{"ts": "2026-04-30T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593598.463:11547395): proctitle=746F66750076657273696F6E"}
{"ts": "2026-04-30T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593598.463:11547395): item=0 name=\"/usr/local/bin/tofu\" inode=6721579 dev=00:43 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593598.463:11547395): cwd=\"/tofu\""}
{"ts": "2026-04-30T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593598.463:11547395): argc=2 a0=\"tofu\" a1=\"version\""}
{"ts": "2026-04-30T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593598.463:11547395): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593598.463:11547395): arch=c000003e syscall=59 success=yes exit=0 a0=c0000271d0 a1=c0000a7350 a2=c000022680 a3=0 items=1 ppid=2862871 pid=2862883 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tofu\" exe=\"/usr/local/bin/tofu\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593598.418:11547394): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593598.418:11547394): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593598.418:11547394): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593598.418:11547394): cwd=\"/var/lib/docker/rootfs/overlayfs/10004f011cbcd1aef0e4860649cf41d88193ca12b52cd9b892a7426c383f0f44\""}
{"ts": "2026-04-30T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593598.418:11547394): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593598.418:11547394): arch=c000003e syscall=59 success=yes exit=0 a0=c0002458a0 a1=c000249350 a2=c00024bbc0 a3=0 items=2 ppid=2862871 pid=2862880 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593598.405:11547393): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F31303030346630313163626364316165663065343836303634"}
{"ts": "2026-04-30T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593598.405:11547393): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593598.405:11547393): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593598.405:11547393): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/10004f011cbcd1aef0e4860649cf41d88193ca12b52cd9b892a7426c383f0f44\""}
{"ts": "2026-04-30T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593598.405:11547393): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/10004f011cbcd1aef0e4860649cf41d88193ca12b52cd9b892a7426c383f0f44/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1473453015\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/10004f011cbcd1aef0e4860649cf41d88193ca12b52cd9b892a7426c383f0f44/9923d1ef761a75f9d76b9f66f5ffdbdcd9cd39f386f68b3014af8736880c6459.pid\" a14=\"10004f011cbcd1aef0e4860649cf41d88193ca12b52cd9b892a7426c383f0f44\""}
{"ts": "2026-04-30T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593598.405:11547393): arch=c000003e syscall=59 success=yes exit=0 a0=c00032a730 a1=c00026c000 a2=c00026c080 a3=0 items=2 ppid=3089 pid=2862871 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593598.175:11547392): proctitle=6375726C002D6600687474703A2F2F6C6F63616C686F73743A383030302F6865616C74687A"}
{"ts": "2026-04-30T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593598.175:11547392): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593598.175:11547392): item=0 name=\"/usr/bin/curl\" inode=8530521 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593598.175:11547392): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593598.175:11547392): argc=3 a0=\"curl\" a1=\"-f\" a2=\"http://localhost:8000/healthz\""}
{"ts": "2026-04-30T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593598.175:11547392): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593598.175:11547392): arch=c000003e syscall=59 success=yes exit=0 a0=c000196f80 a1=c000022680 a2=c000114a20 a3=0 items=2 ppid=2862853 pid=2862865 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"curl\" exe=\"/usr/bin/curl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593598.133:11547391): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593598.133:11547391): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593598.133:11547391): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593598.133:11547391): cwd=\"/var/lib/docker/rootfs/overlayfs/85b545c504cd648e96e62b4ba6066cca7e4a8b207e2cdfa5efa782d8a3e3241b\""}
{"ts": "2026-04-30T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593598.133:11547391): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593598.133:11547391): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b850 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=2862853 pid=2862863 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593598.116:11547390): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F38356235343563353034636436343865393665363262346261"}
{"ts": "2026-04-30T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593598.116:11547390): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593598.116:11547390): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593598.116:11547390): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/85b545c504cd648e96e62b4ba6066cca7e4a8b207e2cdfa5efa782d8a3e3241b\""}
{"ts": "2026-04-30T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593598.116:11547390): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/85b545c504cd648e96e62b4ba6066cca7e4a8b207e2cdfa5efa782d8a3e3241b/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process736374449\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/85b545c504cd648e96e62b4ba6066cca7e4a8b207e2cdfa5efa782d8a3e3241b/5ea648799da022bd4de5f868e07403d9f3f4063b179f033f791305f078a72bc6.pid\" a14=\"85b545c504cd648e96e62b4ba6066cca7e4a8b207e2cdfa5efa782d8a3e3241b\""}
{"ts": "2026-04-30T23:59:58Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593598.116:11547390): arch=c000003e syscall=59 success=yes exit=0 a0=c0001cf5d0 a1=c000199c00 a2=c000199c80 a3=0 items=2 ppid=4472 pid=2862853 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593597.778:11547389): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593597.778:11547389): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593597.778:11547389): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593597.778:11547389): cwd=\"/var/lib/docker/rootfs/overlayfs/531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50\""}
{"ts": "2026-04-30T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593597.778:11547389): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593597.778:11547389): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3860 a1=c0001f7338 a2=c0001f9c40 a3=0 items=2 ppid=2862835 pid=2862844 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593597.763:11547388): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F35333161623839363863653834346231386230623365626166"}
{"ts": "2026-04-30T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593597.763:11547388): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593597.763:11547388): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593597.763:11547388): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50\""}
{"ts": "2026-04-30T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593597.763:11547388): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2031700013\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50/89058f77108965daa05b4af41a19fe877504a3bdc2355586a1951e83f7da8153.pid\" a14=\"531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50\""}
{"ts": "2026-04-30T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593597.763:11547388): arch=c000003e syscall=59 success=yes exit=0 a0=c0000111e0 a1=c0004a8880 a2=c0004a8900 a3=0 items=2 ppid=4374 pid=2862835 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593597.480:11547387): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520666F7267656A6F"}
{"ts": "2026-04-30T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593597.480:11547387): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:52 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593597.480:11547387): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:52 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593597.480:11547387): cwd=\"/\""}
{"ts": "2026-04-30T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593597.480:11547387): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"forgejo\""}
{"ts": "2026-04-30T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593597.480:11547387): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593597.480:11547387): arch=c000003e syscall=59 success=yes exit=0 a0=73e6d5403278 a1=73e6d54031d8 a2=73e6d54031f8 a3=8080808080808080 items=2 ppid=3626 pid=2862828 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593597.476:11547386): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520666F7267656A6F"}
{"ts": "2026-04-30T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593597.476:11547386): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:52 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593597.476:11547386): item=0 name=\"/bin/sh\" inode=8589166 dev=00:52 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593597.476:11547386): cwd=\"/\""}
{"ts": "2026-04-30T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593597.476:11547386): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520666F7267656A6F"}
{"ts": "2026-04-30T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593597.476:11547386): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593597.476:11547386): arch=c000003e syscall=59 success=yes exit=0 a0=c000196f68 a1=c000022680 a2=c0000d88c0 a3=0 items=2 ppid=2862816 pid=2862828 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593597.430:11547385): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593597.430:11547385): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593597.430:11547385): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593597.430:11547385): cwd=\"/var/lib/docker/rootfs/overlayfs/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251\""}
{"ts": "2026-04-30T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593597.430:11547385): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593597.430:11547385): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3840 a1=c0001f7338 a2=c0001f9c40 a3=0 items=2 ppid=2862816 pid=2862826 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593597.414:11547384): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F32636464336430383963393436373631633432633763666334"}
{"ts": "2026-04-30T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593597.414:11547384): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593597.414:11547384): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593597.414:11547384): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251\""}
{"ts": "2026-04-30T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593597.414:11547384): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process315614959\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251/f3f4c80f28caf839e5f2806796e38fc0fc62a4f6812d9733a6db6ab85677ac31.pid\" a14=\"2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251\""}
{"ts": "2026-04-30T23:59:57Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593597.414:11547384): arch=c000003e syscall=59 success=yes exit=0 a0=c000140690 a1=c000103c00 a2=c000103c80 a3=0 items=2 ppid=3626 pid=2862816 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593596.877:11547383): proctitle=677265700077696E646D696C6C"}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593596.877:11547383): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593596.877:11547383): item=0 name=\"/usr/bin/grep\" inode=8524666 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593596.877:11547383): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593596.877:11547383): argc=2 a0=\"grep\" a1=\"windmill\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593596.877:11547383): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593596.877:11547383): arch=c000003e syscall=59 success=yes exit=0 a0=558e4f2e88a8 a1=558e4f2e8800 a2=558e4f2e8818 a3=ed27947a693b084d items=2 ppid=2862805 pid=2862812 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"grep\" exe=\"/usr/bin/grep\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593596.877:11547382): proctitle=707300617578"}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593596.877:11547382): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593596.877:11547382): item=0 name=\"/usr/bin/ps\" inode=8576698 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593596.877:11547382): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593596.877:11547382): argc=2 a0=\"ps\" a1=\"aux\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593596.877:11547382): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593596.877:11547382): arch=c000003e syscall=59 success=yes exit=0 a0=558e4f2e8888 a1=558e4f2e87e0 a2=558e4f2e87f8 a3=ed27947a693b084d items=2 ppid=2862805 pid=2862811 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"ps\" exe=\"/usr/bin/ps\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593596.871:11547381): proctitle=2F62696E2F7368002D6300707320617578207C20677265702077696E646D696C6C207C7C20657869742031"}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593596.871:11547381): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593596.871:11547381): item=0 name=\"/bin/sh\" inode=8524584 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593596.871:11547381): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593596.871:11547381): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=707320617578207C20677265702077696E646D696C6C207C7C20657869742031"}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593596.871:11547381): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593596.871:11547381): arch=c000003e syscall=59 success=yes exit=0 a0=c00018af20 a1=c000022ac0 a2=c000170a20 a3=0 items=2 ppid=4241 pid=2862805 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/usr/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593596.811:11547380): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593596.811:11547380): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593596.811:11547380): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593596.811:11547380): cwd=\"/var/lib/docker/rootfs/overlayfs/beba1a544e568fe258b36536f8a2534b89a2940ed13c0d80d5f6bf1281bee1a6\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593596.811:11547380): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593596.811:11547380): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c58a0 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=2862793 pid=2862803 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593596.797:11547379): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F62656261316135343465353638666532353862333635333666"}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593596.797:11547379): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593596.797:11547379): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593596.797:11547379): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/beba1a544e568fe258b36536f8a2534b89a2940ed13c0d80d5f6bf1281bee1a6\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593596.797:11547379): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/beba1a544e568fe258b36536f8a2534b89a2940ed13c0d80d5f6bf1281bee1a6/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1830575600\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/beba1a544e568fe258b36536f8a2534b89a2940ed13c0d80d5f6bf1281bee1a6/acc0c460e946050eeaa0fb513a1b8b0d263b047dccecdc1dc05fe8be11f8fc66.pid\" a14=\"beba1a544e568fe258b36536f8a2534b89a2940ed13c0d80d5f6bf1281bee1a6\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593596.797:11547379): arch=c000003e syscall=59 success=yes exit=0 a0=c0001953e0 a1=c0001fa680 a2=c0001fa700 a3=0 items=2 ppid=4241 pid=2862793 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593596.560:11547378): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593596.560:11547378): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593596.560:11547378): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593596.560:11547378): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593596.560:11547378): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593596.560:11547378): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593596.560:11547378): arch=c000003e syscall=59 success=yes exit=0 a0=75e2ac12cd60 a1=75e246587040 a2=6265ad214650 a3=8 items=2 ppid=5407 pid=2862791 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593596.560:11547377): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593596.560:11547377): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593596.560:11547377): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593596.560:11547377): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246587040 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2862791 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593596.560:11547376): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593596.560:11547376): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593596.560:11547376): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593596.560:11547376): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246587040 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2862791 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593596.560:11547375): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593596.560:11547375): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593596.560:11547375): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593596.560:11547375): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246587040 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2862791 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593596.559:11547374): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593596.559:11547374): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593596.559:11547374): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593596.559:11547374): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246587040 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2862791 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593596.559:11547373): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593596.559:11547373): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593596.559:11547373): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593596.559:11547373): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246587040 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2862791 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593596.559:11547372): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593596.559:11547372): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593596.559:11547372): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593596.559:11547372): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246587040 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2862791 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593596.558:11547371): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593596.558:11547371): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593596.558:11547371): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593596.558:11547371): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593596.558:11547371): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593596.558:11547371): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593596.558:11547371): arch=c000003e syscall=59 success=yes exit=0 a0=75e2ac12cd60 a1=75e26da2b520 a2=6265ad214650 a3=8 items=2 ppid=5407 pid=2862790 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593596.558:11547370): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593596.558:11547370): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593596.558:11547370): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593596.558:11547370): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e26da2b520 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2862790 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593596.558:11547369): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593596.558:11547369): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593596.558:11547369): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593596.558:11547369): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e26da2b520 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2862790 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593596.558:11547368): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593596.558:11547368): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593596.558:11547368): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593596.558:11547368): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e26da2b520 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2862790 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593596.558:11547367): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593596.558:11547367): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593596.558:11547367): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593596.558:11547367): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e26da2b520 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2862790 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593596.558:11547366): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593596.558:11547366): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593596.558:11547366): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593596.558:11547366): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e26da2b520 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2862790 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593596.556:11547365): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593596.556:11547365): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593596.556:11547365): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593596.556:11547365): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e26da2b520 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2862790 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593596.554:11547364): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593596.554:11547364): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593596.554:11547364): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593596.554:11547364): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593596.554:11547364): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593596.554:11547364): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593596.554:11547364): arch=c000003e syscall=59 success=yes exit=0 a0=75e2ac12cd60 a1=75e2460006e0 a2=6265ad214650 a3=8 items=2 ppid=5407 pid=2862789 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593596.554:11547363): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593596.554:11547363): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593596.554:11547363): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593596.554:11547363): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2460006e0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2862789 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593596.554:11547362): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593596.554:11547362): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593596.554:11547362): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593596.554:11547362): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2460006e0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2862789 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593596.554:11547361): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593596.554:11547361): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593596.554:11547361): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593596.554:11547361): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2460006e0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2862789 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593596.554:11547360): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593596.554:11547360): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593596.554:11547360): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593596.554:11547360): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2460006e0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2862789 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593596.553:11547359): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593596.553:11547359): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593596.553:11547359): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593596.553:11547359): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2460006e0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2862789 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593596.553:11547358): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593596.553:11547358): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593596.553:11547358): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593596.553:11547358): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2460006e0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2862789 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593596.494:11547357): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593596.494:11547357): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:50 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593596.494:11547357): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:50 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593596.494:11547357): cwd=\"/\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593596.494:11547357): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"postgres\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593596.494:11547357): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593596.494:11547357): arch=c000003e syscall=59 success=yes exit=0 a0=7dcf66ece288 a1=7dcf66ece1e8 a2=7dcf66ece208 a3=0 items=2 ppid=4000 pid=2862782 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593596.492:11547356): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593596.492:11547356): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:50 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593596.492:11547356): item=0 name=\"/bin/sh\" inode=8589166 dev=00:50 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593596.492:11547356): cwd=\"/\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593596.492:11547356): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593596.492:11547356): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593596.492:11547356): arch=c000003e syscall=59 success=yes exit=0 a0=c00018ef38 a1=c000022ac0 a2=c0001348c0 a3=0 items=2 ppid=2862769 pid=2862782 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593596.450:11547355): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593596.450:11547355): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593596.450:11547355): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593596.450:11547355): cwd=\"/var/lib/docker/rootfs/overlayfs/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593596.450:11547355): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593596.450:11547355): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b840 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=2862769 pid=2862779 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593596.434:11547354): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36653065616135386161643139626438656463306639353565"}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593596.434:11547354): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593596.434:11547354): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593596.434:11547354): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593596.434:11547354): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3223006055\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39/6803b516bfdd4c65b24510e12ab412f58f6da1860f29ea25b6b5b2ead687c6f0.pid\" a14=\"6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593596.434:11547354): arch=c000003e syscall=59 success=yes exit=0 a0=c0000a1c80 a1=c000308f80 a2=c000309000 a3=0 items=2 ppid=4000 pid=2862769 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593596.152:11547353): proctitle=6A71002D2D7261772D6F7574707574002E737461747573"}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593596.152:11547353): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:b6 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593596.152:11547353): item=0 name=\"/usr/bin/jq\" inode=7115963 dev=00:b6 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593596.152:11547353): cwd=\"/app\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593596.152:11547353): argc=3 a0=\"jq\" a1=\"--raw-output\" a2=\".status\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593596.152:11547353): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593596.152:11547353): arch=c000003e syscall=59 success=yes exit=0 a0=5b49b266d9a0 a1=5b49b266e280 a2=5b49b266a300 a3=8 items=2 ppid=2862766 pid=2862768 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"jq\" exe=\"/usr/bin/jq\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593596.152:11547352): proctitle=6375726C002D2D73696C656E7400687474703A2F2F3132372E302E302E313A38312F6170692F"}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593596.152:11547352): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:b6 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593596.152:11547352): item=0 name=\"/usr/bin/curl\" inode=7115848 dev=00:b6 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593596.152:11547352): cwd=\"/app\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593596.152:11547352): argc=3 a0=\"curl\" a1=\"--silent\" a2=\"http://127.0.0.1:81/api/\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593596.152:11547352): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593596.152:11547352): arch=c000003e syscall=59 success=yes exit=0 a0=5b49b266d9d0 a1=5b49b266e2b0 a2=5b49b266a300 a3=8 items=2 ppid=2862766 pid=2862767 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"curl\" exe=\"/usr/bin/curl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593596.145:11547351): proctitle=2F62696E2F62617368002F62696E2F636865636B2D6865616C7468"}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593596.145:11547351): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:b6 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593596.145:11547351): item=1 name=\"/bin/bash\" inode=6954383 dev=00:b6 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593596.145:11547351): item=0 name=\"/bin/check-health\" inode=8694993 dev=00:b6 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593596.145:11547351): cwd=\"/app\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593596.145:11547351): argc=2 a0=\"/bin/bash\" a1=\"/bin/check-health\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593596.145:11547351): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593596.145:11547351): arch=c000003e syscall=59 success=yes exit=0 a0=c000027518 a1=c00002ae00 a2=c00017c1e0 a3=0 items=3 ppid=2862749 pid=2862761 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"check-health\" exe=\"/usr/bin/bash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593596.099:11547350): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593596.099:11547350): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593596.099:11547350): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593596.099:11547350): cwd=\"/var/lib/docker/rootfs/overlayfs/3d00cea9d890ac76ec9bbdca47f4d82e83b0a918911a118694314103c0f1ab42\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593596.099:11547350): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593596.099:11547350): arch=c000003e syscall=59 success=yes exit=0 a0=c0002458b0 a1=c000249350 a2=c00024bc40 a3=0 items=2 ppid=2862749 pid=2862758 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593596.086:11547349): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F33643030636561396438393061633736656339626264636134"}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593596.086:11547349): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593596.086:11547349): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593596.086:11547349): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/3d00cea9d890ac76ec9bbdca47f4d82e83b0a918911a118694314103c0f1ab42\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593596.086:11547349): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/3d00cea9d890ac76ec9bbdca47f4d82e83b0a918911a118694314103c0f1ab42/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3805582684\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/3d00cea9d890ac76ec9bbdca47f4d82e83b0a918911a118694314103c0f1ab42/60c5638b96d934f1fd81f6e8be54017f8314667321bdf5cdf7bdf5522d9b4177.pid\" a14=\"3d00cea9d890ac76ec9bbdca47f4d82e83b0a918911a118694314103c0f1ab42\""}
{"ts": "2026-04-30T23:59:56Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593596.086:11547349): arch=c000003e syscall=59 success=yes exit=0 a0=c000119680 a1=c00044a280 a2=c00044a300 a3=0 items=2 ppid=4295 pid=2862749 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593595.016:11547348): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593595.016:11547348): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593595.016:11547348): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593595.016:11547348): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593595.016:11547348): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593595.016:11547348): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593595.016:11547348): arch=c000003e syscall=59 success=yes exit=0 a0=7faf8d900d60 a1=7faeecc35c80 a2=634a8a009a40 a3=8 items=2 ppid=5417 pid=2862747 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593595.015:11547347): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593595.015:11547347): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593595.015:11547347): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593595.015:11547347): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeecc35c80 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2862747 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593595.015:11547346): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593595.015:11547346): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593595.015:11547346): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593595.015:11547346): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeecc35c80 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2862747 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593595.015:11547345): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593595.015:11547345): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593595.015:11547345): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593595.015:11547345): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeecc35c80 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2862747 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593595.015:11547344): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593595.015:11547344): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593595.015:11547344): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593595.015:11547344): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeecc35c80 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2862747 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593595.015:11547343): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593595.015:11547343): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593595.015:11547343): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593595.015:11547343): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeecc35c80 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2862747 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593595.015:11547342): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593595.015:11547342): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593595.015:11547342): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593595.015:11547342): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeecc35c80 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2862747 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593595.013:11547341): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593595.013:11547341): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593595.013:11547341): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593595.013:11547341): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593595.013:11547341): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593595.013:11547341): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593595.013:11547341): arch=c000003e syscall=59 success=yes exit=0 a0=7faf8d900d60 a1=7faeb7a10f40 a2=634a8a009a40 a3=8 items=2 ppid=5417 pid=2862746 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593595.013:11547340): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593595.013:11547340): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593595.013:11547340): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593595.013:11547340): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeb7a10f40 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2862746 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593595.013:11547339): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593595.013:11547339): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593595.013:11547339): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593595.013:11547339): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeb7a10f40 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2862746 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593595.013:11547338): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593595.013:11547338): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593595.013:11547338): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593595.013:11547338): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeb7a10f40 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2862746 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593595.013:11547337): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593595.013:11547337): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593595.013:11547337): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593595.013:11547337): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeb7a10f40 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2862746 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593595.013:11547336): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593595.013:11547336): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593595.013:11547336): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593595.013:11547336): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeb7a10f40 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2862746 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593595.013:11547335): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593595.013:11547335): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593595.013:11547335): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593595.013:11547335): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeb7a10f40 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2862746 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593595.010:11547334): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593595.010:11547334): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593595.010:11547334): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593595.010:11547334): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593595.010:11547334): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593595.010:11547334): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593595.010:11547334): arch=c000003e syscall=59 success=yes exit=0 a0=7faf8d900d60 a1=7faeecc024c0 a2=634a8a009a40 a3=8 items=2 ppid=5417 pid=2862745 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593595.010:11547333): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593595.010:11547333): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593595.010:11547333): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593595.010:11547333): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeecc024c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2862745 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593595.010:11547332): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593595.010:11547332): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593595.010:11547332): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593595.010:11547332): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeecc024c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2862745 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593595.010:11547331): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593595.010:11547331): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593595.010:11547331): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593595.010:11547331): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeecc024c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2862745 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593595.010:11547330): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593595.010:11547330): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593595.010:11547330): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593595.010:11547330): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeecc024c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2862745 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593595.010:11547329): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593595.010:11547329): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593595.010:11547329): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593595.010:11547329): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeecc024c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2862745 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593595.010:11547328): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593595.010:11547328): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593595.010:11547328): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:55Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593595.010:11547328): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeecc024c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2862745 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593594.144:11547327): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593594.144:11547327): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593594.144:11547327): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593594.144:11547327): cwd=\"/var/lib/docker/rootfs/overlayfs/7e96c0f67233d10fc0728f922615e0e7f5d3377f41b4a6a05124441cfe955e5f\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593594.144:11547327): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593594.144:11547327): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5890 a1=c0001c9350 a2=c0001cbc40 a3=0 items=2 ppid=2862725 pid=2862735 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593594.138:11547326): proctitle=6D617269616462002D2D64656661756C74732D65787472612D66696C653D2F7661722F6C69622F6D7973716C2F2E6D792D6865616C7468636865636B2E636E66002D2D70726F746F636F6C00736F636B6574002D42002D2D736B69702D636F6C756D6E2D6E616D6573002D650073656C65637420312066726F6D20696E666F72"}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593594.138:11547326): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593594.138:11547326): item=0 name=\"/usr/bin/mariadb\" inode=7117817 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593594.138:11547326): cwd=\"/\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593594.138:11547326): argc=8 a0=\"mariadb\" a1=\"--defaults-extra-file=/var/lib/mysql/.my-healthcheck.cnf\" a2=\"--protocol\" a3=\"socket\" a4=\"-B\" a5=\"--skip-column-names\" a6=\"-e\" a7=73656C65637420312066726F6D20696E666F726D6174696F6E5F736368656D612E454E47494E455320574845524520656E67696E653D27696E6E6F64622720414E4420737570706F727420696E202827594553272C202744454641554C54272C2027454E41424C45442729"}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593594.138:11547326): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593594.138:11547326): arch=c000003e syscall=59 success=yes exit=0 a0=61b5757db990 a1=61b5757fd9c0 a2=61b5757dc860 a3=8 items=2 ppid=2862712 pid=2862731 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"mariadb\" exe=\"/usr/bin/mariadb\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593594.128:11547325): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F37653936633066363732333364313066633037323866393232"}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593594.128:11547325): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593594.128:11547325): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593594.128:11547325): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/7e96c0f67233d10fc0728f922615e0e7f5d3377f41b4a6a05124441cfe955e5f\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593594.128:11547325): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/7e96c0f67233d10fc0728f922615e0e7f5d3377f41b4a6a05124441cfe955e5f/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2248607337\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/7e96c0f67233d10fc0728f922615e0e7f5d3377f41b4a6a05124441cfe955e5f/b038e483dd88bf9ca4087869dde274ce10d14549dec63415fc4312a5c903ac1b.pid\" a14=\"7e96c0f67233d10fc0728f922615e0e7f5d3377f41b4a6a05124441cfe955e5f\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593594.128:11547325): arch=c000003e syscall=59 success=yes exit=0 a0=c0000a6ca0 a1=c0002b1a00 a2=c0002b1a80 a3=0 items=2 ppid=3913 pid=2862725 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593594.121:11547324): proctitle=6D617269616462002D2D64656661756C74732D65787472612D66696C653D2F7661722F6C69622F6D7973716C2F2E6D792D6865616C7468636865636B2E636E66002D2D70726F746F636F6C00736F636B6574002D42002D2D736B69702D636F6C756D6E2D6E616D6573002D650073656C656374204040736B69705F6E6574776F"}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593594.121:11547324): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593594.121:11547324): item=0 name=\"/usr/bin/mariadb\" inode=7117817 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593594.121:11547324): cwd=\"/\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593594.121:11547324): argc=8 a0=\"mariadb\" a1=\"--defaults-extra-file=/var/lib/mysql/.my-healthcheck.cnf\" a2=\"--protocol\" a3=\"socket\" a4=\"-B\" a5=\"--skip-column-names\" a6=\"-e\" a7=73656C656374204040736B69705F6E6574776F726B696E67"}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593594.121:11547324): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593594.121:11547324): arch=c000003e syscall=59 success=yes exit=0 a0=61b5757dbfe0 a1=61b5757fd810 a2=61b5757dc4a0 a3=8 items=2 ppid=2862712 pid=2862724 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"mariadb\" exe=\"/usr/bin/mariadb\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593594.118:11547323): proctitle=77676574002D2D737069646572002D7100687474703A2F2F3132372E302E302E313A383038302F737461747573"}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593594.118:11547323): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:37 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593594.118:11547323): item=0 name=\"/usr/bin/wget\" inode=3454556 dev=00:37 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593594.118:11547323): cwd=\"/data\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593594.118:11547323): argc=4 a0=\"wget\" a1=\"--spider\" a2=\"-q\" a3=\"http://127.0.0.1:8080/status\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593594.118:11547323): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593594.118:11547323): arch=c000003e syscall=59 success=yes exit=0 a0=7a90ff999408 a1=7a90ff9993b0 a2=7a90ff9993d8 a3=8080808080808080 items=2 ppid=2862710 pid=2862723 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593594.115:11547322): proctitle=2F62696E2F7368002D630077676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A383038302F737461747573207C7C20657869742031"}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593594.115:11547322): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:37 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593594.115:11547322): item=0 name=\"/bin/sh\" inode=3454556 dev=00:37 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593594.115:11547322): cwd=\"/data\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593594.115:11547322): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=77676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A383038302F737461747573207C7C20657869742031"}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593594.115:11547322): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593594.115:11547322): arch=c000003e syscall=59 success=yes exit=0 a0=c00018af28 a1=c000022ac0 a2=c000022ae0 a3=0 items=2 ppid=2862685 pid=2862710 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593594.113:11547321): proctitle=2F62696E2F62617368002F7573722F6C6F63616C2F62696E2F6865616C7468636865636B2E7368002D2D636F6E6E656374002D2D696E6E6F64625F696E697469616C697A6564"}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593594.113:11547321): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593594.113:11547321): item=1 name=\"/bin/bash\" inode=6963796 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593594.113:11547321): item=0 name=\"/usr/local/bin/healthcheck.sh\" inode=7348502 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593594.113:11547321): cwd=\"/\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593594.113:11547321): argc=4 a0=\"/bin/bash\" a1=\"/usr/local/bin/healthcheck.sh\" a2=\"--connect\" a3=\"--innodb_initialized\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593594.113:11547321): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593594.113:11547321): arch=c000003e syscall=59 success=yes exit=0 a0=c0000289a0 a1=c000022aa0 a2=c00013a320 a3=0 items=3 ppid=2862686 pid=2862712 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"healthcheck.sh\" exe=\"/usr/bin/bash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593594.071:11547320): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593594.071:11547320): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593594.071:11547320): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:173 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593594.071:11547320): cwd=\"/var/lib/docker/rootfs/overlayfs/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593594.071:11547320): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593594.071:11547320): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5890 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=2862686 pid=2862707 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593594.069:11547319): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593594.069:11547319): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593594.069:11547319): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cc mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593594.069:11547319): cwd=\"/var/lib/docker/rootfs/overlayfs/9d998ef1eacb3b076ca0da4256f08add55d0bbb54d81229185d76af8553a0c77\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593594.069:11547319): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593594.069:11547319): arch=c000003e syscall=59 success=yes exit=0 a0=c0001cd870 a1=c0001d1350 a2=c0001d3c40 a3=0 items=2 ppid=2862685 pid=2862700 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593594.057:11547318): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F37656465303139653363623065383839303138636162386266"}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593594.057:11547318): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593594.057:11547318): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593594.057:11547318): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593594.057:11547318): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process832957672\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7/72d0b1ab010c414e0d594cae0e82204d6ab791bee800e2ea2910929bbec91412.pid\" a14=\"7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593594.057:11547318): arch=c000003e syscall=59 success=yes exit=0 a0=c0002b3710 a1=c0004ca700 a2=c0004ca780 a3=0 items=2 ppid=4475 pid=2862686 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593594.055:11547317): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F39643939386566316561636233623037366361306461343235"}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593594.055:11547317): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593594.055:11547317): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593594.055:11547317): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/9d998ef1eacb3b076ca0da4256f08add55d0bbb54d81229185d76af8553a0c77\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593594.055:11547317): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/9d998ef1eacb3b076ca0da4256f08add55d0bbb54d81229185d76af8553a0c77/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process4129513619\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/9d998ef1eacb3b076ca0da4256f08add55d0bbb54d81229185d76af8553a0c77/b6ae4c0ff46b0d89f7d9c5a0772825ba5afe5c5c8297813eaf1e81773082676b.pid\" a14=\"9d998ef1eacb3b076ca0da4256f08add55d0bbb54d81229185d76af8553a0c77\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593594.055:11547317): arch=c000003e syscall=59 success=yes exit=0 a0=c000326910 a1=c0001a9580 a2=c0001a9680 a3=0 items=2 ppid=2253 pid=2862685 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593593.996:11547316): proctitle=6375726C002D6600687474703A2F2F6C6F63616C686F73743A383030302F6170692F76312F686561727462656174"}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593593.996:11547316): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6817536 dev=00:8e mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593593.996:11547316): item=0 name=\"/usr/bin/curl\" inode=6830784 dev=00:8e mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593593.996:11547316): cwd=\"/chroma\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593593.996:11547316): argc=3 a0=\"curl\" a1=\"-f\" a2=\"http://localhost:8000/api/v1/heartbeat\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593593.996:11547316): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593593.996:11547316): arch=c000003e syscall=59 success=yes exit=0 a0=c00018aeb0 a1=c000022ac0 a2=c000134930 a3=0 items=2 ppid=2862667 pid=2862679 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"curl\" exe=\"/usr/bin/curl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593593.952:11547315): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593593.952:11547315): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593593.952:11547315): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593593.952:11547315): cwd=\"/var/lib/docker/rootfs/overlayfs/15d7c01eab750dd5d1697f885100eb074f3a5095b1e73b1cc7a531eedb613268\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593593.952:11547315): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593593.952:11547315): arch=c000003e syscall=59 success=yes exit=0 a0=c0001eb840 a1=c0001ef338 a2=c0001f1c40 a3=0 items=2 ppid=2862667 pid=2862677 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593593.938:11547314): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F31356437633031656162373530646435643136393766383835"}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593593.938:11547314): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593593.938:11547314): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593593.938:11547314): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/15d7c01eab750dd5d1697f885100eb074f3a5095b1e73b1cc7a531eedb613268\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593593.938:11547314): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/15d7c01eab750dd5d1697f885100eb074f3a5095b1e73b1cc7a531eedb613268/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1853317193\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/15d7c01eab750dd5d1697f885100eb074f3a5095b1e73b1cc7a531eedb613268/817a8dc47d573bdefaa2a30dfdc050ad7d58870557b18e009e0575e55bad1af3.pid\" a14=\"15d7c01eab750dd5d1697f885100eb074f3a5095b1e73b1cc7a531eedb613268\""}
