4ms @ <autogenerated>:1(http.Handler.ServeHTTP-fm)"}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-forgejo-1", "detected_level": "unknown", "service_name": "/prometheus-holding-forgejo-1"}, "msg": "2026/04/19 23:59:28 ...eb/routing/logger.go:102:func1() [I] router: completed POST /api/actions/runner.v1.RunnerService/FetchTask for 172.18.0.11:37154, 200 OK in 13.5ms @ <autogenerated>:1(http.Handler.ServeHTTP-fm)"}
{"ts": "2026-04-19T23:59:26Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-forgejo-1", "detected_level": "unknown", "service_name": "/prometheus-holding-forgejo-1"}, "msg": "2026/04/19 23:59:26 ...eb/routing/logger.go:102:func1() [I] router: completed POST /api/actions/runner.v1.RunnerService/FetchTask for 172.18.0.11:37154, 200 OK in 15.2ms @ <autogenerated>:1(http.Handler.ServeHTTP-fm)"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-forgejo-1", "detected_level": "unknown", "service_name": "/prometheus-holding-forgejo-1"}, "msg": "2026/04/19 23:59:24 ...eb/routing/logger.go:102:func1() [I] router: completed POST /api/actions/runner.v1.RunnerService/FetchTask for 172.18.0.11:37154, 200 OK in 16.4ms @ <autogenerated>:1(http.Handler.ServeHTTP-fm)"}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-forgejo-1", "detected_level": "unknown", "service_name": "/prometheus-holding-forgejo-1"}, "msg": "2026/04/19 23:59:22 ...eb/routing/logger.go:102:func1() [I] router: completed POST /api/actions/runner.v1.RunnerService/FetchTask for 172.18.0.11:37154, 200 OK in 11.4ms @ <autogenerated>:1(http.Handler.ServeHTTP-fm)"}
{"ts": "2026-04-19T23:59:20Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-forgejo-1", "detected_level": "unknown", "service_name": "/prometheus-holding-forgejo-1"}, "msg": "2026/04/19 23:59:20 ...eb/routing/logger.go:102:func1() [I] router: completed POST /api/actions/runner.v1.RunnerService/FetchTask for 172.18.0.11:37154, 200 OK in 11.4ms @ <autogenerated>:1(http.Handler.ServeHTTP-fm)"}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-forgejo-1", "detected_level": "unknown", "service_name": "/prometheus-holding-forgejo-1"}, "msg": "2026/04/19 23:59:18 ...eb/routing/logger.go:102:func1() [I] router: completed POST /api/actions/runner.v1.RunnerService/FetchTask for 172.18.0.11:37154, 200 OK in 12.1ms @ <autogenerated>:1(http.Handler.ServeHTTP-fm)"}
{"ts": "2026-04-19T23:59:32Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-erpnext-frontend-1", "detected_level": "unknown", "service_name": "/prometheus-holding-erpnext-frontend-1"}, "msg": "127.0.0.1 - - [19/Apr/2026:23:59:32 +0000] \"GET /api/method/ping HTTP/1.1\" 200 18 \"-\" \"curl/7.88.1\""}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-docuseal-1", "detected_level": "info", "service_name": "/prometheus-holding-docuseal-1"}, "msg": "I, [2026-04-19T23:59:24.545215 #1]  INFO -- : [c5a468d8-0db6-437d-be9f-356b3c0dbd3b] {\"method\":\"GET\",\"format\":\"*/*\",\"controller\":\"SetupController\",\"action\":\"index\",\"status\":200,\"allocations\":2788,\"duration\":8.01,\"view\":6.07,\"db\":0.48,\"host\":\"127.0.0.1\",\"fwd\":\"127.0.0.1\",\"params\":{},\"uid\":null,\"aid\":null,\"rid\":null,\"raid\":null}"}