{"ts": "2026-04-30T23:59:54Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593593.938:11547314): arch=c000003e syscall=59 success=yes exit=0 a0=c0002722e0 a1=c0001ac180 a2=c0001ac200 a3=0 items=2 ppid=4484 pid=2862667 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593593.598:11547313): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593593.598:11547313): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593593.598:11547313): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593593.598:11547313): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593593.598:11547313): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593593.598:11547313): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593593.598:11547313): arch=c000003e syscall=59 success=yes exit=0 a0=76617ac47d60 a1=7660bbc48b40 a2=5669b9d93a40 a3=8 items=2 ppid=5468 pid=2862666 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593593.598:11547312): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593593.598:11547312): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593593.598:11547312): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593593.598:11547312): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48b40 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2862666 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593593.598:11547311): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593593.598:11547311): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593593.598:11547311): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593593.598:11547311): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48b40 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2862666 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593593.598:11547310): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593593.598:11547310): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593593.598:11547310): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593593.598:11547310): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48b40 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2862666 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593593.598:11547309): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593593.598:11547309): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593593.598:11547309): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593593.598:11547309): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48b40 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2862666 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593593.598:11547308): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593593.598:11547308): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593593.598:11547308): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593593.598:11547308): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48b40 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2862666 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593593.598:11547307): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593593.598:11547307): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593593.598:11547307): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593593.598:11547307): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48b40 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2862666 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593593.595:11547306): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593593.595:11547306): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593593.595:11547306): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593593.595:11547306): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593593.595:11547306): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593593.595:11547306): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593593.595:11547306): arch=c000003e syscall=59 success=yes exit=0 a0=76617ac47d60 a1=7660bbc48e40 a2=5669b9d93a40 a3=8 items=2 ppid=5468 pid=2862665 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593593.595:11547305): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593593.595:11547305): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593593.595:11547305): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593593.595:11547305): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48e40 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2862665 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593593.595:11547304): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593593.595:11547304): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593593.595:11547304): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593593.595:11547304): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48e40 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2862665 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593593.595:11547303): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593593.595:11547303): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593593.595:11547303): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593593.595:11547303): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48e40 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2862665 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593593.595:11547302): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593593.595:11547302): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593593.595:11547302): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593593.595:11547302): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48e40 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2862665 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593593.595:11547301): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593593.595:11547301): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593593.595:11547301): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593593.595:11547301): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48e40 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2862665 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593593.594:11547300): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593593.594:11547300): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593593.594:11547300): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593593.594:11547300): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48e40 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2862665 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593593.592:11547299): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593593.592:11547299): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593593.592:11547299): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593593.592:11547299): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593593.592:11547299): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593593.592:11547299): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593593.592:11547299): arch=c000003e syscall=59 success=yes exit=0 a0=76617ac47d60 a1=7660bbc48a20 a2=5669b9d93a40 a3=8 items=2 ppid=5468 pid=2862664 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593593.591:11547298): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593593.591:11547298): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593593.591:11547298): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593593.591:11547298): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48a20 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2862664 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593593.591:11547297): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593593.591:11547297): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593593.591:11547297): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593593.591:11547297): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48a20 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2862664 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593593.591:11547296): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593593.591:11547296): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593593.591:11547296): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593593.591:11547296): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48a20 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2862664 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593593.591:11547295): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593593.591:11547295): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593593.591:11547295): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593593.591:11547295): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48a20 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2862664 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593593.591:11547294): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593593.591:11547294): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593593.591:11547294): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593593.591:11547294): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48a20 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2862664 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593593.591:11547293): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593593.591:11547293): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593593.591:11547293): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593593.591:11547293): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48a20 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2862664 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593593.530:11547292): proctitle=77676574002D2D737069646572002D7100687474703A2F2F3132372E302E302E313A383038302F737461747573"}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593593.530:11547292): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:36 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593593.530:11547292): item=0 name=\"/usr/bin/wget\" inode=3454556 dev=00:36 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593593.530:11547292): cwd=\"/data\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593593.530:11547292): argc=4 a0=\"wget\" a1=\"--spider\" a2=\"-q\" a3=\"http://127.0.0.1:8080/status\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593593.530:11547292): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593593.530:11547292): arch=c000003e syscall=59 success=yes exit=0 a0=72c784fb3408 a1=72c784fb33b0 a2=72c784fb33d8 a3=8080808080808080 items=2 ppid=2862657 pid=2862663 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593593.527:11547291): proctitle=2F62696E2F7368002D630077676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A383038302F737461747573207C7C20657869742031"}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593593.527:11547291): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:36 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593593.527:11547291): item=0 name=\"/bin/sh\" inode=3454556 dev=00:36 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593593.527:11547291): cwd=\"/data\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593593.527:11547291): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=77676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A383038302F737461747573207C7C20657869742031"}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593593.527:11547291): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593593.527:11547291): arch=c000003e syscall=59 success=yes exit=0 a0=c00018cf28 a1=c000022ac0 a2=c000022ae0 a3=0 items=2 ppid=2862645 pid=2862657 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593593.487:11547290): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593593.487:11547290): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593593.487:11547290): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593593.487:11547290): cwd=\"/var/lib/docker/rootfs/overlayfs/dc584acf339b0dd02a15498b48f6353fdccfb4b26c1ae9c833c37fffce3c4bfa\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593593.487:11547290): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593593.487:11547290): arch=c000003e syscall=59 success=yes exit=0 a0=c0001cd870 a1=c0001d1350 a2=c0001d3c00 a3=0 items=2 ppid=2862645 pid=2862654 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593593.471:11547289): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F64633538346163663333396230646430326131353439386234"}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593593.471:11547289): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593593.471:11547289): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593593.471:11547289): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/dc584acf339b0dd02a15498b48f6353fdccfb4b26c1ae9c833c37fffce3c4bfa\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593593.471:11547289): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/dc584acf339b0dd02a15498b48f6353fdccfb4b26c1ae9c833c37fffce3c4bfa/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1080145297\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/dc584acf339b0dd02a15498b48f6353fdccfb4b26c1ae9c833c37fffce3c4bfa/1d75fac082ed8a5754938d54e902bf15bfb17390c967632c83fcbf9e4edede79.pid\" a14=\"dc584acf339b0dd02a15498b48f6353fdccfb4b26c1ae9c833c37fffce3c4bfa\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593593.471:11547289): arch=c000003e syscall=59 success=yes exit=0 a0=c000195720 a1=c000233880 a2=c000233900 a3=0 items=2 ppid=2257 pid=2862645 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593593.442:11547288): proctitle=77676574002D2D737069646572002D2D717569657400687474703A2F2F6C6F63616C686F73743A39303030"}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593593.442:11547288): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6690187 dev=00:3e mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593593.442:11547288): item=0 name=\"/usr/bin/wget\" inode=6689540 dev=00:3e mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593593.442:11547288): cwd=\"/\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593593.442:11547288): argc=4 a0=\"wget\" a1=\"--spider\" a2=\"--quiet\" a3=\"http://localhost:9000\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593593.442:11547288): arch=c000003e syscall=59 success=yes exit=0 a0=c0000dde60 a1=c0000d7560 a2=c000022920 a3=0 items=2 ppid=3063 pid=2862639 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/bin/busybox\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593593.424:11547287): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593593.424:11547287): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593593.424:11547287): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593593.424:11547287): cwd=\"/var/lib/docker/rootfs/overlayfs/08ef8e2f2653a795b49f9c31d690e5615c19f87e004231b8cb85077d9147f610\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593593.424:11547287): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593593.424:11547287): arch=c000003e syscall=59 success=yes exit=0 a0=c00017bb30 a1=c0000a7038 a2=c0000b7bc0 a3=0 items=2 ppid=2862627 pid=2862636 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593593.410:11547286): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F30386566386532663236353361373935623439663963333164"}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593593.410:11547286): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593593.410:11547286): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593593.410:11547286): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/08ef8e2f2653a795b49f9c31d690e5615c19f87e004231b8cb85077d9147f610\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593593.410:11547286): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/08ef8e2f2653a795b49f9c31d690e5615c19f87e004231b8cb85077d9147f610/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1090150698\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/08ef8e2f2653a795b49f9c31d690e5615c19f87e004231b8cb85077d9147f610/fd916d89274f0180ca31f5170e3f346d035f5e4dae6c3a4fbafbd53e90e4225b.pid\" a14=\"08ef8e2f2653a795b49f9c31d690e5615c19f87e004231b8cb85077d9147f610\""}
{"ts": "2026-04-30T23:59:53Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593593.410:11547286): arch=c000003e syscall=59 success=yes exit=0 a0=c0002a2a50 a1=c00018c080 a2=c00018c100 a3=0 items=2 ppid=3063 pid=2862627 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593592.573:11547285): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593592.573:11547285): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6694357 dev=00:4b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593592.573:11547285): item=0 name=\"/usr/local/bin/redis-cli\" inode=6703632 dev=00:4b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593592.573:11547285): cwd=\"/data\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593592.573:11547285): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593592.573:11547285): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593592.573:11547285): arch=c000003e syscall=59 success=yes exit=0 a0=c000028760 a1=c00009f350 a2=c0001651c0 a3=0 items=2 ppid=2638 pid=2862612 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593592.571:11547284): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593592.571:11547284): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6694357 dev=00:4a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593592.571:11547284): item=0 name=\"/usr/local/bin/redis-cli\" inode=6703632 dev=00:4a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593592.571:11547284): cwd=\"/data\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593592.571:11547284): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593592.571:11547284): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593592.571:11547284): arch=c000003e syscall=59 success=yes exit=0 a0=c000028760 a1=c00009f350 a2=c0001671c0 a3=0 items=2 ppid=2862586 pid=2862613 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593592.524:11547283): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593592.524:11547283): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593592.524:11547283): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:173 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593592.524:11547283): cwd=\"/var/lib/docker/rootfs/overlayfs/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593592.524:11547283): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593592.524:11547283): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b830 a1=c00017f338 a2=c000201c40 a3=0 items=2 ppid=2862586 pid=2862605 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593592.523:11547282): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593592.523:11547282): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593592.523:11547282): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cc mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593592.523:11547282): cwd=\"/var/lib/docker/rootfs/overlayfs/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593592.523:11547282): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593592.523:11547282): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5880 a1=c0001c9350 a2=c0001cbc40 a3=0 items=2 ppid=2862585 pid=2862600 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593592.510:11547281): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F34636330343638363065393965643463653631636334663763"}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593592.510:11547281): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593592.510:11547281): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593592.510:11547281): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593592.510:11547281): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1429775993\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d/a9457acf454402897319e8f92a472597b0672d80d9f269ae0e868b0209699bf1.pid\" a14=\"4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593592.510:11547281): arch=c000003e syscall=59 success=yes exit=0 a0=c0003b3d80 a1=c0003ce080 a2=c0003ce100 a3=0 items=2 ppid=3571 pid=2862586 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593592.508:11547280): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F30613638333732643666643238323031363834626539383237"}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593592.508:11547280): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593592.508:11547280): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593592.508:11547280): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593592.508:11547280): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2496544067\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748/91623053763bb5ff85a90430f2f2b0b2b503729f15aaf8ee5a0d0e53f62dbf04.pid\" a14=\"0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593592.508:11547280): arch=c000003e syscall=59 success=yes exit=0 a0=c0000119b0 a1=c0003da100 a2=c0003da180 a3=0 items=2 ppid=2638 pid=2862585 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593592.433:11547279): proctitle=6375726C002D6600687474703A2F2F6C6F63616C686F73743A383434332F6865616C74687A"}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593592.433:11547279): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8277530 dev=00:96 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593592.433:11547279): item=0 name=\"/usr/bin/curl\" inode=8272239 dev=00:96 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593592.433:11547279): cwd=\"/\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593592.433:11547279): argc=3 a0=\"curl\" a1=\"-f\" a2=\"http://localhost:8443/healthz\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593592.433:11547279): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593592.433:11547279): arch=c000003e syscall=59 success=yes exit=0 a0=c00018cd80 a1=c000022ac0 a2=c000170ab0 a3=0 items=2 ppid=3416 pid=2862579 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"curl\" exe=\"/usr/bin/curl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593592.391:11547278): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593592.391:11547278): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593592.391:11547278): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593592.391:11547278): cwd=\"/var/lib/docker/rootfs/overlayfs/39100183abc56a19c2ae07206cdab399444cf7fa09e4b9d16d02b58b22eb293c\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593592.391:11547278): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593592.391:11547278): arch=c000003e syscall=59 success=yes exit=0 a0=c0001cd910 a1=c0001d1350 a2=c0001d3c40 a3=0 items=2 ppid=2862567 pid=2862576 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593592.377:11547277): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F33393130303138336162633536613139633261653037323036"}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593592.377:11547277): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593592.377:11547277): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593592.377:11547277): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/39100183abc56a19c2ae07206cdab399444cf7fa09e4b9d16d02b58b22eb293c\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593592.377:11547277): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/39100183abc56a19c2ae07206cdab399444cf7fa09e4b9d16d02b58b22eb293c/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2783488503\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/39100183abc56a19c2ae07206cdab399444cf7fa09e4b9d16d02b58b22eb293c/f9b5e397dde0666e4d75a067ab404743f34c5967fc2c5f8c8fe8caeb8581ae00.pid\" a14=\"39100183abc56a19c2ae07206cdab399444cf7fa09e4b9d16d02b58b22eb293c\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593592.377:11547277): arch=c000003e syscall=59 success=yes exit=0 a0=c000010ef0 a1=c0000e6200 a2=c0000e6280 a3=0 items=2 ppid=3416 pid=2862567 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593592.183:11547276): proctitle=67726570003A30424238002F70726F632F6E65742F746370"}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593592.183:11547276): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6834212 dev=00:9d mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593592.183:11547276): item=0 name=\"/bin/grep\" inode=6832538 dev=00:9d mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593592.183:11547276): cwd=\"/app\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593592.183:11547276): argc=3 a0=\"grep\" a1=\":0BB8\" a2=\"/proc/net/tcp\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593592.183:11547276): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593592.183:11547276): arch=c000003e syscall=59 success=yes exit=0 a0=653b69e5c758 a1=653b4de8f990 a2=653b69e5c6e8 a3=8 items=2 ppid=2862559 pid=2862565 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"grep\" exe=\"/bin/grep\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593592.179:11547275): proctitle=2F62696E2F7368002D630067726570203A30424238202F70726F632F6E65742F746370207C7C20657869742031"}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593592.179:11547275): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6834212 dev=00:9d mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593592.179:11547275): item=0 name=\"/bin/sh\" inode=6832457 dev=00:9d mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593592.179:11547275): cwd=\"/app\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593592.179:11547275): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=67726570203A30424238202F70726F632F6E65742F746370207C7C20657869742031"}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593592.179:11547275): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593592.179:11547275): arch=c000003e syscall=59 success=yes exit=0 a0=c00019eee8 a1=c000022680 a2=c0001508c0 a3=0 items=2 ppid=2862546 pid=2862559 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593592.137:11547274): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593592.137:11547274): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593592.137:11547274): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593592.137:11547274): cwd=\"/var/lib/docker/rootfs/overlayfs/99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593592.137:11547274): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593592.137:11547274): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b840 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=2862546 pid=2862555 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593592.124:11547273): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F39393735326335353431306262366163653365353739303464"}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593592.124:11547273): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593592.124:11547273): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593592.124:11547273): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593592.124:11547273): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3446249427\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2/5a5d7de76227bbde16ad561fa781f3d5320d44d69f5899657957851728abda8b.pid\" a14=\"99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2\""}
{"ts": "2026-04-30T23:59:52Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593592.124:11547273): arch=c000003e syscall=59 success=yes exit=0 a0=c000318f70 a1=c000208e00 a2=c000208e80 a3=0 items=2 ppid=4578 pid=2862546 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593591.886:11547272): proctitle=2F62696E2F7368002D630070675F69737265616479202D552077696E646D696C6C5F75736572202D642077696E646D696C6C5F6462"}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593591.886:11547272): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:53 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593591.886:11547272): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:53 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593591.886:11547272): cwd=\"/\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593591.886:11547272): argc=5 a0=\"pg_isready\" a1=\"-U\" a2=\"windmill_user\" a3=\"-d\" a4=\"windmill_db\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593591.886:11547272): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593591.886:11547272): arch=c000003e syscall=59 success=yes exit=0 a0=7004db8073f8 a1=7004db807290 a2=7004db807378 a3=0 items=2 ppid=3688 pid=2862538 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593591.882:11547271): proctitle=2F62696E2F7368002D630070675F69737265616479202D552077696E646D696C6C5F75736572202D642077696E646D696C6C5F6462"}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593591.882:11547271): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:53 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593591.882:11547271): item=0 name=\"/bin/sh\" inode=8589166 dev=00:53 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593591.882:11547271): cwd=\"/\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593591.882:11547271): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552077696E646D696C6C5F75736572202D642077696E646D696C6C5F6462"}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593591.882:11547271): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593591.882:11547271): arch=c000003e syscall=59 success=yes exit=0 a0=c000196f68 a1=c000022680 a2=c0000d88c0 a3=0 items=2 ppid=3688 pid=2862538 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593591.840:11547270): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520617065785F75736572202D6420617065785F6462"}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593591.840:11547270): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:69 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593591.840:11547270): item=0 name=\"/usr/local/bin/pg_isready\" inode=6091069 dev=00:69 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593591.840:11547270): cwd=\"/\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593591.840:11547270): argc=5 a0=\"pg_isready\" a1=\"-U\" a2=\"apex_user\" a3=\"-d\" a4=\"apex_db\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593591.840:11547270): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593591.840:11547270): arch=c000003e syscall=59 success=yes exit=0 a0=753caa6053f8 a1=753caa605278 a2=753caa605378 a3=0 items=2 ppid=2862507 pid=2862519 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593591.837:11547269): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520617065785F75736572202D6420617065785F6462"}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593591.837:11547269): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:69 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593591.837:11547269): item=0 name=\"/bin/sh\" inode=3454556 dev=00:69 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593591.837:11547269): cwd=\"/\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593591.837:11547269): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520617065785F75736572202D6420617065785F6462"}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593591.837:11547269): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593591.837:11547269): arch=c000003e syscall=59 success=yes exit=0 a0=c00019cf68 a1=c000022680 a2=c0001508c0 a3=0 items=2 ppid=2862507 pid=2862519 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593591.828:11547268): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593591.828:11547268): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593591.828:11547268): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:173 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593591.828:11547268): cwd=\"/var/lib/docker/rootfs/overlayfs/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593591.828:11547268): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593591.828:11547268): arch=c000003e syscall=59 success=yes exit=0 a0=c0001eb840 a1=c0001ef338 a2=c0001f1c40 a3=0 items=2 ppid=2862525 pid=2862535 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593591.813:11547267): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F32613336356335636263646565393463656638656238333338"}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593591.813:11547267): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593591.813:11547267): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593591.813:11547267): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593591.813:11547267): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1583174698\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c/860d2414ec1f8c17027996d3b8f76da411cba604097877d378fa8da4ce4cca6e.pid\" a14=\"2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593591.813:11547267): arch=c000003e syscall=59 success=yes exit=0 a0=c0002bfb80 a1=c000410400 a2=c000410480 a3=0 items=2 ppid=3688 pid=2862525 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593591.794:11547266): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593591.794:11547266): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593591.794:11547266): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593591.794:11547266): cwd=\"/var/lib/docker/rootfs/overlayfs/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593591.794:11547266): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593591.794:11547266): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b840 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=2862507 pid=2862516 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593591.777:11547265): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F63316638663937643533353936653936373532306466353366"}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593591.777:11547265): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593591.777:11547265): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593591.777:11547265): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593591.777:11547265): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process171321828\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83/c01f22cbde1a55088040f1665cccb190696321d138578e793209a38082db7e16.pid\" a14=\"c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593591.777:11547265): arch=c000003e syscall=59 success=yes exit=0 a0=c0000119d0 a1=c0003f2480 a2=c0003f2500 a3=0 items=2 ppid=3652 pid=2862507 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593591.747:11547264): proctitle=2F62696E2F7368002D630070675F69737265616479202D552074797065626F74"}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593591.747:11547264): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:51 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593591.747:11547264): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:51 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593591.747:11547264): cwd=\"/\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593591.747:11547264): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"typebot\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593591.747:11547264): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593591.747:11547264): arch=c000003e syscall=59 success=yes exit=0 a0=77fcc6d00278 a1=77fcc6d001d8 a2=77fcc6d001f8 a3=8080808080808080 items=2 ppid=3558 pid=2862500 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593591.744:11547263): proctitle=2F62696E2F7368002D630070675F69737265616479202D552074797065626F74"}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593591.744:11547263): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:51 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593591.744:11547263): item=0 name=\"/bin/sh\" inode=8589166 dev=00:51 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593591.744:11547263): cwd=\"/\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593591.744:11547263): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552074797065626F74"}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593591.744:11547263): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593591.744:11547263): arch=c000003e syscall=59 success=yes exit=0 a0=c00018af38 a1=c000022ac0 a2=c0001348c0 a3=0 items=2 ppid=2862488 pid=2862500 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593591.704:11547262): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593591.704:11547262): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593591.704:11547262): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593591.704:11547262): cwd=\"/var/lib/docker/rootfs/overlayfs/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593591.704:11547262): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593591.704:11547262): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5890 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=2862488 pid=2862497 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593591.690:11547261): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F61353866643439636235323962633263336335663434343763"}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593591.690:11547261): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593591.690:11547261): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593591.690:11547261): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593591.690:11547261): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3358639850\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b/52a1a8b9ff202c8447071b95d9ff42279167415da5de2cb07f8d3fd8cb5e11f2.pid\" a14=\"a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593591.690:11547261): arch=c000003e syscall=59 success=yes exit=0 a0=c000403360 a1=c000482100 a2=c000482180 a3=0 items=2 ppid=3558 pid=2862488 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593591.630:11547260): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520646F63757365616C"}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593591.630:11547260): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:54 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593591.630:11547260): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:54 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593591.630:11547260): cwd=\"/\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593591.630:11547260): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"docuseal\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593591.630:11547260): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593591.630:11547260): arch=c000003e syscall=59 success=yes exit=0 a0=71f611709288 a1=71f6117091e8 a2=71f611709208 a3=0 items=2 ppid=3223 pid=2862481 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593591.627:11547259): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520646F63757365616C"}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593591.627:11547259): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:54 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593591.627:11547259): item=0 name=\"/bin/sh\" inode=8589166 dev=00:54 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593591.627:11547259): cwd=\"/\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593591.627:11547259): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520646F63757365616C"}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593591.627:11547259): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593591.627:11547259): arch=c000003e syscall=59 success=yes exit=0 a0=c00018cf38 a1=c000022ac0 a2=c0001348c0 a3=0 items=2 ppid=2862469 pid=2862481 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593591.586:11547258): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593591.586:11547258): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593591.586:11547258): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593591.586:11547258): cwd=\"/var/lib/docker/rootfs/overlayfs/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593591.586:11547258): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593591.586:11547258): arch=c000003e syscall=59 success=yes exit=0 a0=c0001eb840 a1=c0001ef338 a2=c0001f1c40 a3=0 items=2 ppid=2862469 pid=2862478 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593591.571:11547257): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F33363066643730616536656237636435653039353463653966"}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593591.571:11547257): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593591.571:11547257): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593591.571:11547257): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593591.571:11547257): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3678949374\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a/5a243a155959efd185d351744a2c767b67d0d44fbf036d2e2762b1d7eb3176c3.pid\" a14=\"360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593591.571:11547257): arch=c000003e syscall=59 success=yes exit=0 a0=c0001dce30 a1=c0003c9500 a2=c0003c9580 a3=0 items=2 ppid=3223 pid=2862469 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593591.522:11547256): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593591.522:11547256): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=5809101 dev=00:5b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593591.522:11547256): item=0 name=\"/usr/local/bin/redis-cli\" inode=928088 dev=00:5b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593591.522:11547256): cwd=\"/data\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593591.522:11547256): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593591.522:11547256): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593591.522:11547256): arch=c000003e syscall=59 success=yes exit=0 a0=c000028760 a1=c00009f350 a2=c0001651c0 a3=0 items=2 ppid=2862450 pid=2862463 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593591.474:11547255): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593591.474:11547255): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593591.474:11547255): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593591.474:11547255): cwd=\"/var/lib/docker/rootfs/overlayfs/7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593591.474:11547255): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593591.474:11547255): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b830 a1=c00017f338 a2=c000201c00 a3=0 items=2 ppid=2862450 pid=2862460 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593591.460:11547254): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F37653133646436663732366137623537636331343730633130"}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593591.460:11547254): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593591.460:11547254): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593591.460:11547254): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593591.460:11547254): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1129701294\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc/09391b834c72a537adc71c88754a57a085b73b2b3a600aee67509f01284387cd.pid\" a14=\"7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc\""}
{"ts": "2026-04-30T23:59:51Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593591.460:11547254): arch=c000003e syscall=59 success=yes exit=0 a0=c000305250 a1=c0003e0880 a2=c0003e0900 a3=0 items=2 ppid=3759 pid=2862450 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593590.627:11547253): proctitle=6E6F6465002D65007265717569726528276874747027292E6765742827687474703A2F2F27202B207265717569726528276F7327292E686F73746E616D652829202B20273A333030302F272C2072203D3E2070726F636573732E657869742828722E737461747573436F6465203D3D3D20323030207C7C20722E737461747573"}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593590.627:11547253): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6834212 dev=00:8f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593590.627:11547253): item=0 name=\"/usr/local/bin/node\" inode=6881221 dev=00:8f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593590.627:11547253): cwd=\"/app\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593590.627:11547253): argc=3 a0=\"node\" a1=\"-e\" a2=7265717569726528276874747027292E6765742827687474703A2F2F27202B207265717569726528276F7327292E686F73746E616D652829202B20273A333030302F272C2072203D3E2070726F636573732E657869742828722E737461747573436F6465203D3D3D20323030207C7C20722E737461747573436F6465203D3D3D2033303729203F2030203A203129292E6F6E28276572726F72272C202829203D3E2070726F636573732E6578697428312929"}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593590.627:11547253): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593590.627:11547253): arch=c000003e syscall=59 success=yes exit=0 a0=58cbdbb0cc68 a1=58cbdbb0c8f8 a2=58cbdbb0cba8 a3=8 items=2 ppid=2862431 pid=2862438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"node\" exe=\"/usr/local/bin/node\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593590.622:11547252): proctitle=2F62696E2F7368002D63006E6F6465202D6520227265717569726528276874747027292E6765742827687474703A2F2F27202B207265717569726528276F7327292E686F73746E616D652829202B20273A333030302F272C2072203D3E2070726F636573732E657869742828722E737461747573436F6465203D3D3D20323030"}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593590.622:11547252): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6834212 dev=00:8f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593590.622:11547252): item=0 name=\"/bin/sh\" inode=6832457 dev=00:8f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593590.622:11547252): cwd=\"/app\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593590.622:11547252): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=6E6F6465202D6520227265717569726528276874747027292E6765742827687474703A2F2F27202B207265717569726528276F7327292E686F73746E616D652829202B20273A333030302F272C2072203D3E2070726F636573732E657869742828722E737461747573436F6465203D3D3D20323030207C7C20722E737461747573436F6465203D3D3D2033303729203F2030203A203129292E6F6E28276572726F72272C202829203D3E2070726F636573732E657869742831292922"}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593590.622:11547252): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593590.622:11547252): arch=c000003e syscall=59 success=yes exit=0 a0=c000198f08 a1=c000022680 a2=c0000c4240 a3=0 items=2 ppid=2862418 pid=2862431 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593590.573:11547251): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593590.573:11547251): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593590.573:11547251): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593590.573:11547251): cwd=\"/var/lib/docker/rootfs/overlayfs/62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593590.573:11547251): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593590.573:11547251): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b860 a1=c00017f338 a2=c000201c80 a3=0 items=2 ppid=2862418 pid=2862427 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593590.558:11547250): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36326666313836633935353866356138376238373161616432"}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593590.558:11547250): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593590.558:11547250): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593590.558:11547250): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593590.558:11547250): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3955195651\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638/4358e56d696cba9864751cb22f724284278f99862f22fb634e624afd964c95cc.pid\" a14=\"62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593590.558:11547250): arch=c000003e syscall=59 success=yes exit=0 a0=c00046c710 a1=c00041e580 a2=c00041e600 a3=0 items=2 ppid=4094 pid=2862418 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593590.547:11547249): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593590.547:11547249): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593590.547:11547249): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593590.547:11547249): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593590.547:11547249): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593590.547:11547249): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593590.547:11547249): arch=c000003e syscall=59 success=yes exit=0 a0=75e2ac12cd60 a1=75e26da2b520 a2=6265ad214650 a3=8 items=2 ppid=5407 pid=2862417 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593590.547:11547248): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593590.547:11547248): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593590.547:11547248): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593590.547:11547248): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e26da2b520 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2862417 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593590.547:11547247): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593590.547:11547247): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593590.547:11547247): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593590.547:11547247): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e26da2b520 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2862417 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593590.547:11547246): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593590.547:11547246): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593590.547:11547246): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593590.547:11547246): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e26da2b520 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2862417 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593590.547:11547245): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593590.547:11547245): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593590.547:11547245): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593590.547:11547245): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e26da2b520 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2862417 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593590.547:11547244): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593590.547:11547244): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593590.547:11547244): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593590.547:11547244): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e26da2b520 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2862417 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593590.547:11547243): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593590.547:11547243): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593590.547:11547243): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593590.547:11547243): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e26da2b520 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2862417 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593590.544:11547242): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593590.544:11547242): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593590.544:11547242): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593590.544:11547242): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593590.544:11547242): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593590.544:11547242): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593590.544:11547242): arch=c000003e syscall=59 success=yes exit=0 a0=75e2ac12cd60 a1=75e26da00cc0 a2=6265ad214650 a3=8 items=2 ppid=5407 pid=2862416 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593590.544:11547241): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593590.544:11547241): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593590.544:11547241): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593590.544:11547241): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e26da00cc0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2862416 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593590.544:11547240): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593590.544:11547240): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593590.544:11547240): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593590.544:11547240): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e26da00cc0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2862416 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593590.544:11547239): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593590.544:11547239): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593590.544:11547239): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593590.544:11547239): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e26da00cc0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2862416 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593590.544:11547238): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593590.544:11547238): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593590.544:11547238): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593590.544:11547238): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e26da00cc0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2862416 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593590.544:11547237): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593590.544:11547237): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593590.544:11547237): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593590.544:11547237): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e26da00cc0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2862416 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593590.544:11547236): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593590.544:11547236): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593590.544:11547236): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593590.544:11547236): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e26da00cc0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2862416 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593590.541:11547235): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593590.541:11547235): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593590.541:11547235): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593590.541:11547235): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593590.541:11547235): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593590.541:11547235): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593590.541:11547235): arch=c000003e syscall=59 success=yes exit=0 a0=75e2ac12cd60 a1=75e2460006e0 a2=6265ad214650 a3=8 items=2 ppid=5407 pid=2862415 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593590.541:11547234): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593590.541:11547234): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593590.541:11547234): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593590.541:11547234): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2460006e0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2862415 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593590.541:11547233): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593590.541:11547233): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593590.541:11547233): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593590.541:11547233): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2460006e0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2862415 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593590.541:11547232): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593590.541:11547232): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593590.541:11547232): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593590.541:11547232): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2460006e0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2862415 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593590.541:11547231): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593590.541:11547231): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593590.541:11547231): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593590.541:11547231): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2460006e0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2862415 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593590.541:11547230): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593590.541:11547230): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593590.541:11547230): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593590.541:11547230): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2460006e0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2862415 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593590.540:11547229): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593590.540:11547229): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593590.540:11547229): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593590.540:11547229): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2460006e0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2862415 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593590.276:11547228): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593590.276:11547228): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:4f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593590.276:11547228): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:4f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593590.276:11547228): cwd=\"/\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593590.276:11547228): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"postgres\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593590.276:11547228): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593590.276:11547228): arch=c000003e syscall=59 success=yes exit=0 a0=7e26c1bbd288 a1=7e26c1bbd1e8 a2=7e26c1bbd208 a3=0 items=2 ppid=3630 pid=2862408 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593590.273:11547227): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593590.273:11547227): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:4f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593590.273:11547227): item=0 name=\"/bin/sh\" inode=8589166 dev=00:4f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593590.273:11547227): cwd=\"/\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593590.273:11547227): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593590.273:11547227): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593590.273:11547227): arch=c000003e syscall=59 success=yes exit=0 a0=c00018cf48 a1=c000022ac0 a2=c0001348c0 a3=0 items=2 ppid=2862396 pid=2862408 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593590.225:11547226): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593590.225:11547226): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593590.225:11547226): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593590.225:11547226): cwd=\"/var/lib/docker/rootfs/overlayfs/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593590.225:11547226): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593590.225:11547226): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b850 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=2862396 pid=2862406 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593590.209:11547225): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36373039376639343730643235616536323333306332373865"}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593590.209:11547225): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593590.209:11547225): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593590.209:11547225): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593590.209:11547225): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3566335171\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41/8623a9a1f1d24ec26bfde11b40285286e6608802966663bc0dad6aee5bef358d.pid\" a14=\"67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41\""}
{"ts": "2026-04-30T23:59:50Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593590.209:11547225): arch=c000003e syscall=59 success=yes exit=0 a0=c000291aa0 a1=c0002bdb80 a2=c0002bdc00 a3=0 items=2 ppid=3630 pid=2862396 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593589.823:11547224): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593589.823:11547224): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6694357 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593589.823:11547224): item=0 name=\"/usr/local/bin/redis-cli\" inode=6703632 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593589.823:11547224): cwd=\"/data\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593589.823:11547224): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593589.823:11547224): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593589.823:11547224): arch=c000003e syscall=59 success=yes exit=0 a0=c000028760 a1=c00009f350 a2=c0001571c0 a3=0 items=2 ppid=2767 pid=2862389 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593589.775:11547223): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593589.775:11547223): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593589.775:11547223): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593589.775:11547223): cwd=\"/var/lib/docker/rootfs/overlayfs/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593589.775:11547223): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593589.775:11547223): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b830 a1=c00017f338 a2=c000181c00 a3=0 items=2 ppid=2862377 pid=2862385 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593589.762:11547222): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F34383062353761303034306362373564646534356436663664"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593589.762:11547222): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593589.762:11547222): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593589.762:11547222): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593589.762:11547222): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2800353773\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af/4f308fe42d6cf87e7489657f4b29a91e5cfa643bb899fa5aa0f94de929cfacdf.pid\" a14=\"480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593589.762:11547222): arch=c000003e syscall=59 success=yes exit=0 a0=c0002a74f0 a1=c000155580 a2=c000155980 a3=0 items=2 ppid=2767 pid=2862377 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593589.642:11547221): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550067726F777468626F6F6B002D6400706F737467726573"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593589.642:11547221): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593589.642:11547221): item=0 name=\"/usr/lib/postgresql/17/bin/pg_isready\" inode=3958125 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593589.642:11547221): cwd=\"/\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593589.642:11547221): argc=5 a0=\"/usr/lib/postgresql/17/bin/pg_isready\" a1=\"-U\" a2=\"growthbook\" a3=\"-d\" a4=\"postgres\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593589.642:11547221): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593589.642:11547221): arch=c000003e syscall=59 success=yes exit=0 a0=6139a07a2e10 a1=6139a08b5ff0 a2=6139a050b970 a3=77e55c213e70 items=2 ppid=2862366 pid=2862374 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/lib/postgresql/17/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593589.618:11547220): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550070726F6D6574686575735F61646D696E002D640070726F6D6574686575735F61646D696E"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593589.618:11547220): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=5581428 dev=00:af mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593589.618:11547220): item=0 name=\"/usr/lib/postgresql/17/bin/pg_isready\" inode=5809487 dev=00:af mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593589.618:11547220): cwd=\"/\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593589.618:11547220): argc=5 a0=\"/usr/lib/postgresql/17/bin/pg_isready\" a1=\"-U\" a2=\"prometheus_admin\" a3=\"-d\" a4=\"prometheus_admin\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593589.618:11547220): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593589.618:11547220): arch=c000003e syscall=59 success=yes exit=0 a0=58bb88d09a30 a1=58bb88d91db0 a2=58bb889f2970 a3=754b33474e70 items=2 ppid=2862347 pid=2862373 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/lib/postgresql/17/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593589.602:11547219): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550067726F777468626F6F6B002D6400706F737467726573"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593589.602:11547219): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593589.602:11547219): item=1 name=\"/usr/bin/perl\" inode=6956288 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593589.602:11547219): item=0 name=\"/usr/bin/pg_isready\" inode=4211279 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593589.602:11547219): cwd=\"/\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593589.602:11547219): argc=6 a0=\"/usr/bin/perl\" a1=\"/usr/bin/pg_isready\" a2=\"-U\" a3=\"growthbook\" a4=\"-d\" a5=\"postgres\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593589.602:11547219): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593589.602:11547219): arch=c000003e syscall=59 success=yes exit=0 a0=5eb60d6ad640 a1=5eb5ce1db9a8 a2=5eb60d6ad5d8 a3=8 items=3 ppid=2862366 pid=2862374 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/bin/perl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593589.598:11547218): proctitle=2F62696E2F7368002D630070675F69737265616479202D552067726F777468626F6F6B202D6420706F737467726573"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593589.598:11547218): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593589.598:11547218): item=0 name=\"/bin/sh\" inode=6954646 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593589.598:11547218): cwd=\"/\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593589.598:11547218): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552067726F777468626F6F6B202D6420706F737467726573"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593589.598:11547218): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593589.598:11547218): arch=c000003e syscall=59 success=yes exit=0 a0=c00017ceb0 a1=c000022680 a2=c000025260 a3=0 items=2 ppid=2862339 pid=2862366 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/usr/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593589.579:11547217): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550070726F6D6574686575735F61646D696E002D640070726F6D6574686575735F61646D696E"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593589.579:11547217): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=5581428 dev=00:af mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593589.579:11547217): item=1 name=\"/usr/bin/perl\" inode=5580916 dev=00:af mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593589.579:11547217): item=0 name=\"/usr/bin/pg_isready\" inode=5823482 dev=00:af mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593589.579:11547217): cwd=\"/\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593589.579:11547217): argc=6 a0=\"/usr/bin/perl\" a1=\"/usr/bin/pg_isready\" a2=\"-U\" a3=\"prometheus_admin\" a4=\"-d\" a5=\"prometheus_admin\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593589.579:11547217): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593589.579:11547217): arch=c000003e syscall=59 success=yes exit=0 a0=5b4605264678 a1=5b46052645e0 a2=5b4605264610 a3=8 items=3 ppid=2862347 pid=2862373 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/bin/perl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593589.574:11547216): proctitle=2F62696E2F7368002D630070675F69737265616479202D552070726F6D6574686575735F61646D696E202D642070726F6D6574686575735F61646D696E"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593589.574:11547216): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=5581428 dev=00:af mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593589.574:11547216): item=0 name=\"/bin/sh\" inode=5580787 dev=00:af mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593589.574:11547216): cwd=\"/\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593589.574:11547216): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552070726F6D6574686575735F61646D696E202D642070726F6D6574686575735F61646D696E"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593589.574:11547216): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593589.574:11547216): arch=c000003e syscall=59 success=yes exit=0 a0=c0000feeb0 a1=c000022680 a2=c0000251a0 a3=0 items=2 ppid=2862333 pid=2862347 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/usr/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593589.546:11547215): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593589.546:11547215): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593589.546:11547215): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:173 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593589.546:11547215): cwd=\"/var/lib/docker/rootfs/overlayfs/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593589.546:11547215): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593589.546:11547215): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3830 a1=c0001f7338 a2=c0001f9c40 a3=0 items=2 ppid=2862339 pid=2862364 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593589.526:11547214): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593589.526:11547214): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593589.526:11547214): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593589.526:11547214): cwd=\"/var/lib/docker/rootfs/overlayfs/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593589.526:11547214): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593589.526:11547214): arch=c000003e syscall=59 success=yes exit=0 a0=c0001eb830 a1=c0001ef338 a2=c0001f1c40 a3=0 items=2 ppid=2862333 pid=2862343 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593589.526:11547213): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F30326662356464303063653239313436373264356635333762"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593589.526:11547213): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593589.526:11547213): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593589.526:11547213): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593589.526:11547213): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process361232571\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf/125d2009f0ed97c437fa0101e50114590cfeb7fe43656c13d481c1a5bedcbd3b.pid\" a14=\"02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593589.526:11547213): arch=c000003e syscall=59 success=yes exit=0 a0=c000119690 a1=c0003f4480 a2=c0003f4500 a3=0 items=2 ppid=4084 pid=2862339 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593589.511:11547212): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F39366463666130373439336431613065353531353136646432"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593589.511:11547212): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593589.511:11547212): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593589.511:11547212): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593589.511:11547212): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3729361933\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24/0bf68c6f863f15c90ac1debfe707b790fc8fc96a682e7809f37e0265b5a27e49.pid\" a14=\"96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593589.511:11547212): arch=c000003e syscall=59 success=yes exit=0 a0=c00048c5b0 a1=c00013b800 a2=c00013b880 a3=0 items=2 ppid=4402 pid=2862333 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593589.086:11547211): proctitle=6375726C002D6600687474703A2F2F6C6F63616C686F73743A31373137302F"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593589.086:11547211): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3566853 dev=00:8b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593589.086:11547211): item=0 name=\"/usr/bin/curl\" inode=3574788 dev=00:8b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593589.086:11547211): cwd=\"/app\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593589.086:11547211): argc=3 a0=\"curl\" a1=\"-f\" a2=\"http://localhost:17170/\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593589.086:11547211): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593589.086:11547211): arch=c000003e syscall=59 success=yes exit=0 a0=c00018d0f0 a1=c000022ac0 a2=c00013ec00 a3=0 items=2 ppid=4527 pid=2862326 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"curl\" exe=\"/usr/bin/curl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593589.042:11547210): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593589.042:11547210): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593589.042:11547210): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593589.042:11547210): cwd=\"/var/lib/docker/rootfs/overlayfs/5bd3e1d5545f7ec51999f8794a4b4d6cc0fd1d92f87a78cfdfb129e440cd0559\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593589.042:11547210): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593589.042:11547210): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b840 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=2862314 pid=2862323 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593589.029:11547209): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F35626433653164353534356637656335313939396638373934"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593589.029:11547209): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593589.029:11547209): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593589.029:11547209): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/5bd3e1d5545f7ec51999f8794a4b4d6cc0fd1d92f87a78cfdfb129e440cd0559\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593589.029:11547209): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/5bd3e1d5545f7ec51999f8794a4b4d6cc0fd1d92f87a78cfdfb129e440cd0559/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3982835575\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/5bd3e1d5545f7ec51999f8794a4b4d6cc0fd1d92f87a78cfdfb129e440cd0559/b09358932685ca0e6f93f3fdb9bba17746bf5cad73153abc1d6aa1708f3c706c.pid\" a14=\"5bd3e1d5545f7ec51999f8794a4b4d6cc0fd1d92f87a78cfdfb129e440cd0559\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593589.029:11547209): arch=c000003e syscall=59 success=yes exit=0 a0=c00014f980 a1=c00013c080 a2=c00013c100 a3=0 items=2 ppid=4527 pid=2862314 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593588.957:11547208): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593588.957:11547208): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593588.957:11547208): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593588.957:11547208): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593588.957:11547208): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593588.957:11547208): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593588.957:11547208): arch=c000003e syscall=59 success=yes exit=0 a0=7faf8d900d60 a1=7faeb7a10f40 a2=634a8a009a40 a3=8 items=2 ppid=5417 pid=2862313 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593588.957:11547207): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593588.957:11547207): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593588.957:11547207): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593588.957:11547207): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeb7a10f40 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2862313 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593588.957:11547206): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593588.957:11547206): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593588.957:11547206): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593588.957:11547206): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeb7a10f40 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2862313 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593588.957:11547205): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593588.957:11547205): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593588.957:11547205): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593588.957:11547205): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeb7a10f40 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2862313 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593588.957:11547204): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593588.957:11547204): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593588.957:11547204): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593588.957:11547204): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeb7a10f40 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2862313 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593588.956:11547203): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593588.956:11547203): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593588.956:11547203): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593588.956:11547203): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeb7a10f40 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2862313 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593588.956:11547202): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593588.956:11547202): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593588.956:11547202): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593588.956:11547202): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeb7a10f40 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2862313 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593588.954:11547201): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593588.954:11547201): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593588.954:11547201): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593588.954:11547201): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593588.954:11547201): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593588.954:11547201): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593588.954:11547201): arch=c000003e syscall=59 success=yes exit=0 a0=7faf8d900d60 a1=7faeb7a1e2c0 a2=634a8a009a40 a3=8 items=2 ppid=5417 pid=2862312 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593588.954:11547200): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593588.954:11547200): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593588.954:11547200): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593588.954:11547200): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeb7a1e2c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2862312 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593588.954:11547199): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593588.954:11547199): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593588.954:11547199): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593588.954:11547199): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeb7a1e2c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2862312 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593588.954:11547198): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593588.954:11547198): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593588.954:11547198): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593588.954:11547198): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeb7a1e2c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2862312 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593588.954:11547197): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593588.954:11547197): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593588.954:11547197): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593588.954:11547197): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeb7a1e2c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2862312 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593588.954:11547196): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593588.954:11547196): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593588.954:11547196): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593588.954:11547196): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeb7a1e2c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2862312 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593588.954:11547195): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593588.954:11547195): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593588.954:11547195): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593588.954:11547195): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeb7a1e2c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2862312 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593588.951:11547194): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593588.951:11547194): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593588.951:11547194): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593588.951:11547194): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593588.951:11547194): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593588.951:11547194): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593588.951:11547194): arch=c000003e syscall=59 success=yes exit=0 a0=7faf8d900d60 a1=7faee3002840 a2=634a8a009a40 a3=8 items=2 ppid=5417 pid=2862311 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593588.951:11547193): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593588.951:11547193): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593588.951:11547193): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593588.951:11547193): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee3002840 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2862311 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593588.951:11547192): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593588.951:11547192): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593588.951:11547192): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593588.951:11547192): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee3002840 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2862311 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593588.951:11547191): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593588.951:11547191): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593588.951:11547191): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593588.951:11547191): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee3002840 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2862311 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593588.951:11547190): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593588.951:11547190): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593588.951:11547190): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593588.951:11547190): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee3002840 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2862311 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593588.951:11547189): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593588.951:11547189): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593588.951:11547189): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593588.951:11547189): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee3002840 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2862311 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593588.951:11547188): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593588.951:11547188): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593588.951:11547188): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:49Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593588.951:11547188): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee3002840 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2862311 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593587.537:11547187): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593587.537:11547187): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593587.537:11547187): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593587.537:11547187): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593587.537:11547187): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593587.537:11547187): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593587.537:11547187): arch=c000003e syscall=59 success=yes exit=0 a0=76617ac47d60 a1=7660bbc48f80 a2=5669b9d93a40 a3=8 items=2 ppid=5468 pid=2862308 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593587.537:11547186): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593587.537:11547186): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593587.537:11547186): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593587.537:11547186): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48f80 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2862308 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593587.537:11547185): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593587.537:11547185): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593587.537:11547185): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593587.537:11547185): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48f80 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2862308 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593587.537:11547184): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593587.537:11547184): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593587.537:11547184): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593587.537:11547184): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48f80 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2862308 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593587.537:11547183): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593587.537:11547183): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593587.537:11547183): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593587.537:11547183): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48f80 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2862308 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593587.537:11547182): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593587.537:11547182): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593587.537:11547182): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593587.537:11547182): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48f80 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2862308 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593587.537:11547181): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593587.537:11547181): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593587.537:11547181): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593587.537:11547181): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48f80 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2862308 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593587.535:11547180): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593587.535:11547180): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593587.535:11547180): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593587.535:11547180): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593587.535:11547180): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593587.535:11547180): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593587.535:11547180): arch=c000003e syscall=59 success=yes exit=0 a0=76617ac47d60 a1=7660bbc48f60 a2=5669b9d93a40 a3=8 items=2 ppid=5468 pid=2862307 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593587.535:11547179): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593587.535:11547179): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593587.535:11547179): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593587.535:11547179): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48f60 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2862307 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593587.534:11547178): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593587.534:11547178): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593587.534:11547178): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593587.534:11547178): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48f60 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2862307 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593587.534:11547177): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593587.534:11547177): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593587.534:11547177): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593587.534:11547177): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48f60 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2862307 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593587.534:11547176): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593587.534:11547176): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593587.534:11547176): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593587.534:11547176): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48f60 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2862307 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593587.534:11547175): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593587.534:11547175): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593587.534:11547175): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593587.534:11547175): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48f60 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2862307 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593587.534:11547174): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593587.534:11547174): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593587.534:11547174): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593587.534:11547174): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48f60 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2862307 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593587.531:11547173): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593587.531:11547173): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593587.531:11547173): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593587.531:11547173): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593587.531:11547173): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593587.531:11547173): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593587.531:11547173): arch=c000003e syscall=59 success=yes exit=0 a0=76617ac47d60 a1=7660bbc48f00 a2=5669b9d93a40 a3=8 items=2 ppid=5468 pid=2862306 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593587.531:11547172): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593587.531:11547172): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593587.531:11547172): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593587.531:11547172): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48f00 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2862306 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593587.531:11547171): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593587.531:11547171): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593587.531:11547171): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593587.531:11547171): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48f00 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2862306 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593587.531:11547170): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593587.531:11547170): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593587.531:11547170): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593587.531:11547170): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48f00 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2862306 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593587.531:11547169): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593587.531:11547169): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593587.531:11547169): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593587.531:11547169): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48f00 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2862306 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593587.531:11547168): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593587.531:11547168): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593587.531:11547168): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593587.531:11547168): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48f00 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2862306 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593587.531:11547167): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593587.531:11547167): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593587.531:11547167): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593587.531:11547167): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48f00 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2862306 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593587.393:11547166): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520666F7267656A6F"}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593587.393:11547166): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:52 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593587.393:11547166): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:52 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593587.393:11547166): cwd=\"/\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593587.393:11547166): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"forgejo\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593587.393:11547166): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593587.393:11547166): arch=c000003e syscall=59 success=yes exit=0 a0=7905bbdbc278 a1=7905bbdbc1d8 a2=7905bbdbc1f8 a3=8080808080808080 items=2 ppid=3626 pid=2862299 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593587.389:11547165): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520666F7267656A6F"}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593587.389:11547165): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:52 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593587.389:11547165): item=0 name=\"/bin/sh\" inode=8589166 dev=00:52 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593587.389:11547165): cwd=\"/\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593587.389:11547165): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520666F7267656A6F"}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593587.389:11547165): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593587.389:11547165): arch=c000003e syscall=59 success=yes exit=0 a0=c00018cf38 a1=c000022ac0 a2=c0001348c0 a3=0 items=2 ppid=2862287 pid=2862299 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593587.347:11547164): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593587.347:11547164): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593587.347:11547164): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593587.347:11547164): cwd=\"/var/lib/docker/rootfs/overlayfs/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593587.347:11547164): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593587.347:11547164): arch=c000003e syscall=59 success=yes exit=0 a0=c000273840 a1=c000277338 a2=c000279c40 a3=0 items=2 ppid=2862287 pid=2862296 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593587.332:11547163): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F32636464336430383963393436373631633432633763666334"}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593587.332:11547163): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593587.332:11547163): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593587.332:11547163): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593587.332:11547163): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process12462172\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251/d4b992dae584dae81ecbf28de6a3d1124e71a1d6e4e9e9acc7543fe1ef189b15.pid\" a14=\"2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593587.332:11547163): arch=c000003e syscall=59 success=yes exit=0 a0=c00027f830 a1=c00014a180 a2=c00014a200 a3=0 items=2 ppid=3626 pid=2862287 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593587.051:11547162): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593587.051:11547162): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593587.051:11547162): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:173 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593587.051:11547162): cwd=\"/var/lib/docker/rootfs/overlayfs/24410a74ccf0954ea371eee9ab1a029f97a0a5faa3aad8fe31faf23ac9c0da8b\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593587.051:11547162): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593587.051:11547162): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5900 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=2862253 pid=2862274 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593587.035:11547161): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593587.035:11547161): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593587.035:11547161): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593587.035:11547161): cwd=\"/var/lib/docker/rootfs/overlayfs/04efabc7efa1ef0696fc1ddf37374caf6f847fbace13975d2e988fdae156939e\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593587.035:11547161): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593587.035:11547161): arch=c000003e syscall=59 success=yes exit=0 a0=c0001eb820 a1=c0001ef338 a2=c0001f1c40 a3=0 items=2 ppid=2862246 pid=2862257 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593587.035:11547160): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F32343431306137346363663039353465613337316565653961"}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593587.035:11547160): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593587.035:11547160): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593587.035:11547160): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/24410a74ccf0954ea371eee9ab1a029f97a0a5faa3aad8fe31faf23ac9c0da8b\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593587.035:11547160): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/24410a74ccf0954ea371eee9ab1a029f97a0a5faa3aad8fe31faf23ac9c0da8b/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1700716752\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/24410a74ccf0954ea371eee9ab1a029f97a0a5faa3aad8fe31faf23ac9c0da8b/42ec89d51b08a0877db16746234dbf3f32fce41c889a06a37127060824a0c38e.pid\" a14=\"24410a74ccf0954ea371eee9ab1a029f97a0a5faa3aad8fe31faf23ac9c0da8b\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593587.035:11547160): arch=c000003e syscall=59 success=yes exit=0 a0=c000010c40 a1=c0001dd800 a2=c0003fe000 a3=0 items=2 ppid=3461 pid=2862253 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593587.020:11547159): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F30346566616263376566613165663036393666633164646633"}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593587.020:11547159): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593587.020:11547159): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593587.020:11547159): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/04efabc7efa1ef0696fc1ddf37374caf6f847fbace13975d2e988fdae156939e\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593587.020:11547159): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/04efabc7efa1ef0696fc1ddf37374caf6f847fbace13975d2e988fdae156939e/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1355268163\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/04efabc7efa1ef0696fc1ddf37374caf6f847fbace13975d2e988fdae156939e/accbd9c142b6d8198ed4f1659cbeb91c8a6bdffa3337664612bd9aa94446216e.pid\" a14=\"04efabc7efa1ef0696fc1ddf37374caf6f847fbace13975d2e988fdae156939e\""}