{"ts": "2026-04-19T23:59:24Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-docuseal-1", "detected_level": "info", "service_name": "/prometheus-holding-docuseal-1"}, "msg": "I, [2026-04-19T23:59:24.534583 #1]  INFO -- : [9e86b851-cdee-4655-8a72-b03c4e1623bd] {\"method\":\"GET\",\"format\":\"*/*\",\"controller\":\"DashboardController\",\"action\":\"index\",\"status\":302,\"allocations\":422,\"duration\":2.48,\"view\":0.0,\"db\":1.15,\"host\":\"127.0.0.1\",\"fwd\":\"127.0.0.1\",\"params\":{},\"uid\":null,\"aid\":null,\"rid\":null,\"raid\":null}"}
{"ts": "2026-04-19T23:59:17Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-holding-chromadb-1", "detected_level": "info", "service_name": "/prometheus-holding-chromadb-1"}, "msg": "INFO:     [19-04-2026 23:59:17] 127.0.0.1:52950 - \"GET /api/v1/heartbeat HTTP/1.1\" 200"}
{"ts": "2026-04-19T23:59:37Z", "labels": {"cluster": "docker-compose", "container": "/prometheus-dashboard-internal", "detected_level": "unknown", "service_name": "/prometheus-dashboard-internal"}, "msg": "::1 - - [19/Apr/2026:23:59:37 +0000] \"GET / HTTP/1.1\" 200 19230 \"-\" \"Wget\" \"-\""}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "container": "/falco-enforcer", "detected_level": "info", "service_name": "/falco-enforcer"}, "msg": "2026-04-19 23:59:42,421 - ENFORCER - INFO - 127.0.0.1 - - [19/Apr/2026 23:59:42] \"GET /health HTTP/1.1\" 200 -"}
{"ts": "2026-04-19T23:59:58Z", "labels": {"cluster": "docker-compose", "container": "/crowdsec", "detected_level": "info", "service_name": "/crowdsec"}, "msg": "time=\"2026-04-19T23:59:58Z\" level=info msg=\"172.18.0.1 - [Sun, 19 Apr 2026 23:59:58 UTC] \\\"GET /v1/decisions/stream?additional_pull=false&community_pull=false HTTP/1.1 200 13.153039ms \\\"crowdsec-firewall-bouncer/v0.0.34-debian-pragmatic-amd64-4144555453620958398aee64253dfd90bbc1f698\\\" \\\"\""}
{"ts": "2026-04-19T23:59:48Z", "labels": {"cluster": "docker-compose", "container": "/crowdsec", "detected_level": "info", "service_name": "/crowdsec"}, "msg": "time=\"2026-04-19T23:59:48Z\" level=info msg=\"172.18.0.1 - [Sun, 19 Apr 2026 23:59:48 UTC] \\\"GET /v1/decisions/stream?additional_pull=false&community_pull=false HTTP/1.1 200 14.276528ms \\\"crowdsec-firewall-bouncer/v0.0.34-debian-pragmatic-amd64-4144555453620958398aee64253dfd90bbc1f698\\\" \\\"\""}
{"ts": "2026-04-19T23:59:38Z", "labels": {"cluster": "docker-compose", "container": "/crowdsec", "detected_level": "info", "service_name": "/crowdsec"}, "msg": "time=\"2026-04-19T23:59:38Z\" level=info msg=\"172.18.0.1 - [Sun, 19 Apr 2026 23:59:38 UTC] \\\"GET /v1/decisions/stream?additional_pull=false&community_pull=false HTTP/1.1 200 11.636781ms \\\"crowdsec-firewall-bouncer/v0.0.34-debian-pragmatic-amd64-4144555453620958398aee64253dfd90bbc1f698\\\" \\\"\""}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "container": "/crowdsec", "detected_level": "info", "service_name": "/crowdsec"}, "msg": "time=\"2026-04-19T23:59:28Z\" level=info msg=\"172.18.0.1 - [Sun, 19 Apr 2026 23:59:28 UTC] \\\"GET /v1/decisions/stream?additional_pull=false&community_pull=false HTTP/1.1 200 10.846188ms \\\"crowdsec-firewall-bouncer/v0.0.34-debian-pragmatic-amd64-4144555453620958398aee64253dfd90bbc1f698\\\" \\\"\""}
{"ts": "2026-04-19T23:59:18Z", "labels": {"cluster": "docker-compose", "container": "/crowdsec", "detected_level": "info", "service_name": "/crowdsec"}, "msg": "time=\"2026-04-19T23:59:18Z\" level=info msg=\"172.18.0.1 - [Sun, 19 Apr 2026 23:59:18 UTC] \\\"GET /v1/decisions/stream?additional_pull=false&community_pull=false HTTP/1.1 200 11.449642ms \\\"crowdsec-firewall-bouncer/v0.0.34-debian-pragmatic-amd64-4144555453620958398aee64253dfd90bbc1f698\\\" \\\"\""}