{"ts": "2026-04-30T23:59:47Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593587.020:11547159): arch=c000003e syscall=59 success=yes exit=0 a0=c0001ff4b0 a1=c000142580 a2=c0003ea000 a3=0 items=2 ppid=3624 pid=2862246 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593586.466:11547158): proctitle=6373636C69006D657472696373"}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593586.466:11547158): item=0 name=\"/usr/local/bin/cscli\" inode=7117508 dev=00:65 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593586.466:11547158): cwd=\"/\""}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593586.466:11547158): argc=2 a0=\"cscli\" a1=\"metrics\""}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593586.466:11547158): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593586.466:11547158): arch=c000003e syscall=59 success=yes exit=0 a0=c0000271b8 a1=c0000a5350 a2=c0001538f0 a3=0 items=1 ppid=2862216 pid=2862229 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cscli\" exe=\"/usr/local/bin/cscli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593586.418:11547157): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593586.418:11547157): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593586.418:11547157): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:46 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593586.418:11547157): cwd=\"/var/lib/docker/rootfs/overlayfs/6e240b3263a20143aa4d507e566bf8e51d46fe0f910bdfa8ddefa9a2f73124d3\""}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593586.418:11547157): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593586.418:11547157): arch=c000003e syscall=59 success=yes exit=0 a0=c000210010 a1=c000216000 a2=c000218000 a3=0 items=2 ppid=2862216 pid=2862226 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593586.413:11547156): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593586.413:11547156): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:50 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593586.413:11547156): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:50 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593586.413:11547156): cwd=\"/\""}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593586.413:11547156): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"postgres\""}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593586.413:11547156): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593586.413:11547156): arch=c000003e syscall=59 success=yes exit=0 a0=7be3448b0288 a1=7be3448b01e8 a2=7be3448b0208 a3=0 items=2 ppid=2862197 pid=2862210 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593586.410:11547155): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593586.410:11547155): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:50 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593586.410:11547155): item=0 name=\"/bin/sh\" inode=8589166 dev=00:50 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593586.410:11547155): cwd=\"/\""}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593586.410:11547155): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593586.410:11547155): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593586.410:11547155): arch=c000003e syscall=59 success=yes exit=0 a0=c00018af38 a1=c000022ac0 a2=c0001348c0 a3=0 items=2 ppid=2862197 pid=2862210 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593586.399:11547154): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36653234306233323633613230313433616134643530376535"}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593586.399:11547154): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593586.399:11547154): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593586.399:11547154): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e240b3263a20143aa4d507e566bf8e51d46fe0f910bdfa8ddefa9a2f73124d3\""}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593586.399:11547154): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e240b3263a20143aa4d507e566bf8e51d46fe0f910bdfa8ddefa9a2f73124d3/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process478719515\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e240b3263a20143aa4d507e566bf8e51d46fe0f910bdfa8ddefa9a2f73124d3/58520413b7d1470cecfcd733b08d78749cfd17b1d158179a54132a12c7f22198.pid\" a14=\"6e240b3263a20143aa4d507e566bf8e51d46fe0f910bdfa8ddefa9a2f73124d3\""}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593586.399:11547154): arch=c000003e syscall=59 success=yes exit=0 a0=c0000112c0 a1=c000235c80 a2=c000235d00 a3=0 items=2 ppid=3555 pid=2862216 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593586.365:11547153): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593586.365:11547153): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593586.365:11547153): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593586.365:11547153): cwd=\"/var/lib/docker/rootfs/overlayfs/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39\""}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593586.365:11547153): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593586.365:11547153): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3840 a1=c0001f7338 a2=c0001f9c40 a3=0 items=2 ppid=2862197 pid=2862206 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593586.350:11547152): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36653065616135386161643139626438656463306639353565"}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593586.350:11547152): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593586.350:11547152): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593586.350:11547152): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39\""}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593586.350:11547152): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2501109161\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39/7d85992f9bd8038fb0f6944752c349547eae3737904f6e8e3e94a3b6426fcc63.pid\" a14=\"6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39\""}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593586.350:11547152): arch=c000003e syscall=59 success=yes exit=0 a0=c00035d260 a1=c00017e180 a2=c00017e200 a3=0 items=2 ppid=4000 pid=2862197 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593586.228:11547151): proctitle=636174002F746D702F66616C636F5F6865616C7468"}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593586.228:11547151): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8279763 dev=00:8c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593586.228:11547151): item=0 name=\"/bin/cat\" inode=8279592 dev=00:8c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593586.228:11547151): cwd=\"/\""}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593586.228:11547151): argc=2 a0=\"cat\" a1=\"/tmp/falco_health\""}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593586.228:11547151): arch=c000003e syscall=59 success=yes exit=0 a0=55b0667f8c50 a1=55b0667f7758 a2=55b0667f8bb8 a3=4 items=2 ppid=2862189 pid=2862196 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/bin/busybox\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593586.223:11547150): proctitle=2F62696E2F7368002D6300636174202F746D702F66616C636F5F6865616C7468207C7C20657869742030"}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593586.223:11547150): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8279763 dev=00:8c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593586.223:11547150): item=0 name=\"/bin/sh\" inode=8279592 dev=00:8c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593586.223:11547150): cwd=\"/\""}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593586.223:11547150): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=636174202F746D702F66616C636F5F6865616C7468207C7C20657869742030"}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593586.223:11547150): arch=c000003e syscall=59 success=yes exit=0 a0=c0000e5cc8 a1=c0000224e0 a2=c00018ce10 a3=0 items=2 ppid=2862177 pid=2862189 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593586.203:11547149): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593586.203:11547149): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593586.203:11547149): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593586.203:11547149): cwd=\"/var/lib/docker/rootfs/overlayfs/293239633a2ddf31b93206215b8746aa165b26f8930bdc103230de7930321e5e\""}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593586.203:11547149): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593586.203:11547149): arch=c000003e syscall=59 success=yes exit=0 a0=c0001d5c80 a1=c000011050 a2=c00007bc40 a3=0 items=2 ppid=2862177 pid=2862186 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593586.189:11547148): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F32393332333936333361326464663331623933323036323135"}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593586.189:11547148): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593586.189:11547148): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593586.189:11547148): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/293239633a2ddf31b93206215b8746aa165b26f8930bdc103230de7930321e5e\""}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593586.189:11547148): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/293239633a2ddf31b93206215b8746aa165b26f8930bdc103230de7930321e5e/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2156552360\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/293239633a2ddf31b93206215b8746aa165b26f8930bdc103230de7930321e5e/4f48fcd1fa6eef63152988987b0527569551e90bb0db1866a55e162a9bf0478f.pid\" a14=\"293239633a2ddf31b93206215b8746aa165b26f8930bdc103230de7930321e5e\""}
{"ts": "2026-04-30T23:59:46Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593586.189:11547148): arch=c000003e syscall=59 success=yes exit=0 a0=c000098e70 a1=c00037a200 a2=c00037a280 a3=0 items=2 ppid=3980 pid=2862177 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593585.772:11547147): proctitle=77676574002D71002D2D73706964657200687474703A2F2F3132372E302E302E313A38302F76312F6865616C7468"}
{"ts": "2026-04-30T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593585.772:11547147): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3461249 dev=00:31 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593585.772:11547147): item=0 name=\"/usr/bin/wget\" inode=3461048 dev=00:31 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593585.772:11547147): cwd=\"/\""}
{"ts": "2026-04-30T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593585.772:11547147): argc=4 a0=\"wget\" a1=\"-q\" a2=\"--spider\" a3=\"http://127.0.0.1:80/v1/health\""}
{"ts": "2026-04-30T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593585.772:11547147): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593585.772:11547147): arch=c000003e syscall=59 success=yes exit=0 a0=7a02919a7400 a1=7a02919a7390 a2=7a02919a73b8 a3=8 items=2 ppid=2862169 pid=2862176 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593585.768:11547146): proctitle=2F62696E2F7368002D630077676574202D71202D2D73706964657220687474703A2F2F3132372E302E302E313A38302F76312F6865616C7468207C7C20657869742031"}
{"ts": "2026-04-30T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593585.768:11547146): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3461249 dev=00:31 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593585.768:11547146): item=0 name=\"/bin/sh\" inode=3461048 dev=00:31 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593585.768:11547146): cwd=\"/\""}
{"ts": "2026-04-30T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593585.768:11547146): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=77676574202D71202D2D73706964657220687474703A2F2F3132372E302E302E313A38302F76312F6865616C7468207C7C20657869742031"}
{"ts": "2026-04-30T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593585.768:11547146): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593585.768:11547146): arch=c000003e syscall=59 success=yes exit=0 a0=c0001970b8 a1=c000022660 a2=c000165200 a3=0 items=2 ppid=2258 pid=2862169 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593585.716:11547145): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593585.716:11547145): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593585.716:11547145): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593585.716:11547145): cwd=\"/var/lib/docker/rootfs/overlayfs/999e0287888ade70d9e2f4a19da005d0fdb8f07eed0a2beb95e713a630ab3416\""}
{"ts": "2026-04-30T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593585.716:11547145): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593585.716:11547145): arch=c000003e syscall=59 success=yes exit=0 a0=c0001fb830 a1=c0001ff338 a2=c000201c80 a3=0 items=2 ppid=2862157 pid=2862166 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593585.703:11547144): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F39393965303238373838386164653730643965326634613139"}
{"ts": "2026-04-30T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593585.703:11547144): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593585.703:11547144): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593585.703:11547144): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/999e0287888ade70d9e2f4a19da005d0fdb8f07eed0a2beb95e713a630ab3416\""}
{"ts": "2026-04-30T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593585.703:11547144): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/999e0287888ade70d9e2f4a19da005d0fdb8f07eed0a2beb95e713a630ab3416/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process83395003\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/999e0287888ade70d9e2f4a19da005d0fdb8f07eed0a2beb95e713a630ab3416/f909e69d0b6d5776a16a0ea89604411e4a0e9d71897565364403e7ec73e65428.pid\" a14=\"999e0287888ade70d9e2f4a19da005d0fdb8f07eed0a2beb95e713a630ab3416\""}
{"ts": "2026-04-30T23:59:45Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593585.703:11547144): arch=c000003e syscall=59 success=yes exit=0 a0=c0003642a0 a1=c00016e100 a2=c00016e180 a3=0 items=2 ppid=2258 pid=2862157 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593584.761:11547143): proctitle=77676574002D2D737069646572002D7100687474703A2F2F3132372E302E302E313A38383838"}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593584.761:11547143): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:4e mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593584.761:11547143): item=0 name=\"/usr/bin/wget\" inode=8589166 dev=00:4e mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593584.761:11547143): cwd=\"/\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593584.761:11547143): argc=4 a0=\"wget\" a1=\"--spider\" a2=\"-q\" a3=\"http://127.0.0.1:8888\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593584.761:11547143): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593584.761:11547143): arch=c000003e syscall=59 success=yes exit=0 a0=7e06dc3a3430 a1=7e06dc3a33a8 a2=7e06dc3a33d0 a3=0 items=2 ppid=2862149 pid=2862155 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593584.757:11547142): proctitle=2F62696E2F7368002D630077676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A38383838207C7C20657869742031"}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593584.757:11547142): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:4e mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593584.757:11547142): item=0 name=\"/bin/sh\" inode=8589166 dev=00:4e mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593584.757:11547142): cwd=\"/\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593584.757:11547142): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=77676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A38383838207C7C20657869742031"}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593584.757:11547142): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593584.757:11547142): arch=c000003e syscall=59 success=yes exit=0 a0=c000194f98 a1=c000022660 a2=c0000de320 a3=0 items=2 ppid=2862137 pid=2862149 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593584.709:11547141): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593584.709:11547141): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593584.709:11547141): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593584.709:11547141): cwd=\"/var/lib/docker/rootfs/overlayfs/ab2e3743421ef3813c5eceaa1eec8c8d50314508a1b02e6d87d88698f045c5f5\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593584.709:11547141): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593584.709:11547141): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c58a0 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=2862137 pid=2862147 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593584.691:11547140): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F61623265333734333432316566333831336335656365616131"}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593584.691:11547140): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593584.691:11547140): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593584.691:11547140): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/ab2e3743421ef3813c5eceaa1eec8c8d50314508a1b02e6d87d88698f045c5f5\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593584.691:11547140): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/ab2e3743421ef3813c5eceaa1eec8c8d50314508a1b02e6d87d88698f045c5f5/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3843880060\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/ab2e3743421ef3813c5eceaa1eec8c8d50314508a1b02e6d87d88698f045c5f5/92dc19e87ded858bacd6e377e4e4b0972f0e748d1aaadcbdbc70a18405392efa.pid\" a14=\"ab2e3743421ef3813c5eceaa1eec8c8d50314508a1b02e6d87d88698f045c5f5\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593584.691:11547140): arch=c000003e syscall=59 success=yes exit=0 a0=c0000109b0 a1=c00019db00 a2=c00019dd00 a3=0 items=2 ppid=2932 pid=2862137 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593584.530:11547139): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593584.530:11547139): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593584.530:11547139): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593584.530:11547139): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593584.530:11547139): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593584.530:11547139): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593584.530:11547139): arch=c000003e syscall=59 success=yes exit=0 a0=75e2ac12cd60 a1=75e246587040 a2=6265ad214650 a3=8 items=2 ppid=5407 pid=2862135 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593584.530:11547138): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593584.530:11547138): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593584.530:11547138): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593584.530:11547138): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246587040 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2862135 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593584.530:11547137): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593584.530:11547137): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593584.530:11547137): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593584.530:11547137): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246587040 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2862135 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593584.530:11547136): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593584.530:11547136): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593584.530:11547136): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593584.530:11547136): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246587040 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2862135 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593584.530:11547135): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593584.530:11547135): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593584.530:11547135): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593584.530:11547135): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246587040 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2862135 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593584.530:11547134): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593584.530:11547134): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593584.530:11547134): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593584.530:11547134): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246587040 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2862135 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593584.530:11547133): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593584.530:11547133): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593584.530:11547133): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593584.530:11547133): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246587040 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2862135 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593584.528:11547132): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593584.528:11547132): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593584.528:11547132): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593584.528:11547132): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593584.528:11547132): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593584.528:11547132): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593584.528:11547132): arch=c000003e syscall=59 success=yes exit=0 a0=75e2ac12cd60 a1=75e246000780 a2=6265ad214650 a3=8 items=2 ppid=5407 pid=2862134 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593584.528:11547131): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593584.528:11547131): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593584.528:11547131): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593584.528:11547131): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246000780 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2862134 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593584.528:11547130): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593584.528:11547130): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593584.528:11547130): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593584.528:11547130): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246000780 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2862134 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593584.528:11547129): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593584.528:11547129): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593584.528:11547129): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593584.528:11547129): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246000780 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2862134 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593584.527:11547128): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593584.527:11547128): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593584.527:11547128): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593584.527:11547128): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246000780 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2862134 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593584.527:11547127): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593584.527:11547127): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593584.527:11547127): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593584.527:11547127): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246000780 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2862134 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593584.527:11547126): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593584.527:11547126): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593584.527:11547126): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593584.527:11547126): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246000780 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2862134 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593584.524:11547125): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593584.524:11547125): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593584.524:11547125): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593584.524:11547125): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593584.524:11547125): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593584.524:11547125): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593584.524:11547125): arch=c000003e syscall=59 success=yes exit=0 a0=75e2ac12cd60 a1=75e246000660 a2=6265ad214650 a3=8 items=2 ppid=5407 pid=2862133 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593584.524:11547124): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593584.524:11547124): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593584.524:11547124): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593584.524:11547124): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246000660 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2862133 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593584.524:11547123): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593584.524:11547123): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593584.524:11547123): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593584.524:11547123): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246000660 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2862133 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593584.524:11547122): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593584.524:11547122): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593584.524:11547122): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593584.524:11547122): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246000660 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2862133 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593584.524:11547121): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593584.524:11547121): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593584.524:11547121): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593584.524:11547121): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246000660 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2862133 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593584.524:11547120): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593584.524:11547120): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593584.524:11547120): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593584.524:11547120): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246000660 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2862133 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593584.524:11547119): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593584.524:11547119): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593584.524:11547119): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593584.524:11547119): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246000660 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2862133 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593584.093:11547118): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593584.093:11547118): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593584.093:11547118): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593584.093:11547118): cwd=\"/var/lib/docker/rootfs/overlayfs/b6eef535505c5b5978589dbba58145ab00c51591158662921782e671fddde370\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593584.093:11547118): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593584.093:11547118): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3820 a1=c0001f7338 a2=c0001f9c40 a3=0 items=2 ppid=2862113 pid=2862122 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593584.079:11547117): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F62366565663533353530356335623539373835383964626261"}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593584.079:11547117): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593584.079:11547117): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593584.079:11547117): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/b6eef535505c5b5978589dbba58145ab00c51591158662921782e671fddde370\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593584.079:11547117): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/b6eef535505c5b5978589dbba58145ab00c51591158662921782e671fddde370/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2523535316\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/b6eef535505c5b5978589dbba58145ab00c51591158662921782e671fddde370/51950a76a680b833c31df78d21fc272c3b3673457655b5968c5c60fa9ecc204c.pid\" a14=\"b6eef535505c5b5978589dbba58145ab00c51591158662921782e671fddde370\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593584.079:11547117): arch=c000003e syscall=59 success=yes exit=0 a0=c000195350 a1=c000385d80 a2=c000385e00 a3=0 items=2 ppid=3802 pid=2862113 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593584.035:11547116): proctitle=6D617269616462002D2D64656661756C74732D65787472612D66696C653D2F7661722F6C69622F6D7973716C2F2E6D792D6865616C7468636865636B2E636E66002D2D70726F746F636F6C00736F636B6574002D42002D2D736B69702D636F6C756D6E2D6E616D6573002D650073656C65637420312066726F6D20696E666F72"}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593584.035:11547116): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593584.035:11547116): item=0 name=\"/usr/bin/mariadb\" inode=7117817 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593584.035:11547116): cwd=\"/\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593584.035:11547116): argc=8 a0=\"mariadb\" a1=\"--defaults-extra-file=/var/lib/mysql/.my-healthcheck.cnf\" a2=\"--protocol\" a3=\"socket\" a4=\"-B\" a5=\"--skip-column-names\" a6=\"-e\" a7=73656C65637420312066726F6D20696E666F726D6174696F6E5F736368656D612E454E47494E455320574845524520656E67696E653D27696E6E6F64622720414E4420737570706F727420696E202827594553272C202744454641554C54272C2027454E41424C45442729"}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593584.035:11547116): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593584.035:11547116): arch=c000003e syscall=59 success=yes exit=0 a0=581a5ad39990 a1=581a5ad5b9c0 a2=581a5ad3a860 a3=8 items=2 ppid=2862105 pid=2862112 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"mariadb\" exe=\"/usr/bin/mariadb\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593584.020:11547115): proctitle=6D617269616462002D2D64656661756C74732D65787472612D66696C653D2F7661722F6C69622F6D7973716C2F2E6D792D6865616C7468636865636B2E636E66002D2D70726F746F636F6C00736F636B6574002D42002D2D736B69702D636F6C756D6E2D6E616D6573002D650073656C656374204040736B69705F6E6574776F"}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593584.020:11547115): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593584.020:11547115): item=0 name=\"/usr/bin/mariadb\" inode=7117817 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593584.020:11547115): cwd=\"/\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593584.020:11547115): argc=8 a0=\"mariadb\" a1=\"--defaults-extra-file=/var/lib/mysql/.my-healthcheck.cnf\" a2=\"--protocol\" a3=\"socket\" a4=\"-B\" a5=\"--skip-column-names\" a6=\"-e\" a7=73656C656374204040736B69705F6E6574776F726B696E67"}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593584.020:11547115): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593584.020:11547115): arch=c000003e syscall=59 success=yes exit=0 a0=581a5ad39fe0 a1=581a5ad5b810 a2=581a5ad3a4a0 a3=8 items=2 ppid=2862105 pid=2862111 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"mariadb\" exe=\"/usr/bin/mariadb\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593584.012:11547114): proctitle=2F62696E2F62617368002F7573722F6C6F63616C2F62696E2F6865616C7468636865636B2E7368002D2D636F6E6E656374002D2D696E6E6F64625F696E697469616C697A6564"}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593584.012:11547114): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593584.012:11547114): item=1 name=\"/bin/bash\" inode=6963796 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593584.012:11547114): item=0 name=\"/usr/local/bin/healthcheck.sh\" inode=7348502 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593584.012:11547114): cwd=\"/\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593584.012:11547114): argc=4 a0=\"/bin/bash\" a1=\"/usr/local/bin/healthcheck.sh\" a2=\"--connect\" a3=\"--innodb_initialized\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593584.012:11547114): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593584.012:11547114): arch=c000003e syscall=59 success=yes exit=0 a0=c000028760 a1=c000022660 a2=c000156320 a3=0 items=3 ppid=2862091 pid=2862105 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"healthcheck.sh\" exe=\"/usr/bin/bash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593583.972:11547113): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593583.972:11547113): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593583.972:11547113): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593583.972:11547113): cwd=\"/var/lib/docker/rootfs/overlayfs/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593583.972:11547113): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593583.972:11547113): arch=c000003e syscall=59 success=yes exit=0 a0=c000012130 a1=c000010018 a2=c00007a140 a3=0 items=2 ppid=2862091 pid=2862103 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593583.970:11547112): proctitle=77676574002D2D7175696574002D2D6E6F2D636865636B2D6365727469666963617465002D2D74726965733D31002D2D73706964657200687474703A2F2F6C6F63616C686F73743A393039312F6170692F6865616C7468"}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593583.970:11547112): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=3678029 dev=00:3c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593583.970:11547112): item=0 name=\"/usr/bin/wget\" inode=3677985 dev=00:3c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593583.970:11547112): cwd=\"/app\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593583.970:11547112): argc=6 a0=\"wget\" a1=\"--quiet\" a2=\"--no-check-certificate\" a3=\"--tries=1\" a4=\"--spider\" a5=\"http://localhost:9091/api/health\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593583.970:11547112): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593583.970:11547112): arch=c000003e syscall=59 success=yes exit=0 a0=63b2e592bcb0 a1=63b2e592bc28 a2=63b2e592bc60 a3=7556400a9b38 items=2 ppid=2862079 pid=2862101 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/usr/bin/wget\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593583.959:11547111): proctitle=2F62696E2F7368002F6170702F6865616C7468636865636B2E7368"}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593583.959:11547111): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=3678029 dev=00:3c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593583.959:11547111): item=1 name=\"/bin/sh\" inode=3675124 dev=00:3c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593583.959:11547111): item=0 name=\"/app/healthcheck.sh\" inode=3682079 dev=00:3c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593583.959:11547111): cwd=\"/app\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593583.959:11547111): argc=2 a0=\"/bin/sh\" a1=\"/app/healthcheck.sh\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593583.959:11547111): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593583.959:11547111): arch=c000003e syscall=59 success=yes exit=0 a0=c0000274b8 a1=c00002ade0 a2=c0000e91c0 a3=0 items=3 ppid=2862053 pid=2862079 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"healthcheck.sh\" exe=\"/bin/sh\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593583.964:11547110): proctitle=77676574002D2D6E6F2D766572626F7365002D2D74726965733D31002D2D73706964657200687474703A2F2F6C6F63616C686F73743A393039312F6170692F6865616C7468"}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593583.964:11547110): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=3678029 dev=00:3b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593583.964:11547110): item=0 name=\"/usr/bin/wget\" inode=3677985 dev=00:3b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593583.964:11547110): cwd=\"/app\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593583.964:11547110): argc=5 a0=\"wget\" a1=\"--no-verbose\" a2=\"--tries=1\" a3=\"--spider\" a4=\"http://localhost:9091/api/health\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593583.964:11547110): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593583.964:11547110): arch=c000003e syscall=59 success=yes exit=0 a0=5a53f41d85c0 a1=5a53f41d8540 a2=5a53f41d8570 a3=7a7b1dff3b38 items=2 ppid=2862078 pid=2862097 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/usr/bin/wget\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593583.956:11547109): proctitle=2F62696E2F7368002D630077676574202D2D6E6F2D766572626F7365202D2D74726965733D31202D2D73706964657220687474703A2F2F6C6F63616C686F73743A393039312F6170692F6865616C7468207C7C20657869742031"}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593583.956:11547109): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=3678029 dev=00:3b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593583.956:11547109): item=0 name=\"/bin/sh\" inode=3675124 dev=00:3b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593583.956:11547109): cwd=\"/app\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593583.956:11547109): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=77676574202D2D6E6F2D766572626F7365202D2D74726965733D31202D2D73706964657220687474703A2F2F6C6F63616C686F73743A393039312F6170692F6865616C7468207C7C20657869742031"}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593583.956:11547109): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593583.956:11547109): arch=c000003e syscall=59 success=yes exit=0 a0=c000196ea8 a1=c000022660 a2=c000165200 a3=0 items=2 ppid=2862052 pid=2862078 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/sh\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593583.951:11547108): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F37656465303139653363623065383839303138636162386266"}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593583.951:11547108): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593583.951:11547108): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593583.951:11547108): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593583.951:11547108): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2930391735\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7/293d4362f888825809f550933eed2a47c5c214758d8ab3530fdebf8998ae7b1f.pid\" a14=\"7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593583.951:11547108): arch=c000003e syscall=59 success=yes exit=0 a0=c000229950 a1=c0000ffa80 a2=c0000ffb00 a3=0 items=2 ppid=4475 pid=2862091 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593583.905:11547107): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593583.905:11547107): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593583.904:11547106): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593583.904:11547106): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593583.905:11547107): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:d0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593583.905:11547107): cwd=\"/var/lib/docker/rootfs/overlayfs/dded6b49287cffb7eb9d3e0e8fcca16ac4bcfe7f6ea4331cbfc92babc5585263\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593583.905:11547107): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593583.904:11547106): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cc mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593583.904:11547106): cwd=\"/var/lib/docker/rootfs/overlayfs/ab66ea4fa101df5daa4db29a135e222c8752757eb5ed52c6491a93f0b73700af\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593583.904:11547106): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593583.905:11547107): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b850 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=2862052 pid=2862072 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593583.904:11547106): arch=c000003e syscall=59 success=yes exit=0 a0=c0001cd8a0 a1=c0001d1350 a2=c0001d3c40 a3=0 items=2 ppid=2862053 pid=2862071 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593583.889:11547105): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F61623636656134666131303164663564616134646232396131"}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593583.889:11547105): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593583.889:11547105): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593583.889:11547105): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/ab66ea4fa101df5daa4db29a135e222c8752757eb5ed52c6491a93f0b73700af\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593583.889:11547105): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/ab66ea4fa101df5daa4db29a135e222c8752757eb5ed52c6491a93f0b73700af/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2647340152\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/ab66ea4fa101df5daa4db29a135e222c8752757eb5ed52c6491a93f0b73700af/29dc4a71eec1bf2c0fc759eacc482933c29008dd82b51aa897960bc0983e3e65.pid\" a14=\"ab66ea4fa101df5daa4db29a135e222c8752757eb5ed52c6491a93f0b73700af\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593583.889:11547105): arch=c000003e syscall=59 success=yes exit=0 a0=c0002be760 a1=c000408780 a2=c000408800 a3=0 items=2 ppid=9325 pid=2862053 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593583.888:11547104): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F64646564366234393238376366666237656239643365306538"}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593583.888:11547104): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593583.888:11547104): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593583.888:11547104): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/dded6b49287cffb7eb9d3e0e8fcca16ac4bcfe7f6ea4331cbfc92babc5585263\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593583.888:11547104): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/dded6b49287cffb7eb9d3e0e8fcca16ac4bcfe7f6ea4331cbfc92babc5585263/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3999430814\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/dded6b49287cffb7eb9d3e0e8fcca16ac4bcfe7f6ea4331cbfc92babc5585263/3a0f9d37b04852c5dafa6a70fe263e655cfaa80b2fa8d5eab457c643b7c38be0.pid\" a14=\"dded6b49287cffb7eb9d3e0e8fcca16ac4bcfe7f6ea4331cbfc92babc5585263\""}
{"ts": "2026-04-30T23:59:44Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593583.888:11547104): arch=c000003e syscall=59 success=yes exit=0 a0=c000156b40 a1=c00037cd80 a2=c00037ce00 a3=0 items=2 ppid=2481 pid=2862052 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593582.894:11547103): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593582.894:11547103): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593582.894:11547103): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593582.894:11547103): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593582.894:11547103): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593582.894:11547103): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593582.894:11547103): arch=c000003e syscall=59 success=yes exit=0 a0=7faf8d900d60 a1=7faeecc35d60 a2=634a8a009a40 a3=8 items=2 ppid=5417 pid=2862048 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593582.894:11547102): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593582.894:11547102): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593582.894:11547102): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593582.894:11547102): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeecc35d60 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2862048 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593582.894:11547101): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593582.894:11547101): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593582.894:11547101): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593582.894:11547101): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeecc35d60 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2862048 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593582.893:11547100): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593582.893:11547100): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593582.893:11547100): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593582.893:11547100): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeecc35d60 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2862048 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593582.893:11547099): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593582.893:11547099): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593582.893:11547099): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593582.893:11547099): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeecc35d60 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2862048 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593582.893:11547098): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593582.893:11547098): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593582.893:11547098): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593582.893:11547098): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeecc35d60 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2862048 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593582.893:11547097): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593582.893:11547097): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593582.893:11547097): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593582.893:11547097): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeecc35d60 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2862048 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593582.891:11547096): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593582.891:11547096): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593582.891:11547096): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593582.891:11547096): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593582.891:11547096): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593582.891:11547096): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593582.891:11547096): arch=c000003e syscall=59 success=yes exit=0 a0=7faf8d900d60 a1=7faee3002700 a2=634a8a009a40 a3=8 items=2 ppid=5417 pid=2862047 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593582.891:11547095): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593582.891:11547095): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593582.891:11547095): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593582.891:11547095): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee3002700 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2862047 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593582.891:11547094): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593582.891:11547094): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593582.891:11547094): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593582.891:11547094): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee3002700 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2862047 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593582.891:11547093): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593582.891:11547093): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593582.891:11547093): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593582.891:11547093): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee3002700 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2862047 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593582.891:11547092): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593582.891:11547092): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593582.891:11547092): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593582.891:11547092): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee3002700 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2862047 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593582.890:11547091): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593582.890:11547091): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593582.890:11547091): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593582.890:11547091): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee3002700 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2862047 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593582.890:11547090): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593582.890:11547090): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593582.890:11547090): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593582.890:11547090): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee3002700 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2862047 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593582.887:11547089): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593582.887:11547089): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593582.887:11547089): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593582.887:11547089): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593582.887:11547089): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593582.887:11547089): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593582.887:11547089): arch=c000003e syscall=59 success=yes exit=0 a0=7faf8d900d60 a1=7faee3002880 a2=634a8a009a40 a3=8 items=2 ppid=5417 pid=2862046 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593582.887:11547088): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593582.887:11547088): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593582.887:11547088): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593582.887:11547088): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee3002880 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2862046 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593582.887:11547087): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593582.887:11547087): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593582.887:11547087): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593582.887:11547087): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee3002880 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2862046 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593582.887:11547086): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593582.887:11547086): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593582.887:11547086): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593582.887:11547086): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee3002880 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2862046 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593582.887:11547085): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593582.887:11547085): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593582.887:11547085): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593582.887:11547085): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee3002880 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2862046 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593582.887:11547084): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593582.887:11547084): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593582.887:11547084): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593582.887:11547084): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee3002880 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2862046 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593582.887:11547083): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593582.887:11547083): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593582.887:11547083): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:43Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593582.887:11547083): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee3002880 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2862046 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593582.703:11547082): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593582.703:11547082): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593582.703:11547082): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593582.703:11547082): cwd=\"/var/lib/docker/rootfs/overlayfs/531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50\""}
{"ts": "2026-04-30T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593582.703:11547082): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593582.703:11547082): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b860 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=2862028 pid=2862036 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593582.689:11547081): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F35333161623839363863653834346231386230623365626166"}
{"ts": "2026-04-30T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593582.689:11547081): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593582.689:11547081): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593582.689:11547081): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50\""}
{"ts": "2026-04-30T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593582.689:11547081): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1006014004\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50/489add0700b13db800b78ce40c33e3c8aa9db3fd3fa8e43eefdab9d68963e4e5.pid\" a14=\"531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50\""}
{"ts": "2026-04-30T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593582.689:11547081): arch=c000003e syscall=59 success=yes exit=0 a0=c000446130 a1=c0002da200 a2=c0002da300 a3=0 items=2 ppid=4374 pid=2862028 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593582.491:11547080): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-04-30T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593582.491:11547080): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6694357 dev=00:4a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593582.491:11547080): item=0 name=\"/usr/local/bin/redis-cli\" inode=6703632 dev=00:4a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593582.491:11547080): cwd=\"/data\""}
{"ts": "2026-04-30T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593582.491:11547080): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-04-30T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593582.491:11547080): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593582.491:11547080): arch=c000003e syscall=59 success=yes exit=0 a0=c0000289a0 a1=c0000d1350 a2=c0000d91c0 a3=0 items=2 ppid=3571 pid=2862014 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593582.491:11547079): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-04-30T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593582.491:11547079): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6694357 dev=00:4b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593582.491:11547079): item=0 name=\"/usr/local/bin/redis-cli\" inode=6703632 dev=00:4b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593582.491:11547079): cwd=\"/data\""}
{"ts": "2026-04-30T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593582.491:11547079): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-04-30T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593582.491:11547079): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593582.491:11547079): arch=c000003e syscall=59 success=yes exit=0 a0=c0000289a0 a1=c0000d1350 a2=c0000d91c0 a3=0 items=2 ppid=2638 pid=2862016 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593582.440:11547078): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593582.440:11547078): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593582.440:11547078): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cc mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593582.440:11547078): cwd=\"/var/lib/docker/rootfs/overlayfs/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d\""}
{"ts": "2026-04-30T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593582.440:11547078): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593582.440:11547078): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b830 a1=c00017f338 a2=c000181c00 a3=0 items=2 ppid=2861990 pid=2862011 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593582.439:11547077): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593582.439:11547077): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593582.439:11547077): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:173 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593582.439:11547077): cwd=\"/var/lib/docker/rootfs/overlayfs/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748\""}
{"ts": "2026-04-30T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593582.439:11547077): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593582.439:11547077): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b830 a1=c00017f338 a2=c000201c00 a3=0 items=2 ppid=2861989 pid=2862009 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593582.425:11547075): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F34636330343638363065393965643463653631636334663763"}
{"ts": "2026-04-30T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593582.425:11547076): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F30613638333732643666643238323031363834626539383237"}
{"ts": "2026-04-30T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593582.425:11547076): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593582.425:11547075): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593582.425:11547075): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593582.425:11547076): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593582.425:11547075): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d\""}
{"ts": "2026-04-30T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593582.425:11547076): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748\""}
{"ts": "2026-04-30T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593582.425:11547075): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process185042159\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d/3982c3eb5eb8161b652e331f9584b6099fb5a8f1d82cc9bdf35f72f49a27ff2a.pid\" a14=\"4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d\""}
{"ts": "2026-04-30T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593582.425:11547076): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2221119043\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748/e00fb63bf9f9c075181c48073b541910ade8f64f3fc5f4a420ee617d742bb8ec.pid\" a14=\"0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748\""}
{"ts": "2026-04-30T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593582.425:11547076): arch=c000003e syscall=59 success=yes exit=0 a0=c0003b0ac0 a1=c00036a500 a2=c00036a600 a3=0 items=2 ppid=2638 pid=2861989 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:42Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593582.425:11547075): arch=c000003e syscall=59 success=yes exit=0 a0=c0004800d0 a1=c000394500 a2=c000394580 a3=0 items=2 ppid=3571 pid=2861990 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593581.790:11547074): proctitle=2F62696E2F7368002D630070675F69737265616479202D552077696E646D696C6C5F75736572202D642077696E646D696C6C5F6462"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.790:11547074): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:53 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.790:11547074): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:53 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593581.790:11547074): cwd=\"/\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593581.790:11547074): argc=5 a0=\"pg_isready\" a1=\"-U\" a2=\"windmill_user\" a3=\"-d\" a4=\"windmill_db\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593581.790:11547074): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593581.790:11547074): arch=c000003e syscall=59 success=yes exit=0 a0=7b29346c23f8 a1=7b29346c2290 a2=7b29346c2378 a3=0 items=2 ppid=3688 pid=2861978 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593581.786:11547073): proctitle=2F62696E2F7368002D630070675F69737265616479202D552077696E646D696C6C5F75736572202D642077696E646D696C6C5F6462"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.786:11547073): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:53 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.786:11547073): item=0 name=\"/bin/sh\" inode=8589166 dev=00:53 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593581.786:11547073): cwd=\"/\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593581.786:11547073): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552077696E646D696C6C5F75736572202D642077696E646D696C6C5F6462"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593581.786:11547073): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593581.786:11547073): arch=c000003e syscall=59 success=yes exit=0 a0=c00018af38 a1=c000022ac0 a2=c0001348c0 a3=0 items=2 ppid=3688 pid=2861978 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593581.754:11547072): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520617065785F75736572202D6420617065785F6462"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.754:11547072): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:69 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.754:11547072): item=0 name=\"/usr/local/bin/pg_isready\" inode=6091069 dev=00:69 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593581.754:11547072): cwd=\"/\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593581.754:11547072): argc=5 a0=\"pg_isready\" a1=\"-U\" a2=\"apex_user\" a3=\"-d\" a4=\"apex_db\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593581.754:11547072): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593581.754:11547072): arch=c000003e syscall=59 success=yes exit=0 a0=70792aae83f8 a1=70792aae8278 a2=70792aae8378 a3=0 items=2 ppid=3652 pid=2861959 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593581.751:11547071): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520617065785F75736572202D6420617065785F6462"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.751:11547071): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:69 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.751:11547071): item=0 name=\"/bin/sh\" inode=3454556 dev=00:69 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593581.751:11547071): cwd=\"/\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593581.751:11547071): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520617065785F75736572202D6420617065785F6462"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593581.751:11547071): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593581.751:11547071): arch=c000003e syscall=59 success=yes exit=0 a0=c000194f68 a1=c000022680 a2=c0000d88c0 a3=0 items=2 ppid=3652 pid=2861959 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593581.736:11547070): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.736:11547070): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.736:11547070): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:173 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593581.736:11547070): cwd=\"/var/lib/docker/rootfs/overlayfs/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593581.736:11547070): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593581.736:11547070): arch=c000003e syscall=59 success=yes exit=0 a0=c000173840 a1=c000177338 a2=c000179c80 a3=0 items=2 ppid=2861965 pid=2861975 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593581.721:11547069): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F32613336356335636263646565393463656638656238333338"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.721:11547069): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.721:11547069): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593581.721:11547069): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593581.721:11547069): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3671869685\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c/69a94ca35aba740b86e98ca1f92df46857ded8e30b1d671c6bc92fd706883bbe.pid\" a14=\"2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593581.721:11547069): arch=c000003e syscall=59 success=yes exit=0 a0=c0003ae5b0 a1=c000352580 a2=c000352600 a3=0 items=2 ppid=3688 pid=2861965 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593581.700:11547068): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.700:11547068): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.700:11547068): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593581.700:11547068): cwd=\"/var/lib/docker/rootfs/overlayfs/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593581.700:11547068): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593581.700:11547068): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b840 a1=c00017f338 a2=c000201c40 a3=0 items=2 ppid=2861946 pid=2861956 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593581.687:11547067): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F63316638663937643533353936653936373532306466353366"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.687:11547067): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.687:11547067): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593581.687:11547067): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593581.687:11547067): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2006220455\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83/5c7d0d992d112aa557087e9d0b00b12b526d5c2a9dbe8ad63962bd3b80d02a1f.pid\" a14=\"c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593581.687:11547067): arch=c000003e syscall=59 success=yes exit=0 a0=c000437700 a1=c000351000 a2=c000351080 a3=0 items=2 ppid=3652 pid=2861946 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593581.667:11547066): proctitle=2F62696E2F7368002D630070675F69737265616479202D552074797065626F74"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.667:11547066): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:51 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.667:11547066): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:51 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593581.667:11547066): cwd=\"/\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593581.667:11547066): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"typebot\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593581.667:11547066): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593581.667:11547066): arch=c000003e syscall=59 success=yes exit=0 a0=7644869e8278 a1=7644869e81d8 a2=7644869e81f8 a3=8080808080808080 items=2 ppid=3558 pid=2861939 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593581.664:11547065): proctitle=2F62696E2F7368002D630070675F69737265616479202D552074797065626F74"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.664:11547065): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:51 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.664:11547065): item=0 name=\"/bin/sh\" inode=8589166 dev=00:51 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593581.664:11547065): cwd=\"/\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593581.664:11547065): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552074797065626F74"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593581.664:11547065): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593581.664:11547065): arch=c000003e syscall=59 success=yes exit=0 a0=c0000fcf68 a1=c000022680 a2=c0001508c0 a3=0 items=2 ppid=3558 pid=2861939 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593581.621:11547064): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.621:11547064): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.621:11547064): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593581.621:11547064): cwd=\"/var/lib/docker/rootfs/overlayfs/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593581.621:11547064): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593581.621:11547064): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5890 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=2861927 pid=2861936 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593581.607:11547063): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F61353866643439636235323962633263336335663434343763"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.607:11547063): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.607:11547063): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593581.607:11547063): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593581.607:11547063): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2145589322\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b/08181dcb03677a52b44b94da897a35e5c2bc617b3f513bafb2581739cd5474ce.pid\" a14=\"a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593581.607:11547063): arch=c000003e syscall=59 success=yes exit=0 a0=c000428540 a1=c00041eb80 a2=c00041ec00 a3=0 items=2 ppid=3558 pid=2861927 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593581.550:11547062): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520646F63757365616C"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.550:11547062): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:54 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.550:11547062): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:54 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593581.550:11547062): cwd=\"/\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593581.550:11547062): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"docuseal\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593581.550:11547062): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593581.550:11547062): arch=c000003e syscall=59 success=yes exit=0 a0=76a68446b288 a1=76a68446b1e8 a2=76a68446b208 a3=0 items=2 ppid=3223 pid=2861918 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593581.547:11547061): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520646F63757365616C"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.547:11547061): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:54 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.547:11547061): item=0 name=\"/bin/sh\" inode=8589166 dev=00:54 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593581.547:11547061): cwd=\"/\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593581.547:11547061): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520646F63757365616C"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593581.547:11547061): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593581.547:11547061): arch=c000003e syscall=59 success=yes exit=0 a0=c000196f68 a1=c000022680 a2=c0000d88c0 a3=0 items=2 ppid=2861906 pid=2861918 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593581.503:11547060): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.503:11547060): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.503:11547060): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593581.503:11547060): cwd=\"/var/lib/docker/rootfs/overlayfs/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593581.503:11547060): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593581.503:11547060): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5890 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=2861906 pid=2861916 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593581.490:11547059): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F33363066643730616536656237636435653039353463653966"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.490:11547059): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.490:11547059): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593581.490:11547059): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593581.490:11547059): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2592379399\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a/c637720f7626ac66a2200c6c24270fde8698fe39f0211096c35d9069779fd8f3.pid\" a14=\"360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593581.490:11547059): arch=c000003e syscall=59 success=yes exit=0 a0=c0004013b0 a1=c00036b500 a2=c00036b580 a3=0 items=2 ppid=3223 pid=2861906 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593581.475:11547058): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.475:11547058): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.475:11547058): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593581.475:11547058): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593581.475:11547058): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593581.475:11547058): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593581.475:11547058): arch=c000003e syscall=59 success=yes exit=0 a0=76617ac47d60 a1=7660c025dfc0 a2=5669b9d93a40 a3=8 items=2 ppid=5468 pid=2861905 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593581.475:11547057): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.475:11547057): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593581.475:11547057): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593581.475:11547057): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660c025dfc0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2861905 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593581.474:11547056): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.474:11547056): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593581.474:11547056): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593581.474:11547056): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660c025dfc0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2861905 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593581.474:11547055): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.474:11547055): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593581.474:11547055): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593581.474:11547055): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660c025dfc0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2861905 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593581.474:11547054): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.474:11547054): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593581.474:11547054): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593581.474:11547054): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660c025dfc0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2861905 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593581.474:11547053): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.474:11547053): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593581.474:11547053): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593581.474:11547053): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660c025dfc0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2861905 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593581.474:11547052): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.474:11547052): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593581.474:11547052): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593581.474:11547052): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660c025dfc0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2861905 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593581.470:11547051): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.470:11547051): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.470:11547051): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593581.470:11547051): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593581.470:11547051): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593581.470:11547051): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593581.470:11547051): arch=c000003e syscall=59 success=yes exit=0 a0=76617ac47d60 a1=7660bbc48680 a2=5669b9d93a40 a3=8 items=2 ppid=5468 pid=2861904 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593581.470:11547050): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.470:11547050): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593581.470:11547050): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593581.470:11547050): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48680 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2861904 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593581.470:11547049): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.470:11547049): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593581.470:11547049): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593581.470:11547049): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48680 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2861904 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593581.469:11547048): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.469:11547048): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593581.469:11547048): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593581.469:11547048): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48680 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2861904 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593581.469:11547047): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.469:11547047): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593581.469:11547047): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593581.469:11547047): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48680 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2861904 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593581.469:11547046): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.469:11547046): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593581.469:11547046): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593581.469:11547046): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48680 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2861904 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593581.469:11547045): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.469:11547045): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593581.469:11547045): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593581.469:11547045): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48680 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2861904 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593581.466:11547044): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.466:11547044): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.466:11547044): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593581.466:11547044): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593581.466:11547044): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593581.466:11547044): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593581.466:11547044): arch=c000003e syscall=59 success=yes exit=0 a0=76617ac47d60 a1=7660bbc48f20 a2=5669b9d93a40 a3=8 items=2 ppid=5468 pid=2861903 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593581.466:11547043): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.466:11547043): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593581.466:11547043): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593581.466:11547043): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48f20 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2861903 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593581.466:11547042): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.466:11547042): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593581.466:11547042): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593581.466:11547042): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48f20 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2861903 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593581.465:11547041): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.465:11547041): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593581.465:11547041): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593581.465:11547041): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48f20 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2861903 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593581.465:11547040): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.465:11547040): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593581.465:11547040): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593581.465:11547040): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48f20 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2861903 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593581.465:11547039): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.465:11547039): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593581.465:11547039): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593581.465:11547039): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48f20 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2861903 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593581.465:11547038): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.465:11547038): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593581.465:11547038): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593581.465:11547038): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48f20 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2861903 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593581.446:11547037): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.446:11547037): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=5809101 dev=00:5b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.446:11547037): item=0 name=\"/usr/local/bin/redis-cli\" inode=928088 dev=00:5b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593581.446:11547037): cwd=\"/data\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593581.446:11547037): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593581.446:11547037): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593581.446:11547037): arch=c000003e syscall=59 success=yes exit=0 a0=c000028760 a1=c000117350 a2=c0000df1c0 a3=0 items=2 ppid=3759 pid=2861881 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593581.421:11547036): proctitle=77676574002D2D6E6F2D766572626F7365002D2D74726965733D31002D2D73706964657200687474703A2F2F3132372E302E302E313A383132332F70696E67"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.421:11547036): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6688979 dev=00:8d mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.421:11547036): item=0 name=\"/usr/bin/wget\" inode=6699356 dev=00:8d mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593581.421:11547036): cwd=\"/\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593581.421:11547036): argc=5 a0=\"wget\" a1=\"--no-verbose\" a2=\"--tries=1\" a3=\"--spider\" a4=\"http://127.0.0.1:8123/ping\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593581.421:11547036): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593581.421:11547036): arch=c000003e syscall=59 success=yes exit=0 a0=710ad6deb4c0 a1=710ad6deb420 a2=710ad6deb450 a3=8 items=2 ppid=2861859 pid=2861897 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593581.415:11547035): proctitle=2F62696E2F7368002D630077676574202D2D6E6F2D766572626F7365202D2D74726965733D31202D2D73706964657220687474703A2F2F3132372E302E302E313A383132332F70696E67207C7C20657869742031"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.415:11547035): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6688979 dev=00:8d mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.415:11547035): item=0 name=\"/bin/sh\" inode=6699356 dev=00:8d mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593581.415:11547035): cwd=\"/\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593581.415:11547035): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=77676574202D2D6E6F2D766572626F7365202D2D74726965733D31202D2D73706964657220687474703A2F2F3132372E302E302E313A383132332F70696E67207C7C20657869742031"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593581.415:11547035): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593581.415:11547035): arch=c000003e syscall=59 success=yes exit=0 a0=c0001a8f78 a1=c000022680 a2=c0000250e0 a3=0 items=2 ppid=2861847 pid=2861859 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593581.409:11547034): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.409:11547034): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.409:11547034): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:19f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593581.409:11547034): cwd=\"/var/lib/docker/rootfs/overlayfs/056a09c20dcef0fe62aa8b538144973d1eea3cbffb3ac42d3a0cc1c2e4e596d5\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593581.409:11547034): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593581.409:11547034): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f5820 a1=c0001f9338 a2=c0001fbc40 a3=0 items=2 ppid=2861871 pid=2861891 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593581.394:11547033): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.394:11547033): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.394:11547033): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:173 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593581.394:11547033): cwd=\"/var/lib/docker/rootfs/overlayfs/7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593581.394:11547033): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593581.394:11547033): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b830 a1=c00017f338 a2=c000181c00 a3=0 items=2 ppid=2861865 pid=2861874 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593581.392:11547032): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F30353661303963323064636566306665363261613862353338"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.392:11547032): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.392:11547032): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593581.392:11547032): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/056a09c20dcef0fe62aa8b538144973d1eea3cbffb3ac42d3a0cc1c2e4e596d5\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593581.392:11547032): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/056a09c20dcef0fe62aa8b538144973d1eea3cbffb3ac42d3a0cc1c2e4e596d5/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2923561654\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/056a09c20dcef0fe62aa8b538144973d1eea3cbffb3ac42d3a0cc1c2e4e596d5/5a0a2c501efb5cc8931bcef0a43fafaaa18e557c623e8fa76196bfad5859b32a.pid\" a14=\"056a09c20dcef0fe62aa8b538144973d1eea3cbffb3ac42d3a0cc1c2e4e596d5\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593581.392:11547032): arch=c000003e syscall=59 success=yes exit=0 a0=c000010940 a1=c00019f980 a2=c00019fa00 a3=0 items=2 ppid=2819 pid=2861871 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593581.377:11547031): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F37653133646436663732366137623537636331343730633130"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.377:11547031): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.377:11547031): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593581.377:11547031): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593581.377:11547031): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1286475712\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc/3d9f1cb3ce4c25a54ddaf3fef48a2ea10cf547580fc97ab96533068ae16c083a.pid\" a14=\"7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593581.377:11547031): arch=c000003e syscall=59 success=yes exit=0 a0=c000406580 a1=c00011c880 a2=c00011c900 a3=0 items=2 ppid=3759 pid=2861865 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593581.356:11547030): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.356:11547030): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.356:11547030): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593581.356:11547030): cwd=\"/var/lib/docker/rootfs/overlayfs/0bcf4b17c85dedab788e8c9e9c1a88a006bbcf2309ef561d1c40a8ba421d79ad\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593581.356:11547030): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593581.356:11547030): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c58b0 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=2861847 pid=2861857 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593581.341:11547029): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F30626366346231376338356465646162373838653863396539"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.341:11547029): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.341:11547029): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593581.341:11547029): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/0bcf4b17c85dedab788e8c9e9c1a88a006bbcf2309ef561d1c40a8ba421d79ad\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593581.341:11547029): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/0bcf4b17c85dedab788e8c9e9c1a88a006bbcf2309ef561d1c40a8ba421d79ad/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3048245300\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/0bcf4b17c85dedab788e8c9e9c1a88a006bbcf2309ef561d1c40a8ba421d79ad/526d3af1cf82b001c4a9a9a7b5f17c57273d13e846557405b078a2b909d34a3a.pid\" a14=\"0bcf4b17c85dedab788e8c9e9c1a88a006bbcf2309ef561d1c40a8ba421d79ad\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593581.341:11547029): arch=c000003e syscall=59 success=yes exit=0 a0=c0002071c0 a1=c0002c6980 a2=c0002c6a00 a3=0 items=2 ppid=2498510 pid=2861847 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593581.035:11547028): proctitle=6A71002D2D7261772D6F7574707574002E737461747573"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.035:11547028): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:b6 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.035:11547028): item=0 name=\"/usr/bin/jq\" inode=7115963 dev=00:b6 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593581.035:11547028): cwd=\"/app\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593581.035:11547028): argc=3 a0=\"jq\" a1=\"--raw-output\" a2=\".status\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593581.035:11547028): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593581.035:11547028): arch=c000003e syscall=59 success=yes exit=0 a0=63a4dea279a0 a1=63a4dea28280 a2=63a4dea24300 a3=8 items=2 ppid=2861843 pid=2861845 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"jq\" exe=\"/usr/bin/jq\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593581.035:11547027): proctitle=6375726C002D2D73696C656E7400687474703A2F2F3132372E302E302E313A38312F6170692F"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.035:11547027): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:b6 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.035:11547027): item=0 name=\"/usr/bin/curl\" inode=7115848 dev=00:b6 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593581.035:11547027): cwd=\"/app\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593581.035:11547027): argc=3 a0=\"curl\" a1=\"--silent\" a2=\"http://127.0.0.1:81/api/\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593581.035:11547027): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593581.035:11547027): arch=c000003e syscall=59 success=yes exit=0 a0=63a4dea279d0 a1=63a4dea282b0 a2=63a4dea24300 a3=8 items=2 ppid=2861843 pid=2861844 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"curl\" exe=\"/usr/bin/curl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593581.028:11547026): proctitle=2F62696E2F62617368002F62696E2F636865636B2D6865616C7468"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.028:11547026): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:b6 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.028:11547026): item=1 name=\"/bin/bash\" inode=6954383 dev=00:b6 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593581.028:11547026): item=0 name=\"/bin/check-health\" inode=8694993 dev=00:b6 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593581.028:11547026): cwd=\"/app\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593581.028:11547026): argc=2 a0=\"/bin/bash\" a1=\"/bin/check-health\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593581.028:11547026): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593581.028:11547026): arch=c000003e syscall=59 success=yes exit=0 a0=c000027518 a1=c00002ade0 a2=c0000ce640 a3=0 items=3 ppid=4295 pid=2861837 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"check-health\" exe=\"/usr/bin/bash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593580.977:11547025): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593580.977:11547025): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593580.977:11547025): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593580.977:11547025): cwd=\"/var/lib/docker/rootfs/overlayfs/3d00cea9d890ac76ec9bbdca47f4d82e83b0a918911a118694314103c0f1ab42\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593580.977:11547025): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593580.977:11547025): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c58b0 a1=c0001c9350 a2=c0001cbc00 a3=0 items=2 ppid=2861825 pid=2861833 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593580.963:11547024): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F33643030636561396438393061633736656339626264636134"}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593580.963:11547024): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593580.963:11547024): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593580.963:11547024): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/3d00cea9d890ac76ec9bbdca47f4d82e83b0a918911a118694314103c0f1ab42\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593580.963:11547024): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/3d00cea9d890ac76ec9bbdca47f4d82e83b0a918911a118694314103c0f1ab42/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process70531762\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/3d00cea9d890ac76ec9bbdca47f4d82e83b0a918911a118694314103c0f1ab42/2364d1c7becfea08326a51710dab01b645e5c1e9dd884463948f9b1944f176b8.pid\" a14=\"3d00cea9d890ac76ec9bbdca47f4d82e83b0a918911a118694314103c0f1ab42\""}
{"ts": "2026-04-30T23:59:41Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593580.963:11547024): arch=c000003e syscall=59 success=yes exit=0 a0=c000010db0 a1=c0001bc000 a2=c0001bc080 a3=0 items=2 ppid=4295 pid=2861825 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593580.188:11547023): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-30T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593580.188:11547023): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:4f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593580.188:11547023): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:4f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593580.188:11547023): cwd=\"/\""}
{"ts": "2026-04-30T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593580.188:11547023): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"postgres\""}
{"ts": "2026-04-30T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593580.188:11547023): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593580.188:11547023): arch=c000003e syscall=59 success=yes exit=0 a0=74f588056288 a1=74f5880561e8 a2=74f588056208 a3=0 items=2 ppid=3630 pid=2861816 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593580.185:11547022): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-30T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593580.185:11547022): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:4f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593580.185:11547022): item=0 name=\"/bin/sh\" inode=8589166 dev=00:4f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593580.185:11547022): cwd=\"/\""}
{"ts": "2026-04-30T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593580.185:11547022): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-30T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593580.185:11547022): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593580.185:11547022): arch=c000003e syscall=59 success=yes exit=0 a0=c00018cf48 a1=c000022ac0 a2=c0001348c0 a3=0 items=2 ppid=3630 pid=2861816 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593580.145:11547021): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593580.145:11547021): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593580.145:11547021): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593580.145:11547021): cwd=\"/var/lib/docker/rootfs/overlayfs/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41\""}
{"ts": "2026-04-30T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593580.145:11547021): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593580.145:11547021): arch=c000003e syscall=59 success=yes exit=0 a0=c0001eb850 a1=c0001ef338 a2=c0001f1c40 a3=0 items=2 ppid=2861803 pid=2861812 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593580.130:11547020): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36373039376639343730643235616536323333306332373865"}
{"ts": "2026-04-30T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593580.130:11547020): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593580.130:11547020): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593580.130:11547020): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41\""}
{"ts": "2026-04-30T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593580.130:11547020): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2628406013\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41/af94f343e49ff7acb9ce9e15b36fb0143057adb5501eb978b776fe7af439fac0.pid\" a14=\"67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41\""}
{"ts": "2026-04-30T23:59:40Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593580.130:11547020): arch=c000003e syscall=59 success=yes exit=0 a0=c00025de50 a1=c0002d4980 a2=c0002d4a00 a3=0 items=2 ppid=3630 pid=2861803 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593579.748:11547019): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593579.748:11547019): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6694357 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593579.748:11547019): item=0 name=\"/usr/local/bin/redis-cli\" inode=6703632 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593579.748:11547019): cwd=\"/data\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593579.748:11547019): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593579.748:11547019): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593579.748:11547019): arch=c000003e syscall=59 success=yes exit=0 a0=c000028760 a1=c00009f350 a2=c0001651c0 a3=0 items=2 ppid=2767 pid=2861797 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593579.704:11547018): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593579.704:11547018): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593579.704:11547018): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593579.704:11547018): cwd=\"/var/lib/docker/rootfs/overlayfs/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593579.704:11547018): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593579.704:11547018): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3830 a1=c0001f7338 a2=c0001f9c00 a3=0 items=2 ppid=2861784 pid=2861792 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593579.690:11547017): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F34383062353761303034306362373564646534356436663664"}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593579.690:11547017): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593579.690:11547017): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593579.690:11547017): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593579.690:11547017): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1650993513\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af/2a4d82fdee6e292eedf6d8fbdeb362a6eaad4dd0ef652f6a68b333b727084603.pid\" a14=\"480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593579.690:11547017): arch=c000003e syscall=59 success=yes exit=0 a0=c0002a7260 a1=c000154f80 a2=c000155100 a3=0 items=2 ppid=2767 pid=2861784 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593579.495:11547016): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550067726F777468626F6F6B002D6400706F737467726573"}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593579.495:11547016): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593579.495:11547016): item=0 name=\"/usr/lib/postgresql/17/bin/pg_isready\" inode=3958125 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593579.495:11547016): cwd=\"/\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593579.495:11547016): argc=5 a0=\"/usr/lib/postgresql/17/bin/pg_isready\" a1=\"-U\" a2=\"growthbook\" a3=\"-d\" a4=\"postgres\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593579.495:11547016): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593579.495:11547016): arch=c000003e syscall=59 success=yes exit=0 a0=5961842203d0 a1=596184395160 a2=596184015970 a3=701ce100ae70 items=2 ppid=2861774 pid=2861781 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/lib/postgresql/17/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593579.484:11547015): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550070726F6D6574686575735F61646D696E002D640070726F6D6574686575735F61646D696E"}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593579.484:11547015): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=5581428 dev=00:af mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593579.484:11547015): item=0 name=\"/usr/lib/postgresql/17/bin/pg_isready\" inode=5809487 dev=00:af mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593579.484:11547015): cwd=\"/\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593579.484:11547015): argc=5 a0=\"/usr/lib/postgresql/17/bin/pg_isready\" a1=\"-U\" a2=\"prometheus_admin\" a3=\"-d\" a4=\"prometheus_admin\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593579.484:11547015): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593579.484:11547015): arch=c000003e syscall=59 success=yes exit=0 a0=62c2bd7cda90 a1=62c2bd7f2310 a2=62c2bd454970 a3=7878f47fae70 items=2 ppid=2861762 pid=2861780 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/lib/postgresql/17/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593579.454:11547014): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550067726F777468626F6F6B002D6400706F737467726573"}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593579.454:11547014): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593579.454:11547014): item=1 name=\"/usr/bin/perl\" inode=6956288 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593579.454:11547014): item=0 name=\"/usr/bin/pg_isready\" inode=4211279 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593579.454:11547014): cwd=\"/\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593579.454:11547014): argc=6 a0=\"/usr/bin/perl\" a1=\"/usr/bin/pg_isready\" a2=\"-U\" a3=\"growthbook\" a4=\"-d\" a5=\"postgres\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593579.454:11547014): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593579.454:11547014): arch=c000003e syscall=59 success=yes exit=0 a0=63c631861640 a1=63c5fa0849a8 a2=63c6318615d8 a3=8 items=3 ppid=2861774 pid=2861781 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/bin/perl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593579.449:11547013): proctitle=2F62696E2F7368002D630070675F69737265616479202D552067726F777468626F6F6B202D6420706F737467726573"}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593579.449:11547013): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593579.449:11547013): item=0 name=\"/bin/sh\" inode=6954646 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593579.449:11547013): cwd=\"/\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593579.449:11547013): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552067726F777468626F6F6B202D6420706F737467726573"}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593579.449:11547013): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593579.449:11547013): arch=c000003e syscall=59 success=yes exit=0 a0=c0000fee80 a1=c000022ac0 a2=c00018e0c0 a3=0 items=2 ppid=2861749 pid=2861774 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/usr/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593579.442:11547012): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550070726F6D6574686575735F61646D696E002D640070726F6D6574686575735F61646D696E"}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593579.442:11547012): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=5581428 dev=00:af mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593579.442:11547012): item=1 name=\"/usr/bin/perl\" inode=5580916 dev=00:af mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593579.442:11547012): item=0 name=\"/usr/bin/pg_isready\" inode=5823482 dev=00:af mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593579.442:11547012): cwd=\"/\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593579.442:11547012): argc=6 a0=\"/usr/bin/perl\" a1=\"/usr/bin/pg_isready\" a2=\"-U\" a3=\"prometheus_admin\" a4=\"-d\" a5=\"prometheus_admin\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593579.442:11547012): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593579.442:11547012): arch=c000003e syscall=59 success=yes exit=0 a0=6185ca1c1678 a1=6185ca1c15e0 a2=6185ca1c1610 a3=8 items=3 ppid=2861762 pid=2861780 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/bin/perl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593579.436:11547011): proctitle=2F62696E2F7368002D630070675F69737265616479202D552070726F6D6574686575735F61646D696E202D642070726F6D6574686575735F61646D696E"}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593579.436:11547011): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=5581428 dev=00:af mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593579.436:11547011): item=0 name=\"/bin/sh\" inode=5580787 dev=00:af mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593579.436:11547011): cwd=\"/\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593579.436:11547011): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552070726F6D6574686575735F61646D696E202D642070726F6D6574686575735F61646D696E"}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593579.436:11547011): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593579.436:11547011): arch=c000003e syscall=59 success=yes exit=0 a0=c00017ae80 a1=c000022ac0 a2=c0001000c0 a3=0 items=2 ppid=2861743 pid=2861762 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/usr/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593579.406:11547010): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593579.406:11547010): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593579.406:11547010): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:173 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593579.406:11547010): cwd=\"/var/lib/docker/rootfs/overlayfs/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593579.406:11547010): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593579.406:11547010): arch=c000003e syscall=59 success=yes exit=0 a0=c0001eb830 a1=c0001ef338 a2=c0001f1c40 a3=0 items=2 ppid=2861749 pid=2861770 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593579.395:11547009): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593579.395:11547009): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593579.395:11547009): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593579.395:11547009): cwd=\"/var/lib/docker/rootfs/overlayfs/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593579.395:11547009): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593579.395:11547009): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b830 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=2861743 pid=2861753 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593579.390:11547008): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F30326662356464303063653239313436373264356635333762"}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593579.390:11547008): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593579.390:11547008): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593579.390:11547008): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593579.390:11547008): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3672262640\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf/89402540ce1166948601024b3907a946f94845ec8a2ba585282dc11ae2e372d5.pid\" a14=\"02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593579.390:11547008): arch=c000003e syscall=59 success=yes exit=0 a0=c000371420 a1=c0001b8f80 a2=c0001b9000 a3=0 items=2 ppid=4084 pid=2861749 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593579.378:11547007): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F39366463666130373439336431613065353531353136646432"}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593579.378:11547007): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593579.378:11547007): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593579.378:11547007): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593579.378:11547007): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1751868423\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24/3a580d7450d0f00d0bdc3061af493e868517ec6d47320e5bdb2cdb8e356e4efc.pid\" a14=\"96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24\""}