{"ts": "2026-04-19T23:59:58Z", "labels": {"cluster": "docker-compose", "container": "/apex-windmill-worker", "detected_level": "info", "service_name": "/apex-windmill-worker"}, "msg": "\u001b[2m2026-04-19T23:59:58.860655Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2mwindmill-worker/src/worker_utils.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m90\u001b[0m\u001b[2m:\u001b[0m ping update, memory: container=87MB, windmill=28MB, db_latency=1ms \u001b[3mworker\u001b[0m\u001b[2m=\u001b[0mwk-default-6852850569bd-giABx \u001b[3mhostname\u001b[0m\u001b[2m=\u001b[0m6852850569bd"}
{"ts": "2026-04-19T23:59:52Z", "labels": {"cluster": "docker-compose", "container": "/apex-windmill-worker", "detected_level": "info", "service_name": "/apex-windmill-worker"}, "msg": "\u001b[2m2026-04-19T23:59:52.846959Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2mwindmill-worker/src/worker_utils.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m90\u001b[0m\u001b[2m:\u001b[0m ping update, memory: container=87MB, windmill=28MB, db_latency=1ms \u001b[3mworker\u001b[0m\u001b[2m=\u001b[0mwk-default-6852850569bd-giABx \u001b[3mhostname\u001b[0m\u001b[2m=\u001b[0m6852850569bd"}
{"ts": "2026-04-19T23:59:46Z", "labels": {"cluster": "docker-compose", "container": "/apex-windmill-worker", "detected_level": "info", "service_name": "/apex-windmill-worker"}, "msg": "\u001b[2m2026-04-19T23:59:46.783074Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2mwindmill-worker/src/worker_utils.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m90\u001b[0m\u001b[2m:\u001b[0m ping update, memory: container=87MB, windmill=28MB, db_latency=2ms \u001b[3mworker\u001b[0m\u001b[2m=\u001b[0mwk-default-6852850569bd-giABx \u001b[3mhostname\u001b[0m\u001b[2m=\u001b[0m6852850569bd"}
{"ts": "2026-04-19T23:59:40Z", "labels": {"cluster": "docker-compose", "container": "/apex-windmill-worker", "detected_level": "info", "service_name": "/apex-windmill-worker"}, "msg": "\u001b[2m2026-04-19T23:59:40.763271Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2mwindmill-worker/src/worker_utils.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m90\u001b[0m\u001b[2m:\u001b[0m ping update, memory: container=87MB, windmill=28MB, db_latency=2ms \u001b[3mworker\u001b[0m\u001b[2m=\u001b[0mwk-default-6852850569bd-giABx \u001b[3mhostname\u001b[0m\u001b[2m=\u001b[0m6852850569bd"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "container": "/apex-windmill-worker", "detected_level": "info", "service_name": "/apex-windmill-worker"}, "msg": "\u001b[2m2026-04-19T23:59:34.743200Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2mwindmill-worker/src/worker_utils.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m90\u001b[0m\u001b[2m:\u001b[0m ping update, memory: container=87MB, windmill=28MB, db_latency=1ms \u001b[3mworker\u001b[0m\u001b[2m=\u001b[0mwk-default-6852850569bd-giABx \u001b[3mhostname\u001b[0m\u001b[2m=\u001b[0m6852850569bd"}