{"ts": "2026-04-30T23:59:39Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593579.378:11547007): arch=c000003e syscall=59 success=yes exit=0 a0=c0003408b0 a1=c00034b000 a2=c00034b080 a3=0 items=2 ppid=4402 pid=2861743 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593578.467:11547006): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593578.467:11547006): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593578.467:11547006): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593578.467:11547006): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593578.467:11547006): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593578.467:11547006): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593578.467:11547006): arch=c000003e syscall=59 success=yes exit=0 a0=75e2ac12cd60 a1=75e246000760 a2=6265ad214650 a3=8 items=2 ppid=5407 pid=2861740 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593578.467:11547005): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593578.467:11547005): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593578.467:11547005): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593578.467:11547005): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246000760 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2861740 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593578.467:11547004): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593578.467:11547004): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593578.467:11547004): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593578.467:11547004): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246000760 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2861740 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593578.466:11547003): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593578.466:11547003): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593578.466:11547003): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593578.466:11547003): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246000760 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2861740 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593578.466:11547002): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593578.466:11547002): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593578.466:11547002): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593578.466:11547002): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246000760 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2861740 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593578.466:11547001): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593578.466:11547001): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593578.466:11547001): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593578.466:11547001): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246000760 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2861740 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593578.466:11547000): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593578.466:11547000): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593578.466:11547000): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593578.466:11547000): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246000760 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2861740 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593578.463:11546999): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593578.463:11546999): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593578.463:11546999): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593578.463:11546999): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593578.463:11546999): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593578.463:11546999): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593578.463:11546999): arch=c000003e syscall=59 success=yes exit=0 a0=75e2ac12cd60 a1=75e246587040 a2=6265ad214650 a3=8 items=2 ppid=5407 pid=2861739 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593578.463:11546998): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593578.463:11546998): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593578.463:11546998): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593578.463:11546998): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246587040 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2861739 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593578.463:11546997): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593578.463:11546997): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593578.463:11546997): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593578.463:11546997): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246587040 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2861739 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593578.463:11546996): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593578.463:11546996): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593578.463:11546996): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593578.463:11546996): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246587040 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2861739 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593578.463:11546995): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593578.463:11546995): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593578.463:11546995): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593578.463:11546995): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246587040 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2861739 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593578.463:11546994): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593578.463:11546994): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593578.463:11546994): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593578.463:11546994): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246587040 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2861739 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593578.463:11546993): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593578.463:11546993): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593578.463:11546993): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593578.463:11546993): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246587040 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2861739 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593578.460:11546992): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593578.460:11546992): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593578.460:11546992): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593578.460:11546992): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593578.460:11546992): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593578.460:11546992): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593578.460:11546992): arch=c000003e syscall=59 success=yes exit=0 a0=75e2ac12cd60 a1=75e246000700 a2=6265ad214650 a3=8 items=2 ppid=5407 pid=2861738 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593578.460:11546991): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593578.460:11546991): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593578.460:11546991): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593578.460:11546991): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246000700 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2861738 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593578.460:11546990): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593578.460:11546990): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593578.460:11546990): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593578.460:11546990): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246000700 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2861738 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593578.460:11546989): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593578.460:11546989): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593578.460:11546989): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593578.460:11546989): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246000700 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2861738 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593578.460:11546988): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593578.460:11546988): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593578.460:11546988): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593578.460:11546988): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246000700 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2861738 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593578.460:11546987): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593578.460:11546987): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593578.460:11546987): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593578.460:11546987): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246000700 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2861738 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593578.460:11546986): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593578.460:11546986): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593578.460:11546986): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:38Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593578.460:11546986): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246000700 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2861738 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593577.307:11546985): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520666F7267656A6F"}
{"ts": "2026-04-30T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593577.307:11546985): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:52 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593577.307:11546985): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:52 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593577.307:11546985): cwd=\"/\""}
{"ts": "2026-04-30T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593577.307:11546985): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"forgejo\""}
{"ts": "2026-04-30T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593577.307:11546985): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593577.307:11546985): arch=c000003e syscall=59 success=yes exit=0 a0=7c7212907278 a1=7c72129071d8 a2=7c72129071f8 a3=8080808080808080 items=2 ppid=3626 pid=2861729 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593577.303:11546984): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520666F7267656A6F"}
{"ts": "2026-04-30T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593577.303:11546984): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:52 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593577.303:11546984): item=0 name=\"/bin/sh\" inode=8589166 dev=00:52 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593577.303:11546984): cwd=\"/\""}
{"ts": "2026-04-30T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593577.303:11546984): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520666F7267656A6F"}
{"ts": "2026-04-30T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593577.303:11546984): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593577.303:11546984): arch=c000003e syscall=59 success=yes exit=0 a0=c00018af38 a1=c000022ac0 a2=c0001348c0 a3=0 items=2 ppid=3626 pid=2861729 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593577.247:11546983): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593577.247:11546983): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593577.247:11546983): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593577.247:11546983): cwd=\"/var/lib/docker/rootfs/overlayfs/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251\""}
{"ts": "2026-04-30T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593577.247:11546983): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593577.247:11546983): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b840 a1=c00017f338 a2=c000201c40 a3=0 items=2 ppid=2861717 pid=2861726 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593577.230:11546982): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F32636464336430383963393436373631633432633763666334"}
{"ts": "2026-04-30T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593577.230:11546982): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593577.230:11546982): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593577.230:11546982): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251\""}
{"ts": "2026-04-30T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593577.230:11546982): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process577231594\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251/2a446c80fbb8449bf4dd8de4e2796d1a2dac40cc2265b1681bedbac1ceae9546.pid\" a14=\"2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251\""}
{"ts": "2026-04-30T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593577.230:11546982): arch=c000003e syscall=59 success=yes exit=0 a0=c00027fcd0 a1=c00014a180 a2=c00014a200 a3=0 items=2 ppid=3626 pid=2861717 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593577.102:11546981): proctitle=67726570003A30424238002F70726F632F6E65742F746370"}
{"ts": "2026-04-30T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593577.102:11546981): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6834212 dev=00:9d mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593577.102:11546981): item=0 name=\"/bin/grep\" inode=6832538 dev=00:9d mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593577.102:11546981): cwd=\"/app\""}
{"ts": "2026-04-30T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593577.102:11546981): argc=3 a0=\"grep\" a1=\":0BB8\" a2=\"/proc/net/tcp\""}
{"ts": "2026-04-30T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593577.102:11546981): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593577.102:11546981): arch=c000003e syscall=59 success=yes exit=0 a0=57feba4f8758 a1=57feb3f86990 a2=57feba4f86e8 a3=8 items=2 ppid=2861709 pid=2861716 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"grep\" exe=\"/bin/grep\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593577.097:11546980): proctitle=2F62696E2F7368002D630067726570203A30424238202F70726F632F6E65742F746370207C7C20657869742031"}
{"ts": "2026-04-30T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593577.097:11546980): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6834212 dev=00:9d mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593577.097:11546980): item=0 name=\"/bin/sh\" inode=6832457 dev=00:9d mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593577.097:11546980): cwd=\"/app\""}
{"ts": "2026-04-30T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593577.097:11546980): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=67726570203A30424238202F70726F632F6E65742F746370207C7C20657869742031"}
{"ts": "2026-04-30T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593577.097:11546980): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593577.097:11546980): arch=c000003e syscall=59 success=yes exit=0 a0=c00018aeb8 a1=c000022ac0 a2=c0001348c0 a3=0 items=2 ppid=2861697 pid=2861709 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593577.049:11546979): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593577.049:11546979): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593577.049:11546979): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593577.049:11546979): cwd=\"/var/lib/docker/rootfs/overlayfs/99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2\""}
{"ts": "2026-04-30T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593577.049:11546979): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593577.049:11546979): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5890 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=2861697 pid=2861706 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593577.034:11546978): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F39393735326335353431306262366163653365353739303464"}
{"ts": "2026-04-30T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593577.034:11546978): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593577.034:11546978): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593577.034:11546978): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2\""}
{"ts": "2026-04-30T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593577.034:11546978): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2149018645\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2/c84d76b780638064e6a8fc5088d1bffff6dd3e6f9ef84b39c69a546f421f11c7.pid\" a14=\"99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2\""}
{"ts": "2026-04-30T23:59:37Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593577.034:11546978): arch=c000003e syscall=59 success=yes exit=0 a0=c000318f60 a1=c0002b4580 a2=c0002b4600 a3=0 items=2 ppid=4578 pid=2861697 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593576.833:11546977): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593576.833:11546977): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593576.833:11546977): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593576.833:11546977): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593576.833:11546977): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593576.833:11546977): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593576.833:11546977): arch=c000003e syscall=59 success=yes exit=0 a0=7faf8d900d60 a1=7faeecc35d60 a2=634a8a009a40 a3=8 items=2 ppid=5417 pid=2861696 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593576.833:11546976): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593576.833:11546976): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593576.833:11546976): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593576.833:11546976): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeecc35d60 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2861696 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593576.833:11546975): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593576.833:11546975): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593576.833:11546975): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593576.833:11546975): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeecc35d60 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2861696 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593576.833:11546974): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593576.833:11546974): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593576.833:11546974): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593576.833:11546974): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeecc35d60 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2861696 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593576.833:11546973): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593576.833:11546973): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593576.833:11546973): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593576.833:11546973): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeecc35d60 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2861696 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593576.833:11546972): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593576.833:11546972): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593576.833:11546972): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593576.833:11546972): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeecc35d60 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2861696 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593576.833:11546971): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593576.833:11546971): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593576.833:11546971): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593576.833:11546971): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeecc35d60 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2861696 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593576.830:11546970): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593576.830:11546970): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593576.830:11546970): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593576.830:11546970): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593576.830:11546970): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593576.830:11546970): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593576.830:11546970): arch=c000003e syscall=59 success=yes exit=0 a0=7faf8d900d60 a1=7faee3002880 a2=634a8a009a40 a3=8 items=2 ppid=5417 pid=2861695 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593576.830:11546969): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593576.830:11546969): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593576.830:11546969): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593576.830:11546969): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee3002880 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2861695 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593576.830:11546968): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593576.830:11546968): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593576.830:11546968): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593576.830:11546968): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee3002880 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2861695 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593576.830:11546967): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593576.830:11546967): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593576.830:11546967): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593576.830:11546967): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee3002880 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2861695 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593576.830:11546966): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593576.830:11546966): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593576.830:11546966): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593576.830:11546966): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee3002880 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2861695 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593576.830:11546965): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593576.830:11546965): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593576.830:11546965): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593576.830:11546965): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee3002880 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2861695 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593576.830:11546964): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593576.830:11546964): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593576.830:11546964): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593576.830:11546964): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee3002880 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2861695 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593576.827:11546963): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593576.827:11546963): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593576.827:11546963): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593576.827:11546963): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593576.827:11546963): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593576.827:11546963): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593576.827:11546963): arch=c000003e syscall=59 success=yes exit=0 a0=7faf8d900d60 a1=7faee30028c0 a2=634a8a009a40 a3=8 items=2 ppid=5417 pid=2861694 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593576.826:11546962): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593576.826:11546962): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593576.826:11546962): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593576.826:11546962): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee30028c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2861694 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593576.826:11546961): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593576.826:11546961): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593576.826:11546961): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593576.826:11546961): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee30028c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2861694 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593576.826:11546960): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593576.826:11546960): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593576.826:11546960): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593576.826:11546960): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee30028c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2861694 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593576.826:11546959): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593576.826:11546959): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593576.826:11546959): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593576.826:11546959): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee30028c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2861694 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593576.826:11546958): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593576.826:11546958): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593576.826:11546958): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593576.826:11546958): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee30028c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2861694 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593576.826:11546957): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593576.826:11546957): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593576.826:11546957): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593576.826:11546957): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee30028c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2861694 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593576.330:11546956): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593576.330:11546956): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:50 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593576.330:11546956): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:50 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593576.330:11546956): cwd=\"/\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593576.330:11546956): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"postgres\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593576.330:11546956): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593576.330:11546956): arch=c000003e syscall=59 success=yes exit=0 a0=73917b871288 a1=73917b8711e8 a2=73917b871208 a3=0 items=2 ppid=4000 pid=2861685 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593576.326:11546955): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593576.326:11546955): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:50 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593576.326:11546955): item=0 name=\"/bin/sh\" inode=8589166 dev=00:50 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593576.326:11546955): cwd=\"/\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593576.326:11546955): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593576.326:11546955): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593576.326:11546955): arch=c000003e syscall=59 success=yes exit=0 a0=c000196f68 a1=c000022680 a2=c0000d88c0 a3=0 items=2 ppid=4000 pid=2861685 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593576.283:11546954): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593576.283:11546954): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593576.283:11546954): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593576.283:11546954): cwd=\"/var/lib/docker/rootfs/overlayfs/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593576.283:11546954): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593576.283:11546954): arch=c000003e syscall=59 success=yes exit=0 a0=c0001cd890 a1=c0001d1350 a2=c0001d3c40 a3=0 items=2 ppid=2861673 pid=2861682 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593576.261:11546953): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36653065616135386161643139626438656463306639353565"}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593576.261:11546953): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593576.261:11546953): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593576.261:11546953): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593576.261:11546953): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2115517473\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39/4a0fef86d97f383e3999bc58b2ac783a64aaace6ba46d6fe0f93c8ae3e314523.pid\" a14=\"6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39\""}
{"ts": "2026-04-30T23:59:36Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593576.261:11546953): arch=c000003e syscall=59 success=yes exit=0 a0=c00032b7a0 a1=c00017f480 a2=c00017fd00 a3=0 items=2 ppid=4000 pid=2861673 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593575.427:11546952): proctitle=6E6F6465002D65007265717569726528276874747027292E6765742827687474703A2F2F27202B207265717569726528276F7327292E686F73746E616D652829202B20273A333030302F272C2072203D3E2070726F636573732E657869742828722E737461747573436F6465203D3D3D20323030207C7C20722E737461747573"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593575.427:11546952): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6834212 dev=00:8f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593575.427:11546952): item=0 name=\"/usr/local/bin/node\" inode=6881221 dev=00:8f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593575.427:11546952): cwd=\"/app\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593575.427:11546952): argc=3 a0=\"node\" a1=\"-e\" a2=7265717569726528276874747027292E6765742827687474703A2F2F27202B207265717569726528276F7327292E686F73746E616D652829202B20273A333030302F272C2072203D3E2070726F636573732E657869742828722E737461747573436F6465203D3D3D20323030207C7C20722E737461747573436F6465203D3D3D2033303729203F2030203A203129292E6F6E28276572726F72272C202829203D3E2070726F636573732E6578697428312929"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593575.427:11546952): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593575.427:11546952): arch=c000003e syscall=59 success=yes exit=0 a0=5e2ec761ec68 a1=5e2ec761e8f8 a2=5e2ec761eba8 a3=8 items=2 ppid=2861653 pid=2861662 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"node\" exe=\"/usr/local/bin/node\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593575.423:11546951): proctitle=2F62696E2F7368002D63006E6F6465202D6520227265717569726528276874747027292E6765742827687474703A2F2F27202B207265717569726528276F7327292E686F73746E616D652829202B20273A333030302F272C2072203D3E2070726F636573732E657869742828722E737461747573436F6465203D3D3D20323030"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593575.423:11546951): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6834212 dev=00:8f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593575.423:11546951): item=0 name=\"/bin/sh\" inode=6832457 dev=00:8f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593575.423:11546951): cwd=\"/app\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593575.423:11546951): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=6E6F6465202D6520227265717569726528276874747027292E6765742827687474703A2F2F27202B207265717569726528276F7327292E686F73746E616D652829202B20273A333030302F272C2072203D3E2070726F636573732E657869742828722E737461747573436F6465203D3D3D20323030207C7C20722E737461747573436F6465203D3D3D2033303729203F2030203A203129292E6F6E28276572726F72272C202829203D3E2070726F636573732E657869742831292922"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593575.423:11546951): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593575.423:11546951): arch=c000003e syscall=59 success=yes exit=0 a0=c00019af08 a1=c000022680 a2=c0000c4240 a3=0 items=2 ppid=2861641 pid=2861653 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593575.415:11546950): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593575.415:11546950): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593575.415:11546950): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593575.415:11546950): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593575.415:11546950): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593575.415:11546950): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593575.415:11546950): arch=c000003e syscall=59 success=yes exit=0 a0=76617ac47d60 a1=7660bbc48f00 a2=5669b9d93a40 a3=8 items=2 ppid=5468 pid=2861661 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593575.415:11546949): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593575.415:11546949): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593575.415:11546949): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593575.415:11546949): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48f00 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2861661 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593575.415:11546948): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593575.415:11546948): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593575.415:11546948): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593575.415:11546948): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48f00 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2861661 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593575.414:11546947): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593575.414:11546947): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593575.414:11546947): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593575.414:11546947): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48f00 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2861661 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593575.414:11546946): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593575.414:11546946): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593575.414:11546946): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593575.414:11546946): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48f00 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2861661 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593575.414:11546945): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593575.414:11546945): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593575.414:11546945): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593575.414:11546945): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48f00 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2861661 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593575.414:11546944): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593575.414:11546944): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593575.414:11546944): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593575.414:11546944): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48f00 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2861661 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593575.411:11546943): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593575.411:11546943): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593575.411:11546943): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593575.411:11546943): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593575.411:11546943): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593575.411:11546943): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593575.411:11546943): arch=c000003e syscall=59 success=yes exit=0 a0=76617ac47d60 a1=7660bbc48f80 a2=5669b9d93a40 a3=8 items=2 ppid=5468 pid=2861660 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593575.411:11546942): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593575.411:11546942): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593575.411:11546942): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593575.411:11546942): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48f80 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2861660 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593575.411:11546941): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593575.411:11546941): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593575.411:11546941): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593575.411:11546941): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48f80 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2861660 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593575.411:11546940): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593575.411:11546940): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593575.411:11546940): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593575.411:11546940): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48f80 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2861660 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593575.411:11546939): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593575.411:11546939): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593575.411:11546939): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593575.411:11546939): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48f80 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2861660 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593575.411:11546938): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593575.411:11546938): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593575.411:11546938): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593575.411:11546938): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48f80 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2861660 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593575.411:11546937): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593575.411:11546937): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593575.411:11546937): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593575.411:11546937): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48f80 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2861660 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593575.408:11546936): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593575.408:11546936): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593575.408:11546936): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593575.408:11546936): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593575.408:11546936): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593575.408:11546936): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593575.408:11546936): arch=c000003e syscall=59 success=yes exit=0 a0=76617ac47d60 a1=7660bbc48fc0 a2=5669b9d93a40 a3=8 items=2 ppid=5468 pid=2861659 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593575.408:11546935): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593575.408:11546935): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593575.408:11546935): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593575.408:11546935): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48fc0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2861659 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593575.408:11546934): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593575.408:11546934): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593575.408:11546934): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593575.408:11546934): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48fc0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2861659 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593575.408:11546933): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593575.408:11546933): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593575.408:11546933): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593575.408:11546933): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48fc0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2861659 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593575.408:11546932): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593575.408:11546932): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593575.408:11546932): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593575.408:11546932): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48fc0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2861659 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593575.408:11546931): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593575.408:11546931): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593575.408:11546931): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593575.408:11546931): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48fc0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2861659 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593575.407:11546930): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593575.407:11546930): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593575.407:11546930): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593575.407:11546930): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48fc0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2861659 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593575.368:11546929): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593575.368:11546929): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593575.368:11546929): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593575.368:11546929): cwd=\"/var/lib/docker/rootfs/overlayfs/62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593575.368:11546929): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593575.368:11546929): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3860 a1=c0001f7338 a2=c0001f9c40 a3=0 items=2 ppid=2861641 pid=2861651 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593575.351:11546928): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36326666313836633935353866356138376238373161616432"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593575.351:11546928): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593575.351:11546928): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593575.351:11546928): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593575.351:11546928): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process4247325947\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638/2e91e38afba778d774a6a3cd61ad67ac90e0fd3ba5e92c44a8e15b10db05d684.pid\" a14=\"62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593575.351:11546928): arch=c000003e syscall=59 success=yes exit=0 a0=c00031b2a0 a1=c000364280 a2=c000364300 a3=0 items=2 ppid=4094 pid=2861641 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593575.031:11546927): proctitle=77676574002D2D737069646572002D7100687474703A2F2F6C6F63616C686F73742F"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593575.031:11546927): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:55 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593575.031:11546927): item=0 name=\"/usr/bin/wget\" inode=8589166 dev=00:55 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593575.031:11546927): cwd=\"/\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593575.031:11546927): argc=4 a0=\"wget\" a1=\"--spider\" a2=\"-q\" a3=\"http://localhost/\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593575.031:11546927): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593575.031:11546927): arch=c000003e syscall=59 success=yes exit=0 a0=c00018cfb0 a1=c0000c7920 a2=c00013a320 a3=0 items=2 ppid=3998 pid=2861634 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593574.982:11546926): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593574.982:11546926): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593574.982:11546926): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593574.982:11546926): cwd=\"/var/lib/docker/rootfs/overlayfs/c9028647dd6e7c38e14daba47c7c457dc7968b27ced9d920b9994d3ba9399ec2\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593574.982:11546926): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593574.982:11546926): arch=c000003e syscall=59 success=yes exit=0 a0=c0001eb860 a1=c0001ef338 a2=c0001f1c40 a3=0 items=2 ppid=2861621 pid=2861631 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593574.966:11546925): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F63393032383634376464366537633338653134646162613437"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593574.966:11546925): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593574.966:11546925): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593574.966:11546925): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/c9028647dd6e7c38e14daba47c7c457dc7968b27ced9d920b9994d3ba9399ec2\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593574.966:11546925): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/c9028647dd6e7c38e14daba47c7c457dc7968b27ced9d920b9994d3ba9399ec2/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process872809209\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/c9028647dd6e7c38e14daba47c7c457dc7968b27ced9d920b9994d3ba9399ec2/3a14909b5d840c129bc1c6231c047228fabf452eb9877834616e15c294fcb560.pid\" a14=\"c9028647dd6e7c38e14daba47c7c457dc7968b27ced9d920b9994d3ba9399ec2\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593574.966:11546925): arch=c000003e syscall=59 success=yes exit=0 a0=c0001cfae0 a1=c00017f300 a2=c00017f380 a3=0 items=2 ppid=3998 pid=2861621 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593574.878:11546924): proctitle=77676574002D2D737069646572002D7100687474703A2F2F3132372E302E302E313A383333332F6865616C74687A"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593574.878:11546924): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:34 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593574.878:11546924): item=0 name=\"/usr/bin/wget\" inode=3454556 dev=00:34 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593574.878:11546924): cwd=\"/data\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593574.878:11546924): argc=4 a0=\"wget\" a1=\"--spider\" a2=\"-q\" a3=\"http://127.0.0.1:8333/healthz\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593574.878:11546924): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593574.878:11546924): arch=c000003e syscall=59 success=yes exit=0 a0=7c25da130408 a1=7c25da1303b0 a2=7c25da1303d8 a3=8080808080808080 items=2 ppid=2861614 pid=2861620 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593574.875:11546923): proctitle=2F62696E2F7368002D630077676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A383333332F6865616C74687A207C7C20657869742031"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593574.875:11546923): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:34 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593574.875:11546923): item=0 name=\"/bin/sh\" inode=3454556 dev=00:34 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593574.875:11546923): cwd=\"/data\""}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593574.875:11546923): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=77676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A383333332F6865616C74687A207C7C20657869742031"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593574.875:11546923): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:35Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593574.875:11546923): arch=c000003e syscall=59 success=yes exit=0 a0=c000196f68 a1=c000022680 a2=c0000226a0 a3=0 items=2 ppid=2861602 pid=2861614 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593574.824:11546922): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593574.824:11546922): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593574.824:11546922): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593574.824:11546922): cwd=\"/var/lib/docker/rootfs/overlayfs/38a784eb49e8778635b8fa1d44a04c342675dfae8a3a09d66ba486cc6e08b7bb\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593574.824:11546922): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593574.824:11546922): arch=c000003e syscall=59 success=yes exit=0 a0=c000292010 a1=c000298000 a2=c00029a000 a3=0 items=2 ppid=2861602 pid=2861612 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593574.802:11546921): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F33386137383465623439653837373836333562386661316434"}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593574.802:11546921): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593574.802:11546921): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593574.802:11546921): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/38a784eb49e8778635b8fa1d44a04c342675dfae8a3a09d66ba486cc6e08b7bb\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593574.802:11546921): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/38a784eb49e8778635b8fa1d44a04c342675dfae8a3a09d66ba486cc6e08b7bb/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2045170416\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/38a784eb49e8778635b8fa1d44a04c342675dfae8a3a09d66ba486cc6e08b7bb/a5f445cf1ec8a3cc47c643465f053bdf8d6fdb22cc1214ccf2f58bc5d579c7df.pid\" a14=\"38a784eb49e8778635b8fa1d44a04c342675dfae8a3a09d66ba486cc6e08b7bb\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593574.802:11546921): arch=c000003e syscall=59 success=yes exit=0 a0=c000260810 a1=c000199680 a2=c0000a0180 a3=0 items=2 ppid=2395 pid=2861602 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593574.262:11546920): proctitle=77676574002D2D737069646572002D7100687474703A2F2F3132372E302E302E313A383838382F"}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593574.262:11546920): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:35 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593574.262:11546920): item=0 name=\"/usr/bin/wget\" inode=3454556 dev=00:35 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593574.262:11546920): cwd=\"/data\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593574.262:11546920): argc=4 a0=\"wget\" a1=\"--spider\" a2=\"-q\" a3=\"http://127.0.0.1:8888/\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593574.262:11546920): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593574.262:11546920): arch=c000003e syscall=59 success=yes exit=0 a0=749c6cdbb400 a1=749c6cdbb3a8 a2=749c6cdbb3d0 a3=8080808080808080 items=2 ppid=2861594 pid=2861600 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593574.258:11546919): proctitle=2F62696E2F7368002D630077676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A383838382F207C7C20657869742031"}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593574.258:11546919): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:35 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593574.258:11546919): item=0 name=\"/bin/sh\" inode=3454556 dev=00:35 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593574.258:11546919): cwd=\"/data\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593574.258:11546919): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=77676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A383838382F207C7C20657869742031"}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593574.258:11546919): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593574.258:11546919): arch=c000003e syscall=59 success=yes exit=0 a0=c000196f58 a1=c000022680 a2=c0000226a0 a3=0 items=2 ppid=2592 pid=2861594 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593574.215:11546918): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593574.215:11546918): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593574.215:11546918): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593574.215:11546918): cwd=\"/var/lib/docker/rootfs/overlayfs/c48103391501718c1e33efc112f009053e72dcf4e7593e8a482be8a6e48d9c87\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593574.215:11546918): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593574.215:11546918): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b820 a1=c00017f338 a2=c000181c00 a3=0 items=2 ppid=2861582 pid=2861591 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593574.202:11546917): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F63343831303333393135303137313863316533336566633131"}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593574.202:11546917): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593574.202:11546917): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593574.202:11546917): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/c48103391501718c1e33efc112f009053e72dcf4e7593e8a482be8a6e48d9c87\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593574.202:11546917): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/c48103391501718c1e33efc112f009053e72dcf4e7593e8a482be8a6e48d9c87/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1578644393\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/c48103391501718c1e33efc112f009053e72dcf4e7593e8a482be8a6e48d9c87/b17d64b37eadc3fa28c4aa65a30bba4944b01526e77b539526827988ab9b573b.pid\" a14=\"c48103391501718c1e33efc112f009053e72dcf4e7593e8a482be8a6e48d9c87\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593574.202:11546917): arch=c000003e syscall=59 success=yes exit=0 a0=c00014f670 a1=c00037ef00 a2=c00037ef80 a3=0 items=2 ppid=2592 pid=2861582 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593574.157:11546916): proctitle=77676574002D2D737069646572002D7100687474703A2F2F3132372E302E302E313A393333332F636C75737465722F737461747573"}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593574.157:11546916): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:33 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593574.157:11546916): item=0 name=\"/usr/bin/wget\" inode=3454556 dev=00:33 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593574.157:11546916): cwd=\"/data\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593574.157:11546916): argc=4 a0=\"wget\" a1=\"--spider\" a2=\"-q\" a3=\"http://127.0.0.1:9333/cluster/status\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593574.157:11546916): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593574.157:11546916): arch=c000003e syscall=59 success=yes exit=0 a0=787cc685f420 a1=787cc685f3c8 a2=787cc685f3f0 a3=8080808080808080 items=2 ppid=2861575 pid=2861581 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593574.153:11546915): proctitle=2F62696E2F7368002D630077676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A393333332F636C75737465722F737461747573207C7C20657869742031"}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593574.153:11546915): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:33 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593574.153:11546915): item=0 name=\"/bin/sh\" inode=3454556 dev=00:33 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593574.153:11546915): cwd=\"/data\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593574.153:11546915): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=77676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A393333332F636C75737465722F737461747573207C7C20657869742031"}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593574.153:11546915): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593574.153:11546915): arch=c000003e syscall=59 success=yes exit=0 a0=c000198f58 a1=c000022680 a2=c0000226a0 a3=0 items=2 ppid=2861563 pid=2861575 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593574.108:11546914): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593574.108:11546914): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593574.108:11546914): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593574.108:11546914): cwd=\"/var/lib/docker/rootfs/overlayfs/9612e9a9cd05b29cb2ee3eccae08eb37ef3d57af2d60123bf141f27ea9c04205\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593574.108:11546914): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593574.108:11546914): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b820 a1=c00017f338 a2=c000201c00 a3=0 items=2 ppid=2861563 pid=2861572 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593574.094:11546913): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F39363132653961396364303562323963623265653365636361"}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593574.094:11546913): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593574.094:11546913): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593574.094:11546913): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/9612e9a9cd05b29cb2ee3eccae08eb37ef3d57af2d60123bf141f27ea9c04205\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593574.094:11546913): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/9612e9a9cd05b29cb2ee3eccae08eb37ef3d57af2d60123bf141f27ea9c04205/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1134852960\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/9612e9a9cd05b29cb2ee3eccae08eb37ef3d57af2d60123bf141f27ea9c04205/e18bf7b6dcda5a2c01641eff567c5d182eb8657d45b2be2ca665956d7dadfa7b.pid\" a14=\"9612e9a9cd05b29cb2ee3eccae08eb37ef3d57af2d60123bf141f27ea9c04205\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593574.094:11546913): arch=c000003e syscall=59 success=yes exit=0 a0=c000330190 a1=c00017ec00 a2=c00017ec80 a3=0 items=2 ppid=2304 pid=2861563 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593573.925:11546912): proctitle=6D617269616462002D2D64656661756C74732D65787472612D66696C653D2F7661722F6C69622F6D7973716C2F2E6D792D6865616C7468636865636B2E636E66002D2D70726F746F636F6C00736F636B6574002D42002D2D736B69702D636F6C756D6E2D6E616D6573002D650073656C65637420312066726F6D20696E666F72"}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593573.925:11546912): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593573.925:11546912): item=0 name=\"/usr/bin/mariadb\" inode=7117817 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593573.925:11546912): cwd=\"/\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593573.925:11546912): argc=8 a0=\"mariadb\" a1=\"--defaults-extra-file=/var/lib/mysql/.my-healthcheck.cnf\" a2=\"--protocol\" a3=\"socket\" a4=\"-B\" a5=\"--skip-column-names\" a6=\"-e\" a7=73656C65637420312066726F6D20696E666F726D6174696F6E5F736368656D612E454E47494E455320574845524520656E67696E653D27696E6E6F64622720414E4420737570706F727420696E202827594553272C202744454641554C54272C2027454E41424C45442729"}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593573.925:11546912): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593573.925:11546912): arch=c000003e syscall=59 success=yes exit=0 a0=6037ac167990 a1=6037ac1899c0 a2=6037ac168860 a3=8 items=2 ppid=2861553 pid=2861561 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"mariadb\" exe=\"/usr/bin/mariadb\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593573.912:11546911): proctitle=6D617269616462002D2D64656661756C74732D65787472612D66696C653D2F7661722F6C69622F6D7973716C2F2E6D792D6865616C7468636865636B2E636E66002D2D70726F746F636F6C00736F636B6574002D42002D2D736B69702D636F6C756D6E2D6E616D6573002D650073656C656374204040736B69705F6E6574776F"}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593573.912:11546911): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593573.912:11546911): item=0 name=\"/usr/bin/mariadb\" inode=7117817 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593573.912:11546911): cwd=\"/\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593573.912:11546911): argc=8 a0=\"mariadb\" a1=\"--defaults-extra-file=/var/lib/mysql/.my-healthcheck.cnf\" a2=\"--protocol\" a3=\"socket\" a4=\"-B\" a5=\"--skip-column-names\" a6=\"-e\" a7=73656C656374204040736B69705F6E6574776F726B696E67"}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593573.912:11546911): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593573.912:11546911): arch=c000003e syscall=59 success=yes exit=0 a0=6037ac167fe0 a1=6037ac189810 a2=6037ac1684a0 a3=8 items=2 ppid=2861553 pid=2861560 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"mariadb\" exe=\"/usr/bin/mariadb\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593573.904:11546910): proctitle=2F62696E2F62617368002F7573722F6C6F63616C2F62696E2F6865616C7468636865636B2E7368002D2D636F6E6E656374002D2D696E6E6F64625F696E697469616C697A6564"}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593573.904:11546910): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593573.904:11546910): item=1 name=\"/bin/bash\" inode=6963796 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593573.904:11546910): item=0 name=\"/usr/local/bin/healthcheck.sh\" inode=7348502 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593573.904:11546910): cwd=\"/\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593573.904:11546910): argc=4 a0=\"/bin/bash\" a1=\"/usr/local/bin/healthcheck.sh\" a2=\"--connect\" a3=\"--innodb_initialized\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593573.904:11546910): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593573.904:11546910): arch=c000003e syscall=59 success=yes exit=0 a0=c000028760 a1=c000022660 a2=c0000de320 a3=0 items=3 ppid=4475 pid=2861553 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"healthcheck.sh\" exe=\"/usr/bin/bash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593573.865:11546909): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593573.865:11546909): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593573.865:11546909): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593573.865:11546909): cwd=\"/var/lib/docker/rootfs/overlayfs/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593573.865:11546909): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:34Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593573.865:11546909): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b840 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=2861541 pid=2861550 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593573.850:11546908): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F37656465303139653363623065383839303138636162386266"}
{"ts": "2026-04-30T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593573.850:11546908): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593573.850:11546908): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593573.850:11546908): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-04-30T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593573.850:11546908): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1832262577\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7/f390a81ec3c143f92f318d683face74906a5403f0f324afcf496cce7b67f1c09.pid\" a14=\"7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-04-30T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593573.850:11546908): arch=c000003e syscall=59 success=yes exit=0 a0=c0003b26d0 a1=c000266180 a2=c000266200 a3=0 items=2 ppid=4475 pid=2861541 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593573.229:11546907): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593573.229:11546907): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593573.229:11546907): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593573.229:11546907): cwd=\"/var/lib/docker/rootfs/overlayfs/b539c3db94427db38e2f205e13ee104b50afa8ebe28e8de6717563f9b880c08e\""}
{"ts": "2026-04-30T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593573.229:11546907): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593573.229:11546907): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b810 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=2861520 pid=2861530 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593573.214:11546906): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F62353339633364623934343237646233386532663230356531"}
{"ts": "2026-04-30T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593573.214:11546906): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593573.214:11546906): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593573.214:11546906): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/b539c3db94427db38e2f205e13ee104b50afa8ebe28e8de6717563f9b880c08e\""}
{"ts": "2026-04-30T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593573.214:11546906): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/b539c3db94427db38e2f205e13ee104b50afa8ebe28e8de6717563f9b880c08e/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1434159085\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/b539c3db94427db38e2f205e13ee104b50afa8ebe28e8de6717563f9b880c08e/a36b4abb8633b00278d09fab75fe972fba6ead6657060ddf5effd22766901112.pid\" a14=\"b539c3db94427db38e2f205e13ee104b50afa8ebe28e8de6717563f9b880c08e\""}
{"ts": "2026-04-30T23:59:33Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593573.214:11546906): arch=c000003e syscall=59 success=yes exit=0 a0=c00022b420 a1=c0000e8100 a2=c0000e8180 a3=0 items=2 ppid=3764 pid=2861520 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593572.445:11546905): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593572.445:11546905): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593572.445:11546905): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593572.445:11546905): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593572.445:11546905): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593572.445:11546905): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593572.445:11546905): arch=c000003e syscall=59 success=yes exit=0 a0=75e2ac12cd60 a1=75e246587040 a2=6265ad214650 a3=8 items=2 ppid=5407 pid=2861516 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593572.445:11546904): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593572.445:11546904): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593572.445:11546904): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593572.445:11546904): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246587040 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2861516 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593572.444:11546903): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593572.444:11546903): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593572.444:11546903): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593572.444:11546903): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246587040 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2861516 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593572.444:11546902): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593572.444:11546902): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593572.444:11546902): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593572.444:11546902): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246587040 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2861516 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593572.444:11546901): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593572.444:11546901): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593572.444:11546901): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593572.444:11546901): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246587040 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2861516 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593572.444:11546900): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593572.444:11546900): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593572.444:11546900): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593572.444:11546900): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246587040 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2861516 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593572.444:11546899): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593572.444:11546899): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593572.444:11546899): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593572.444:11546899): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246587040 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2861516 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593572.441:11546898): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593572.441:11546898): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593572.441:11546898): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593572.441:11546898): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593572.441:11546898): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593572.441:11546898): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593572.441:11546898): arch=c000003e syscall=59 success=yes exit=0 a0=75e2ac12cd60 a1=75e246000780 a2=6265ad214650 a3=8 items=2 ppid=5407 pid=2861515 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593572.441:11546897): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593572.441:11546897): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593572.441:11546897): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593572.441:11546897): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246000780 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2861515 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593572.441:11546896): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593572.441:11546896): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593572.441:11546896): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593572.441:11546896): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246000780 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2861515 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593572.441:11546895): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593572.441:11546895): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593572.441:11546895): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593572.441:11546895): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246000780 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2861515 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593572.441:11546894): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593572.441:11546894): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593572.441:11546894): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593572.441:11546894): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246000780 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2861515 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593572.441:11546893): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593572.441:11546893): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593572.441:11546893): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593572.441:11546893): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246000780 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2861515 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593572.441:11546892): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593572.441:11546892): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593572.441:11546892): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593572.441:11546892): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246000780 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2861515 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593572.438:11546891): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593572.438:11546891): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593572.438:11546891): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593572.438:11546891): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593572.438:11546891): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593572.438:11546891): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593572.438:11546891): arch=c000003e syscall=59 success=yes exit=0 a0=75e2ac12cd60 a1=75e246000660 a2=6265ad214650 a3=8 items=2 ppid=5407 pid=2861514 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593572.438:11546890): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593572.438:11546890): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593572.438:11546890): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593572.438:11546890): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246000660 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2861514 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593572.438:11546889): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593572.438:11546889): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593572.438:11546889): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593572.438:11546889): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246000660 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2861514 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593572.438:11546888): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593572.438:11546888): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593572.438:11546888): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593572.438:11546888): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246000660 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2861514 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593572.438:11546887): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593572.438:11546887): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593572.438:11546887): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593572.438:11546887): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246000660 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2861514 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593572.438:11546886): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593572.438:11546886): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593572.438:11546886): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593572.438:11546886): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246000660 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2861514 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593572.438:11546885): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593572.438:11546885): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593572.438:11546885): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593572.438:11546885): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246000660 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2861514 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593572.409:11546884): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593572.409:11546884): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6694357 dev=00:4b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593572.409:11546884): item=0 name=\"/usr/local/bin/redis-cli\" inode=6703632 dev=00:4b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593572.409:11546884): cwd=\"/data\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593572.409:11546884): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593572.407:11546883): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593572.409:11546884): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593572.407:11546883): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6694357 dev=00:4a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593572.409:11546884): arch=c000003e syscall=59 success=yes exit=0 a0=c0000289a0 a1=c0000d1350 a2=c0000d91c0 a3=0 items=2 ppid=2861475 pid=2861501 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593572.407:11546883): item=0 name=\"/usr/local/bin/redis-cli\" inode=6703632 dev=00:4a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593572.407:11546883): cwd=\"/data\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593572.407:11546883): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593572.407:11546883): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593572.407:11546883): arch=c000003e syscall=59 success=yes exit=0 a0=c000028760 a1=c00009f350 a2=c0001651c0 a3=0 items=2 ppid=3571 pid=2861504 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593572.355:11546882): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593572.355:11546882): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593572.355:11546882): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:173 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593572.355:11546882): cwd=\"/var/lib/docker/rootfs/overlayfs/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593572.355:11546882): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593572.355:11546882): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b830 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=2861476 pid=2861498 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593572.350:11546881): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593572.350:11546881): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593572.350:11546881): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593572.350:11546881): cwd=\"/var/lib/docker/rootfs/overlayfs/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593572.350:11546881): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593572.350:11546881): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b830 a1=c00017f338 a2=c000181c00 a3=0 items=2 ppid=2861475 pid=2861492 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593572.339:11546880): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F34636330343638363065393965643463653631636334663763"}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593572.339:11546880): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593572.339:11546880): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593572.339:11546880): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593572.339:11546880): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2920679326\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d/7341b7290c1c514fecd09f5e3efafebf9e8a72a700e1a7d3eed3a1492cd61a9b.pid\" a14=\"4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593572.339:11546880): arch=c000003e syscall=59 success=yes exit=0 a0=c0003b3ea0 a1=c0003e4a00 a2=c0003e4a80 a3=0 items=2 ppid=3571 pid=2861476 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593572.335:11546879): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F30613638333732643666643238323031363834626539383237"}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593572.335:11546879): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593572.335:11546879): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593572.335:11546879): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593572.335:11546879): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process198493711\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748/e1b0df2715ac8c4bb6bdd5e3304a306a2065c05fb1de842dd411819f98f24da2.pid\" a14=\"0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593572.335:11546879): arch=c000003e syscall=59 success=yes exit=0 a0=c0003b08d0 a1=c0002bcd00 a2=c0002bcd80 a3=0 items=2 ppid=2638 pid=2861475 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593571.699:11546878): proctitle=2F62696E2F7368002D630070675F69737265616479202D552077696E646D696C6C5F75736572202D642077696E646D696C6C5F6462"}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593571.699:11546878): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:53 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593571.699:11546878): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:53 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593571.699:11546878): cwd=\"/\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593571.699:11546878): argc=5 a0=\"pg_isready\" a1=\"-U\" a2=\"windmill_user\" a3=\"-d\" a4=\"windmill_db\""}
{"ts": "2026-04-30T23:59:32Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593571.699:11546878): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593571.699:11546878): arch=c000003e syscall=59 success=yes exit=0 a0=73ca4082b3f8 a1=73ca4082b290 a2=73ca4082b378 a3=0 items=2 ppid=3688 pid=2861465 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593571.696:11546877): proctitle=2F62696E2F7368002D630070675F69737265616479202D552077696E646D696C6C5F75736572202D642077696E646D696C6C5F6462"}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593571.696:11546877): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:53 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593571.696:11546877): item=0 name=\"/bin/sh\" inode=8589166 dev=00:53 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593571.696:11546877): cwd=\"/\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593571.696:11546877): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552077696E646D696C6C5F75736572202D642077696E646D696C6C5F6462"}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593571.696:11546877): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593571.696:11546877): arch=c000003e syscall=59 success=yes exit=0 a0=c0001a8f68 a1=c000022680 a2=c0001508c0 a3=0 items=2 ppid=2861451 pid=2861465 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593571.664:11546876): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520617065785F75736572202D6420617065785F6462"}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593571.664:11546876): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:69 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593571.664:11546876): item=0 name=\"/usr/local/bin/pg_isready\" inode=6091069 dev=00:69 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593571.664:11546876): cwd=\"/\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593571.664:11546876): argc=5 a0=\"pg_isready\" a1=\"-U\" a2=\"apex_user\" a3=\"-d\" a4=\"apex_db\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593571.664:11546876): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593571.664:11546876): arch=c000003e syscall=59 success=yes exit=0 a0=7f1c37d6b3f8 a1=7f1c37d6b278 a2=7f1c37d6b378 a3=0 items=2 ppid=3652 pid=2861440 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593571.661:11546875): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520617065785F75736572202D6420617065785F6462"}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593571.661:11546875): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:69 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593571.661:11546875): item=0 name=\"/bin/sh\" inode=3454556 dev=00:69 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593571.661:11546875): cwd=\"/\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593571.661:11546875): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520617065785F75736572202D6420617065785F6462"}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593571.661:11546875): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593571.661:11546875): arch=c000003e syscall=59 success=yes exit=0 a0=c000194f68 a1=c000022680 a2=c0000d88c0 a3=0 items=2 ppid=3652 pid=2861440 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593571.646:11546874): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593571.646:11546874): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593571.646:11546874): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:19f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593571.646:11546874): cwd=\"/var/lib/docker/rootfs/overlayfs/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593571.646:11546874): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593571.646:11546874): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5890 a1=c0001c9350 a2=c0001cbc40 a3=0 items=2 ppid=2861451 pid=2861461 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593571.624:11546873): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F32613336356335636263646565393463656638656238333338"}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593571.624:11546873): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593571.624:11546873): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593571.624:11546873): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593571.624:11546873): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1149217269\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c/ef68be5e9b1e0d68f2e33919abe0239cf2abcbd5bf10e3a7958f8aa16bddb8ba.pid\" a14=\"2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593571.624:11546873): arch=c000003e syscall=59 success=yes exit=0 a0=c0003ae660 a1=c00034c300 a2=c00034c380 a3=0 items=2 ppid=3688 pid=2861451 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593571.605:11546872): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593571.605:11546872): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593571.605:11546872): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:173 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593571.605:11546872): cwd=\"/var/lib/docker/rootfs/overlayfs/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593571.605:11546872): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593571.605:11546872): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5890 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=2861412 pid=2861434 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593571.601:11546871): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593571.601:11546871): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593571.601:11546871): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593571.601:11546871): cwd=\"/var/lib/docker/rootfs/overlayfs/d8657209894f56f3640212d72fbd7b3cd015708249d96b584cbbea09abc6e165\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593571.601:11546871): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593571.601:11546871): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b820 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=2861411 pid=2861427 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593571.589:11546870): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F63316638663937643533353936653936373532306466353366"}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593571.589:11546870): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593571.589:11546870): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593571.589:11546870): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593571.589:11546870): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process924311782\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83/335721200e3f640460dbb0445178f4ace2bfd304d8131d747bae54e36bb655a9.pid\" a14=\"c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593571.589:11546870): arch=c000003e syscall=59 success=yes exit=0 a0=c000011d90 a1=c000208680 a2=c000208b00 a3=0 items=2 ppid=3652 pid=2861412 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593571.585:11546869): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F64383635373230393839346635366633363430323132643732"}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593571.585:11546869): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593571.585:11546869): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593571.585:11546869): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/d8657209894f56f3640212d72fbd7b3cd015708249d96b584cbbea09abc6e165\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593571.585:11546869): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/d8657209894f56f3640212d72fbd7b3cd015708249d96b584cbbea09abc6e165/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3703247571\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/d8657209894f56f3640212d72fbd7b3cd015708249d96b584cbbea09abc6e165/2d9cd96c77eec364c0b771a119c4657e7a38f4cac697f89ebabc993bf3d2756e.pid\" a14=\"d8657209894f56f3640212d72fbd7b3cd015708249d96b584cbbea09abc6e165\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593571.585:11546869): arch=c000003e syscall=59 success=yes exit=0 a0=c000238460 a1=c0002aa700 a2=c0002aa780 a3=0 items=2 ppid=4279 pid=2861411 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593571.582:11546868): proctitle=2F62696E2F7368002D630070675F69737265616479202D552074797065626F74"}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593571.582:11546868): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:51 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593571.582:11546868): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:51 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593571.582:11546868): cwd=\"/\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593571.582:11546868): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"typebot\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593571.582:11546868): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593571.582:11546868): arch=c000003e syscall=59 success=yes exit=0 a0=7d479ebb6278 a1=7d479ebb61d8 a2=7d479ebb61f8 a3=8080808080808080 items=2 ppid=3558 pid=2861405 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593571.578:11546867): proctitle=2F62696E2F7368002D630070675F69737265616479202D552074797065626F74"}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593571.578:11546867): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:51 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593571.578:11546867): item=0 name=\"/bin/sh\" inode=8589166 dev=00:51 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593571.578:11546867): cwd=\"/\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593571.578:11546867): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552074797065626F74"}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593571.578:11546867): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593571.578:11546867): arch=c000003e syscall=59 success=yes exit=0 a0=c00018af38 a1=c000022ac0 a2=c0001348c0 a3=0 items=2 ppid=2861393 pid=2861405 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593571.527:11546866): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593571.527:11546866): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593571.527:11546866): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593571.527:11546866): cwd=\"/var/lib/docker/rootfs/overlayfs/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593571.527:11546866): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593571.527:11546866): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5890 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=2861393 pid=2861403 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593571.512:11546865): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F61353866643439636235323962633263336335663434343763"}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593571.512:11546865): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593571.512:11546865): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593571.512:11546865): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593571.512:11546865): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process251622206\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b/61959abeec71305d3856a924d65605e98ddd3df3c8d13bed53ce5b1c40986e68.pid\" a14=\"a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593571.512:11546865): arch=c000003e syscall=59 success=yes exit=0 a0=c0004281a0 a1=c000488080 a2=c000488180 a3=0 items=2 ppid=3558 pid=2861393 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593571.467:11546864): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520646F63757365616C"}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593571.467:11546864): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:54 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593571.467:11546864): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:54 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593571.467:11546864): cwd=\"/\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593571.467:11546864): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"docuseal\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593571.467:11546864): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593571.467:11546864): arch=c000003e syscall=59 success=yes exit=0 a0=7ba7db21b288 a1=7ba7db21b1e8 a2=7ba7db21b208 a3=0 items=2 ppid=3223 pid=2861386 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593571.465:11546863): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520646F63757365616C"}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593571.465:11546863): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:54 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593571.465:11546863): item=0 name=\"/bin/sh\" inode=8589166 dev=00:54 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593571.465:11546863): cwd=\"/\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593571.465:11546863): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520646F63757365616C"}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593571.465:11546863): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593571.465:11546863): arch=c000003e syscall=59 success=yes exit=0 a0=c000194f68 a1=c000022680 a2=c0000d88c0 a3=0 items=2 ppid=2861374 pid=2861386 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593571.415:11546862): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593571.415:11546862): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593571.415:11546862): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593571.415:11546862): cwd=\"/var/lib/docker/rootfs/overlayfs/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593571.415:11546862): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593571.415:11546862): arch=c000003e syscall=59 success=yes exit=0 a0=c00017d840 a1=c000181338 a2=c000183c40 a3=0 items=2 ppid=2861374 pid=2861384 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593571.400:11546861): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F33363066643730616536656237636435653039353463653966"}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593571.400:11546861): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593571.400:11546861): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593571.400:11546861): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593571.400:11546861): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1116825280\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a/130f0df3f6cb594988504e1a378d3f6a106d7fb42cd1c48b2f818f9fa6c308b0.pid\" a14=\"360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593571.400:11546861): arch=c000003e syscall=59 success=yes exit=0 a0=c00031fc40 a1=c00027ec00 a2=c00027ec80 a3=0 items=2 ppid=3223 pid=2861374 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593571.362:11546860): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593571.362:11546860): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=5809101 dev=00:5b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593571.362:11546860): item=0 name=\"/usr/local/bin/redis-cli\" inode=928088 dev=00:5b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593571.362:11546860): cwd=\"/data\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593571.362:11546860): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593571.362:11546860): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593571.362:11546860): arch=c000003e syscall=59 success=yes exit=0 a0=c000028760 a1=c00009f350 a2=c0001671c0 a3=0 items=2 ppid=2861355 pid=2861367 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593571.318:11546859): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593571.318:11546859): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593571.318:11546859): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593571.318:11546859): cwd=\"/var/lib/docker/rootfs/overlayfs/7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593571.318:11546859): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593571.318:11546859): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b830 a1=c00017f338 a2=c000181c00 a3=0 items=2 ppid=2861355 pid=2861365 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593571.304:11546858): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F37653133646436663732366137623537636331343730633130"}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593571.304:11546858): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593571.304:11546858): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593571.304:11546858): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593571.304:11546858): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3080409178\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc/711918bf75a35abbb2dee4e25c12e5501e466393c4a4ad04e91d2305dff64122.pid\" a14=\"7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc\""}
{"ts": "2026-04-30T23:59:31Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593571.304:11546858): arch=c000003e syscall=59 success=yes exit=0 a0=c000406790 a1=c0003e0580 a2=c0003e0600 a3=0 items=2 ppid=3759 pid=2861355 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593570.811:11546857): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593570.811:11546857): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593570.811:11546857): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593570.811:11546857): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593570.811:11546857): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593570.811:11546857): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593570.811:11546857): arch=c000003e syscall=59 success=yes exit=0 a0=7faf8d900d60 a1=7faeb7a1e2c0 a2=634a8a009a40 a3=8 items=2 ppid=5417 pid=2861352 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593570.811:11546856): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593570.811:11546856): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593570.811:11546856): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593570.811:11546856): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeb7a1e2c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2861352 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593570.811:11546855): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593570.811:11546855): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593570.811:11546855): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593570.811:11546855): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeb7a1e2c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2861352 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593570.811:11546854): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593570.811:11546854): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593570.811:11546854): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593570.811:11546854): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeb7a1e2c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2861352 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593570.811:11546853): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593570.811:11546853): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593570.811:11546853): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593570.811:11546853): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeb7a1e2c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2861352 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593570.811:11546852): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593570.811:11546852): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593570.811:11546852): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593570.811:11546852): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeb7a1e2c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2861352 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593570.810:11546851): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593570.810:11546851): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593570.810:11546851): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593570.810:11546851): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeb7a1e2c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2861352 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593570.807:11546850): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593570.807:11546850): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593570.807:11546850): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593570.807:11546850): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593570.807:11546850): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593570.807:11546850): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593570.807:11546850): arch=c000003e syscall=59 success=yes exit=0 a0=7faf8d900d60 a1=7faeecc35c80 a2=634a8a009a40 a3=8 items=2 ppid=5417 pid=2861351 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593570.807:11546849): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593570.807:11546849): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593570.807:11546849): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593570.807:11546849): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeecc35c80 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2861351 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593570.807:11546848): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593570.807:11546848): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593570.807:11546848): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593570.807:11546848): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeecc35c80 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2861351 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593570.807:11546847): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593570.807:11546847): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593570.807:11546847): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593570.807:11546847): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeecc35c80 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2861351 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593570.807:11546846): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593570.807:11546846): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593570.807:11546846): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593570.807:11546846): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeecc35c80 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2861351 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593570.807:11546845): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593570.807:11546845): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593570.807:11546845): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593570.807:11546845): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeecc35c80 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2861351 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593570.807:11546844): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593570.807:11546844): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593570.807:11546844): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593570.807:11546844): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeecc35c80 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2861351 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593570.802:11546843): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593570.802:11546843): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593570.802:11546843): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593570.802:11546843): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593570.802:11546843): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593570.802:11546843): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593570.802:11546843): arch=c000003e syscall=59 success=yes exit=0 a0=7faf8d900d60 a1=7faeecc024c0 a2=634a8a009a40 a3=8 items=2 ppid=5417 pid=2861350 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593570.802:11546842): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593570.802:11546842): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593570.802:11546842): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593570.802:11546842): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeecc024c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2861350 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593570.802:11546841): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593570.802:11546841): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593570.802:11546841): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593570.802:11546841): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeecc024c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2861350 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593570.802:11546840): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593570.802:11546840): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593570.802:11546840): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593570.802:11546840): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeecc024c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2861350 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593570.802:11546839): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593570.802:11546839): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593570.802:11546839): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593570.802:11546839): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeecc024c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2861350 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593570.802:11546838): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593570.802:11546838): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593570.802:11546838): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593570.802:11546838): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeecc024c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2861350 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593570.802:11546837): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593570.802:11546837): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593570.802:11546837): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593570.802:11546837): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeecc024c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2861350 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593570.109:11546836): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593570.109:11546836): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:4f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593570.109:11546836): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:4f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593570.109:11546836): cwd=\"/\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593570.109:11546836): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"postgres\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593570.109:11546836): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593570.109:11546836): arch=c000003e syscall=59 success=yes exit=0 a0=77b20c985288 a1=77b20c9851e8 a2=77b20c985208 a3=0 items=2 ppid=3630 pid=2861342 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593570.106:11546835): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593570.106:11546835): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:4f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593570.106:11546835): item=0 name=\"/bin/sh\" inode=8589166 dev=00:4f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593570.106:11546835): cwd=\"/\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593570.106:11546835): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593570.106:11546835): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593570.106:11546835): arch=c000003e syscall=59 success=yes exit=0 a0=c00018cf48 a1=c000022ac0 a2=c0001348c0 a3=0 items=2 ppid=2861330 pid=2861342 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593570.061:11546834): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593570.061:11546834): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593570.061:11546834): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593570.061:11546834): cwd=\"/var/lib/docker/rootfs/overlayfs/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593570.061:11546834): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593570.061:11546834): arch=c000003e syscall=59 success=yes exit=0 a0=c0002578a0 a1=c00025b350 a2=c00025dc40 a3=0 items=2 ppid=2861330 pid=2861339 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593570.045:11546833): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36373039376639343730643235616536323333306332373865"}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593570.045:11546833): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593570.045:11546833): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593570.045:11546833): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593570.045:11546833): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1121708128\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41/ef38ed69c9e8eec58e2b7d43ed00efe21a4c6dc5a29884ba51c0150b5b75b693.pid\" a14=\"67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41\""}