{"ts": "2026-04-19T23:59:28Z", "labels": {"cluster": "docker-compose", "container": "/apex-windmill-worker", "detected_level": "info", "service_name": "/apex-windmill-worker"}, "msg": "\u001b[2m2026-04-19T23:59:28.716614Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2mwindmill-worker/src/worker_utils.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m90\u001b[0m\u001b[2m:\u001b[0m ping update, memory: container=87MB, windmill=28MB, db_latency=2ms \u001b[3mworker\u001b[0m\u001b[2m=\u001b[0mwk-default-6852850569bd-giABx \u001b[3mhostname\u001b[0m\u001b[2m=\u001b[0m6852850569bd"}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "container": "/apex-windmill-worker", "detected_level": "info", "service_name": "/apex-windmill-worker"}, "msg": "\u001b[2m2026-04-19T23:59:22.674151Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2mwindmill-worker/src/worker_utils.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m90\u001b[0m\u001b[2m:\u001b[0m ping update, memory: container=87MB, windmill=28MB, db_latency=2ms \u001b[3mworker\u001b[0m\u001b[2m=\u001b[0mwk-default-6852850569bd-giABx \u001b[3mhostname\u001b[0m\u001b[2m=\u001b[0m6852850569bd"}
{"ts": "2026-04-19T23:59:52Z", "labels": {"cluster": "docker-compose", "container": "/apex-windmill-server", "detected_level": "info", "service_name": "/apex-windmill-server"}, "msg": "\u001b[2m2026-04-19T23:59:52.506565Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2mwindmill-api/src/health.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m368\u001b[0m\u001b[2m:\u001b[0m health check completed \u001b[3mstatus\u001b[0m\u001b[2m=\u001b[0m\"healthy\" \u001b[3mdatabase_healthy\u001b[0m\u001b[2m=\u001b[0mtrue \u001b[3mworkers_alive\u001b[0m\u001b[2m=\u001b[0m1"}
{"ts": "2026-04-19T23:59:42Z", "labels": {"cluster": "docker-compose", "container": "/apex-windmill-server", "detected_level": "info", "service_name": "/apex-windmill-server"}, "msg": "\u001b[2m2026-04-19T23:59:42.507207Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2mwindmill-api/src/health.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m368\u001b[0m\u001b[2m:\u001b[0m health check completed \u001b[3mstatus\u001b[0m\u001b[2m=\u001b[0m\"healthy\" \u001b[3mdatabase_healthy\u001b[0m\u001b[2m=\u001b[0mtrue \u001b[3mworkers_alive\u001b[0m\u001b[2m=\u001b[0m1"}
{"ts": "2026-04-19T23:59:34Z", "labels": {"cluster": "docker-compose", "container": "/apex-windmill-server", "detected_level": "info", "service_name": "/apex-windmill-server"}, "msg": "\u001b[2m2026-04-19T23:59:34.367275Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2msrc/monitor.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m632\u001b[0m\u001b[2m:\u001b[0m 197.97225952148438 mb allocated/223.48046875 mb resident"}
{"ts": "2026-04-19T23:59:32Z", "labels": {"cluster": "docker-compose", "container": "/apex-windmill-server", "detected_level": "info", "service_name": "/apex-windmill-server"}, "msg": "\u001b[2m2026-04-19T23:59:32.507111Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2mwindmill-api/src/health.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m368\u001b[0m\u001b[2m:\u001b[0m health check completed \u001b[3mstatus\u001b[0m\u001b[2m=\u001b[0m\"healthy\" \u001b[3mdatabase_healthy\u001b[0m\u001b[2m=\u001b[0mtrue \u001b[3mworkers_alive\u001b[0m\u001b[2m=\u001b[0m1"}
{"ts": "2026-04-19T23:59:22Z", "labels": {"cluster": "docker-compose", "container": "/apex-windmill-server", "detected_level": "info", "service_name": "/apex-windmill-server"}, "msg": "\u001b[2m2026-04-19T23:59:22.506454Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2mwindmill-api/src/health.rs\u001b[0m\u001b[2m:\u001b[0m\u001b[2m368\u001b[0m\u001b[2m:\u001b[0m health check completed \u001b[3mstatus\u001b[0m\u001b[2m=\u001b[0m\"healthy\" \u001b[3mdatabase_healthy\u001b[0m\u001b[2m=\u001b[0mtrue \u001b[3mworkers_alive\u001b[0m\u001b[2m=\u001b[0m1"}