{"ts": "2026-04-30T23:59:30Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593570.045:11546833): arch=c000003e syscall=59 success=yes exit=0 a0=c00025da20 a1=c0002bdd80 a2=c0002bde80 a3=0 items=2 ppid=3630 pid=2861330 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593569.672:11546832): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593569.672:11546832): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6694357 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593569.672:11546832): item=0 name=\"/usr/local/bin/redis-cli\" inode=6703632 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593569.672:11546832): cwd=\"/data\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593569.672:11546832): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593569.672:11546832): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593569.672:11546832): arch=c000003e syscall=59 success=yes exit=0 a0=c0000289a0 a1=c0000d3350 a2=c0000db1c0 a3=0 items=2 ppid=2861311 pid=2861323 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593569.621:11546831): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593569.621:11546831): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593569.621:11546831): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593569.621:11546831): cwd=\"/var/lib/docker/rootfs/overlayfs/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593569.621:11546831): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593569.621:11546831): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3830 a1=c0001f7338 a2=c0001f9c00 a3=0 items=2 ppid=2861311 pid=2861321 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593569.605:11546830): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F34383062353761303034306362373564646534356436663664"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593569.605:11546830): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593569.605:11546830): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593569.605:11546830): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593569.605:11546830): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process4048540220\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af/6f39061673b5fc62bf0d46439c0ef10d4b2869f31c33dccedc6d88aa900ce722.pid\" a14=\"480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593569.605:11546830): arch=c000003e syscall=59 success=yes exit=0 a0=c000011a80 a1=c00017e600 a2=c00017e680 a3=0 items=2 ppid=2767 pid=2861311 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593569.397:11546829): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593569.397:11546829): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593569.397:11546829): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593569.397:11546829): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593569.397:11546829): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593569.397:11546829): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593569.397:11546829): arch=c000003e syscall=59 success=yes exit=0 a0=76617ac47d60 a1=7660c025dfc0 a2=5669b9d93a40 a3=8 items=2 ppid=5468 pid=2861310 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593569.397:11546828): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593569.397:11546828): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593569.397:11546828): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593569.397:11546828): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660c025dfc0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2861310 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593569.397:11546827): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593569.397:11546827): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593569.397:11546827): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593569.397:11546827): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660c025dfc0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2861310 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593569.397:11546826): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593569.397:11546826): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593569.397:11546826): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593569.397:11546826): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660c025dfc0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2861310 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593569.397:11546825): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593569.397:11546825): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593569.397:11546825): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593569.397:11546825): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660c025dfc0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2861310 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593569.397:11546824): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593569.397:11546824): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593569.397:11546824): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593569.397:11546824): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660c025dfc0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2861310 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593569.397:11546823): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593569.397:11546823): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593569.397:11546823): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593569.397:11546823): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660c025dfc0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2861310 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593569.394:11546822): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593569.394:11546822): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593569.394:11546822): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593569.394:11546822): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593569.394:11546822): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593569.394:11546822): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593569.394:11546822): arch=c000003e syscall=59 success=yes exit=0 a0=76617ac47d60 a1=7660bbc48680 a2=5669b9d93a40 a3=8 items=2 ppid=5468 pid=2861309 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593569.394:11546821): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593569.394:11546821): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593569.394:11546821): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593569.394:11546821): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48680 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2861309 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593569.394:11546820): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593569.394:11546820): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593569.394:11546820): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593569.394:11546820): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48680 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2861309 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593569.394:11546819): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593569.394:11546819): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593569.394:11546819): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593569.394:11546819): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48680 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2861309 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593569.394:11546818): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593569.394:11546818): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593569.394:11546818): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593569.394:11546818): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48680 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2861309 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593569.394:11546817): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593569.394:11546817): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593569.394:11546817): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593569.394:11546817): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48680 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2861309 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593569.394:11546816): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593569.394:11546816): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593569.394:11546816): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593569.394:11546816): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48680 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2861309 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593569.391:11546815): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593569.391:11546815): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593569.391:11546815): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593569.391:11546815): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593569.391:11546815): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593569.391:11546815): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593569.391:11546815): arch=c000003e syscall=59 success=yes exit=0 a0=76617ac47d60 a1=7660bbc48f20 a2=5669b9d93a40 a3=8 items=2 ppid=5468 pid=2861308 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593569.391:11546814): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593569.391:11546814): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593569.391:11546814): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593569.391:11546814): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48f20 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2861308 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593569.391:11546813): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593569.391:11546813): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593569.391:11546813): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593569.391:11546813): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48f20 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2861308 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593569.391:11546812): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593569.391:11546812): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593569.391:11546812): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593569.391:11546812): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48f20 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2861308 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593569.391:11546811): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593569.391:11546811): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593569.391:11546811): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593569.391:11546811): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48f20 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2861308 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593569.391:11546810): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593569.391:11546810): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593569.391:11546810): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593569.391:11546810): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48f20 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2861308 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593569.391:11546809): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593569.391:11546809): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593569.391:11546809): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593569.391:11546809): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48f20 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2861308 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593569.361:11546808): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550067726F777468626F6F6B002D6400706F737467726573"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593569.361:11546808): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593569.361:11546808): item=0 name=\"/usr/lib/postgresql/17/bin/pg_isready\" inode=3958125 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593569.361:11546808): cwd=\"/\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593569.361:11546808): argc=5 a0=\"/usr/lib/postgresql/17/bin/pg_isready\" a1=\"-U\" a2=\"growthbook\" a3=\"-d\" a4=\"postgres\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593569.361:11546808): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593569.361:11546808): arch=c000003e syscall=59 success=yes exit=0 a0=586e0e40e9a0 a1=586e0e419390 a2=586e0e14d970 a3=7c88e7f21e70 items=2 ppid=2861298 pid=2861305 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/lib/postgresql/17/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593569.350:11546807): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550070726F6D6574686575735F61646D696E002D640070726F6D6574686575735F61646D696E"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593569.350:11546807): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=5581428 dev=00:af mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593569.350:11546807): item=0 name=\"/usr/lib/postgresql/17/bin/pg_isready\" inode=5809487 dev=00:af mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593569.350:11546807): cwd=\"/\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593569.350:11546807): argc=5 a0=\"/usr/lib/postgresql/17/bin/pg_isready\" a1=\"-U\" a2=\"prometheus_admin\" a3=\"-d\" a4=\"prometheus_admin\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593569.350:11546807): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593569.350:11546807): arch=c000003e syscall=59 success=yes exit=0 a0=61c86cfff440 a1=61c86d105c60 a2=61c86cd67970 a3=7c4835949e70 items=2 ppid=2861278 pid=2861304 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/lib/postgresql/17/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593569.321:11546806): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550067726F777468626F6F6B002D6400706F737467726573"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593569.321:11546806): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593569.321:11546806): item=1 name=\"/usr/bin/perl\" inode=6956288 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593569.321:11546806): item=0 name=\"/usr/bin/pg_isready\" inode=4211279 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593569.321:11546806): cwd=\"/\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593569.321:11546806): argc=6 a0=\"/usr/bin/perl\" a1=\"/usr/bin/pg_isready\" a2=\"-U\" a3=\"growthbook\" a4=\"-d\" a5=\"postgres\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593569.321:11546806): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593569.321:11546806): arch=c000003e syscall=59 success=yes exit=0 a0=60395fa04640 a1=60392e3d19a8 a2=60395fa045d8 a3=8 items=3 ppid=2861298 pid=2861305 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/bin/perl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593569.317:11546805): proctitle=2F62696E2F7368002D630070675F69737265616479202D552067726F777468626F6F6B202D6420706F737467726573"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593569.317:11546805): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593569.317:11546805): item=0 name=\"/bin/sh\" inode=6954646 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593569.317:11546805): cwd=\"/\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593569.317:11546805): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552067726F777468626F6F6B202D6420706F737467726573"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593569.317:11546805): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593569.317:11546805): arch=c000003e syscall=59 success=yes exit=0 a0=c00019ceb0 a1=c000022680 a2=c000025260 a3=0 items=2 ppid=2861280 pid=2861298 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/usr/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593569.306:11546804): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550070726F6D6574686575735F61646D696E002D640070726F6D6574686575735F61646D696E"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593569.306:11546804): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=5581428 dev=00:af mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593569.306:11546804): item=1 name=\"/usr/bin/perl\" inode=5580916 dev=00:af mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593569.306:11546804): item=0 name=\"/usr/bin/pg_isready\" inode=5823482 dev=00:af mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593569.306:11546804): cwd=\"/\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593569.306:11546804): argc=6 a0=\"/usr/bin/perl\" a1=\"/usr/bin/pg_isready\" a2=\"-U\" a3=\"prometheus_admin\" a4=\"-d\" a5=\"prometheus_admin\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593569.306:11546804): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593569.306:11546804): arch=c000003e syscall=59 success=yes exit=0 a0=5eaf335de678 a1=5eaf335de5e0 a2=5eaf335de610 a3=8 items=3 ppid=2861278 pid=2861304 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/bin/perl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593569.301:11546803): proctitle=2F62696E2F7368002D630070675F69737265616479202D552070726F6D6574686575735F61646D696E202D642070726F6D6574686575735F61646D696E"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593569.301:11546803): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=5581428 dev=00:af mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593569.301:11546803): item=0 name=\"/bin/sh\" inode=5580787 dev=00:af mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593569.301:11546803): cwd=\"/\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593569.301:11546803): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552070726F6D6574686575735F61646D696E202D642070726F6D6574686575735F61646D696E"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593569.301:11546803): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593569.301:11546803): arch=c000003e syscall=59 success=yes exit=0 a0=c0000fceb0 a1=c000022680 a2=c000025140 a3=0 items=2 ppid=2861266 pid=2861278 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/usr/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593569.274:11546802): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593569.274:11546802): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593569.274:11546802): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:173 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593569.274:11546802): cwd=\"/var/lib/docker/rootfs/overlayfs/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593569.274:11546802): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593569.274:11546802): arch=c000003e syscall=59 success=yes exit=0 a0=c0001cd880 a1=c0001d1350 a2=c0001d3c40 a3=0 items=2 ppid=2861280 pid=2861293 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593569.259:11546801): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F30326662356464303063653239313436373264356635333762"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593569.259:11546801): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593569.259:11546801): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593569.259:11546801): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593569.259:11546801): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3974880770\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf/4ca9fc6737e3c6d7386f681a17a3aeb6365a25f73513931a6b0c5c1c59c34566.pid\" a14=\"02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593569.259:11546801): arch=c000003e syscall=59 success=yes exit=0 a0=c000119b30 a1=c0002f3500 a2=c0002f3580 a3=0 items=2 ppid=4084 pid=2861280 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593569.253:11546800): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593569.253:11546800): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593569.253:11546800): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593569.253:11546800): cwd=\"/var/lib/docker/rootfs/overlayfs/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593569.253:11546800): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593569.253:11546800): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b830 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=2861266 pid=2861275 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593569.239:11546799): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F39366463666130373439336431613065353531353136646432"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593569.239:11546799): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593569.239:11546799): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593569.239:11546799): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593569.239:11546799): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2733222899\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24/a9545245437744d468cee182ea6ddeb929951de898a5574647d8dc853be1342a.pid\" a14=\"96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593569.239:11546799): arch=c000003e syscall=59 success=yes exit=0 a0=c000099da0 a1=c0001c7e00 a2=c0001c7e80 a3=0 items=2 ppid=4402 pid=2861266 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593569.070:11546798): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593569.070:11546798): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593569.070:11546798): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593569.070:11546798): cwd=\"/var/lib/docker/rootfs/overlayfs/59582f7591559088714ccdef6fbea6ce773505523dcc785ab3c861f1c9a990ae\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593569.070:11546798): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593569.070:11546798): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5860 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=2861246 pid=2861256 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593569.056:11546797): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F35393538326637353931353539303838373134636364656636"}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593569.056:11546797): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593569.056:11546797): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593569.056:11546797): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/59582f7591559088714ccdef6fbea6ce773505523dcc785ab3c861f1c9a990ae\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593569.056:11546797): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/59582f7591559088714ccdef6fbea6ce773505523dcc785ab3c861f1c9a990ae/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1257208564\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/59582f7591559088714ccdef6fbea6ce773505523dcc785ab3c861f1c9a990ae/75f9bb52fe420f2b09d8e51cb505365091562bf0a776ae448113aa680cf11891.pid\" a14=\"59582f7591559088714ccdef6fbea6ce773505523dcc785ab3c861f1c9a990ae\""}
{"ts": "2026-04-30T23:59:29Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593569.056:11546797): arch=c000003e syscall=59 success=yes exit=0 a0=c0001cf990 a1=c0002c1700 a2=c0002c1780 a3=0 items=2 ppid=3214 pid=2861246 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593568.458:11546796): proctitle=77676574002D2D73706964657200687474703A2F2F6C6F63616C686F73743A333130302F7265616479"}
{"ts": "2026-04-30T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593568.458:11546796): item=0 name=\"/busybox/wget\" inode=6701653 dev=00:a1 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593568.458:11546796): cwd=\"/\""}
{"ts": "2026-04-30T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593568.458:11546796): argc=3 a0=\"wget\" a1=\"--spider\" a2=\"http://localhost:3100/ready\""}
{"ts": "2026-04-30T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593568.458:11546796): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593568.458:11546796): arch=c000003e syscall=59 success=yes exit=0 a0=c0000fce60 a1=c000022660 a2=c0000cf9e0 a3=0 items=1 ppid=2861225 pid=2861238 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/busybox/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593568.414:11546795): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593568.414:11546795): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593568.414:11546795): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593568.414:11546795): cwd=\"/var/lib/docker/rootfs/overlayfs/c390a7335ba8d816c119db0362dee085991e5e82d658167c5921656c90a30307\""}
{"ts": "2026-04-30T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593568.414:11546795): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593568.414:11546795): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3840 a1=c0001f7338 a2=c0001f9c40 a3=0 items=2 ppid=2861225 pid=2861235 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593568.392:11546794): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F63333930613733333562613864383136633131396462303336"}
{"ts": "2026-04-30T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593568.392:11546794): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593568.392:11546794): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593568.392:11546794): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/c390a7335ba8d816c119db0362dee085991e5e82d658167c5921656c90a30307\""}
{"ts": "2026-04-30T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593568.392:11546794): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/c390a7335ba8d816c119db0362dee085991e5e82d658167c5921656c90a30307/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3323971841\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/c390a7335ba8d816c119db0362dee085991e5e82d658167c5921656c90a30307/7a5aa1c61c2655720be72e80594725a720e3c47f3c439cd3da35683a44ff31d6.pid\" a14=\"c390a7335ba8d816c119db0362dee085991e5e82d658167c5921656c90a30307\""}
{"ts": "2026-04-30T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593568.392:11546794): arch=c000003e syscall=59 success=yes exit=0 a0=c0002b0420 a1=c000095e00 a2=c0000b0000 a3=0 items=2 ppid=4250 pid=2861225 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593568.086:11546793): proctitle=6375726C002D6600687474703A2F2F6C6F63616C686F73743A383030302F6865616C74687A"}
{"ts": "2026-04-30T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593568.086:11546793): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593568.086:11546793): item=0 name=\"/usr/bin/curl\" inode=8530521 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593568.086:11546793): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593568.086:11546793): argc=3 a0=\"curl\" a1=\"-f\" a2=\"http://localhost:8000/healthz\""}
{"ts": "2026-04-30T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593568.086:11546793): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593568.086:11546793): arch=c000003e syscall=59 success=yes exit=0 a0=c00018af50 a1=c000022ac0 a2=c000170a20 a3=0 items=2 ppid=4472 pid=2861219 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"curl\" exe=\"/usr/bin/curl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593568.045:11546792): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593568.045:11546792): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593568.045:11546792): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593568.045:11546792): cwd=\"/var/lib/docker/rootfs/overlayfs/85b545c504cd648e96e62b4ba6066cca7e4a8b207e2cdfa5efa782d8a3e3241b\""}
{"ts": "2026-04-30T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593568.045:11546792): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593568.045:11546792): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c58a0 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=2861206 pid=2861216 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593568.031:11546791): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F38356235343563353034636436343865393665363262346261"}
{"ts": "2026-04-30T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593568.031:11546791): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593568.031:11546791): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593568.031:11546791): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/85b545c504cd648e96e62b4ba6066cca7e4a8b207e2cdfa5efa782d8a3e3241b\""}
{"ts": "2026-04-30T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593568.031:11546791): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/85b545c504cd648e96e62b4ba6066cca7e4a8b207e2cdfa5efa782d8a3e3241b/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1253702037\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/85b545c504cd648e96e62b4ba6066cca7e4a8b207e2cdfa5efa782d8a3e3241b/7a642ecd48a4cec5401c40eee9db455c4d41fc9905b0e0be218cd5291eac24ae.pid\" a14=\"85b545c504cd648e96e62b4ba6066cca7e4a8b207e2cdfa5efa782d8a3e3241b\""}
{"ts": "2026-04-30T23:59:28Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593568.031:11546791): arch=c000003e syscall=59 success=yes exit=0 a0=c0001cf200 a1=c000198100 a2=c000198180 a3=0 items=2 ppid=4472 pid=2861206 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593567.623:11546790): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593567.623:11546790): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593567.623:11546790): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593567.623:11546790): cwd=\"/var/lib/docker/rootfs/overlayfs/531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50\""}
{"ts": "2026-04-30T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593567.623:11546790): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593567.623:11546790): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c58b0 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=2861189 pid=2861198 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593567.610:11546789): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F35333161623839363863653834346231386230623365626166"}
{"ts": "2026-04-30T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593567.610:11546789): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593567.610:11546789): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593567.610:11546789): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50\""}
{"ts": "2026-04-30T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593567.610:11546789): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process4062137612\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50/88b9867f65054cbd17ac2f7fa62b3dc47196e0593bc1d149d241255d28ff3a6e.pid\" a14=\"531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50\""}
{"ts": "2026-04-30T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593567.610:11546789): arch=c000003e syscall=59 success=yes exit=0 a0=c000343c30 a1=c0001a7e00 a2=c0001a7e80 a3=0 items=2 ppid=4374 pid=2861189 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593567.208:11546788): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520666F7267656A6F"}
{"ts": "2026-04-30T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593567.208:11546788): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:52 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593567.208:11546788): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:52 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593567.208:11546788): cwd=\"/\""}
{"ts": "2026-04-30T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593567.208:11546788): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"forgejo\""}
{"ts": "2026-04-30T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593567.208:11546788): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593567.208:11546788): arch=c000003e syscall=59 success=yes exit=0 a0=73e2859af278 a1=73e2859af1d8 a2=73e2859af1f8 a3=8080808080808080 items=2 ppid=3626 pid=2861181 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593567.205:11546787): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520666F7267656A6F"}
{"ts": "2026-04-30T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593567.205:11546787): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:52 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593567.205:11546787): item=0 name=\"/bin/sh\" inode=8589166 dev=00:52 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593567.205:11546787): cwd=\"/\""}
{"ts": "2026-04-30T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593567.205:11546787): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520666F7267656A6F"}
{"ts": "2026-04-30T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593567.205:11546787): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593567.205:11546787): arch=c000003e syscall=59 success=yes exit=0 a0=c0000fcf68 a1=c000022680 a2=c0001508c0 a3=0 items=2 ppid=2861168 pid=2861181 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593567.159:11546786): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593567.159:11546786): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593567.159:11546786): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593567.159:11546786): cwd=\"/var/lib/docker/rootfs/overlayfs/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251\""}
{"ts": "2026-04-30T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593567.159:11546786): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593567.159:11546786): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3840 a1=c0001f7338 a2=c0001f9c40 a3=0 items=2 ppid=2861168 pid=2861177 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593567.144:11546785): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F32636464336430383963393436373631633432633763666334"}
{"ts": "2026-04-30T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593567.144:11546785): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593567.144:11546785): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593567.144:11546785): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251\""}
{"ts": "2026-04-30T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593567.144:11546785): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2844598055\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251/cef6e6d3afa2bf24cbce8b7c9c4d5a74e8b3429e4022b7411184c11c44a7e3d6.pid\" a14=\"2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251\""}
{"ts": "2026-04-30T23:59:27Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593567.144:11546785): arch=c000003e syscall=59 success=yes exit=0 a0=c0001402c0 a1=c00041c300 a2=c00041c380 a3=0 items=2 ppid=3626 pid=2861168 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593566.779:11546784): proctitle=677265700077696E646D696C6C"}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593566.779:11546784): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593566.779:11546784): item=0 name=\"/usr/bin/grep\" inode=8524666 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593566.779:11546784): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593566.779:11546784): argc=2 a0=\"grep\" a1=\"windmill\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593566.779:11546784): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593566.779:11546784): arch=c000003e syscall=59 success=yes exit=0 a0=57a5c96658a8 a1=57a5c9665800 a2=57a5c9665818 a3=5695705fd2778a96 items=2 ppid=2861159 pid=2861166 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"grep\" exe=\"/usr/bin/grep\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593566.778:11546783): proctitle=707300617578"}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593566.778:11546783): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593566.778:11546783): item=0 name=\"/usr/bin/ps\" inode=8576698 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593566.778:11546783): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593566.778:11546783): argc=2 a0=\"ps\" a1=\"aux\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593566.778:11546783): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593566.778:11546783): arch=c000003e syscall=59 success=yes exit=0 a0=57a5c9665888 a1=57a5c96657e0 a2=57a5c96657f8 a3=5695705fd2778a96 items=2 ppid=2861159 pid=2861165 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"ps\" exe=\"/usr/bin/ps\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593566.774:11546782): proctitle=2F62696E2F7368002D6300707320617578207C20677265702077696E646D696C6C207C7C20657869742031"}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593566.774:11546782): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593566.774:11546782): item=0 name=\"/bin/sh\" inode=8524584 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593566.774:11546782): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593566.774:11546782): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=707320617578207C20677265702077696E646D696C6C207C7C20657869742031"}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593566.774:11546782): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593566.774:11546782): arch=c000003e syscall=59 success=yes exit=0 a0=c000194f50 a1=c000022680 a2=c000114a20 a3=0 items=2 ppid=2861147 pid=2861159 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/usr/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593566.732:11546781): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593566.732:11546781): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593566.732:11546781): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593566.732:11546781): cwd=\"/var/lib/docker/rootfs/overlayfs/beba1a544e568fe258b36536f8a2534b89a2940ed13c0d80d5f6bf1281bee1a6\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593566.732:11546781): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593566.732:11546781): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b850 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=2861147 pid=2861157 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593566.719:11546780): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F62656261316135343465353638666532353862333635333666"}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593566.719:11546780): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593566.719:11546780): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593566.719:11546780): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/beba1a544e568fe258b36536f8a2534b89a2940ed13c0d80d5f6bf1281bee1a6\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593566.719:11546780): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/beba1a544e568fe258b36536f8a2534b89a2940ed13c0d80d5f6bf1281bee1a6/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1517210035\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/beba1a544e568fe258b36536f8a2534b89a2940ed13c0d80d5f6bf1281bee1a6/319b3e5df6ee4fc2be9653707126f2950f0900d36406125d89a6edb71543127b.pid\" a14=\"beba1a544e568fe258b36536f8a2534b89a2940ed13c0d80d5f6bf1281bee1a6\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593566.719:11546780): arch=c000003e syscall=59 success=yes exit=0 a0=c000237370 a1=c000133180 a2=c000133200 a3=0 items=2 ppid=4241 pid=2861147 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593566.430:11546779): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593566.430:11546779): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593566.430:11546779): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593566.430:11546779): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593566.430:11546779): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593566.430:11546779): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593566.430:11546779): arch=c000003e syscall=59 success=yes exit=0 a0=75e2ac12cd60 a1=75e24645fee0 a2=6265ad214650 a3=8 items=2 ppid=5407 pid=2861145 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593566.430:11546778): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593566.430:11546778): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593566.430:11546778): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593566.430:11546778): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e24645fee0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2861145 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593566.430:11546777): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593566.430:11546777): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593566.430:11546777): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593566.430:11546777): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e24645fee0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2861145 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593566.430:11546776): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593566.430:11546776): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593566.430:11546776): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593566.430:11546776): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e24645fee0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2861145 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593566.430:11546775): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593566.430:11546775): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593566.430:11546775): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593566.430:11546775): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e24645fee0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2861145 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593566.430:11546774): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593566.430:11546774): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593566.430:11546774): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593566.430:11546774): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e24645fee0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2861145 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593566.429:11546773): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593566.429:11546773): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593566.429:11546773): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593566.429:11546773): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e24645fee0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2861145 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593566.427:11546772): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593566.427:11546772): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593566.427:11546772): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593566.427:11546772): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593566.427:11546772): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593566.427:11546772): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593566.427:11546772): arch=c000003e syscall=59 success=yes exit=0 a0=75e2ac12cd60 a1=75e246400a60 a2=6265ad214650 a3=8 items=2 ppid=5407 pid=2861144 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593566.427:11546771): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593566.427:11546771): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593566.427:11546771): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593566.427:11546771): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246400a60 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2861144 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593566.427:11546770): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593566.427:11546770): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593566.427:11546770): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593566.427:11546770): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246400a60 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2861144 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593566.427:11546769): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593566.427:11546769): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593566.427:11546769): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593566.427:11546769): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246400a60 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2861144 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593566.427:11546768): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593566.427:11546768): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593566.427:11546768): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593566.427:11546768): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246400a60 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2861144 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593566.427:11546767): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593566.427:11546767): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593566.427:11546767): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593566.427:11546767): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246400a60 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2861144 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593566.427:11546766): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593566.427:11546766): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593566.427:11546766): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593566.427:11546766): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246400a60 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2861144 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593566.423:11546765): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593566.423:11546765): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593566.423:11546765): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593566.423:11546765): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593566.423:11546765): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593566.423:11546765): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593566.423:11546765): arch=c000003e syscall=59 success=yes exit=0 a0=75e2ac12cd60 a1=75e246587040 a2=6265ad214650 a3=8 items=2 ppid=5407 pid=2861143 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593566.423:11546764): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593566.423:11546764): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593566.423:11546764): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593566.423:11546764): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246587040 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2861143 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593566.423:11546763): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593566.423:11546763): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593566.423:11546763): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593566.423:11546763): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246587040 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2861143 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593566.423:11546762): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593566.423:11546762): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593566.423:11546762): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593566.423:11546762): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246587040 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2861143 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593566.423:11546761): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593566.423:11546761): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593566.423:11546761): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593566.423:11546761): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246587040 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2861143 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593566.423:11546760): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593566.423:11546760): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593566.423:11546760): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593566.423:11546760): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246587040 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2861143 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593566.423:11546759): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593566.423:11546759): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593566.423:11546759): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593566.423:11546759): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246587040 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2861143 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593566.241:11546758): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593566.241:11546758): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:50 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593566.241:11546758): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:50 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593566.241:11546758): cwd=\"/\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593566.241:11546758): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"postgres\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593566.241:11546758): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593566.241:11546758): arch=c000003e syscall=59 success=yes exit=0 a0=76220237c288 a1=76220237c1e8 a2=76220237c208 a3=0 items=2 ppid=4000 pid=2861135 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593566.237:11546757): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593566.237:11546757): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:50 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593566.237:11546757): item=0 name=\"/bin/sh\" inode=8589166 dev=00:50 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593566.237:11546757): cwd=\"/\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593566.237:11546757): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593566.237:11546757): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593566.237:11546757): arch=c000003e syscall=59 success=yes exit=0 a0=c00018cf38 a1=c000022ac0 a2=c0001348c0 a3=0 items=2 ppid=2861122 pid=2861135 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593566.219:11546756): proctitle=2F7362696E2F6970006C696E6B"}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593566.219:11546756): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6691347 dev=00:38 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593566.219:11546756): item=0 name=\"/sbin/ip\" inode=6690355 dev=00:38 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593566.219:11546756): cwd=\"/ansible\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593566.219:11546756): argc=2 a0=\"/sbin/ip\" a1=\"link\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593566.219:11546756): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593566.219:11546756): arch=c000003e syscall=59 success=yes exit=0 a0=742f563b6d80 a1=742f54fb2ed0 a2=742f54f570f0 a3=0 items=2 ppid=2861094 pid=2861141 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"ip\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593566.192:11546755): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593566.192:11546755): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593566.192:11546755): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593566.192:11546755): cwd=\"/var/lib/docker/rootfs/overlayfs/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593566.192:11546755): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593566.192:11546755): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b840 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=2861122 pid=2861132 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593566.178:11546754): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36653065616135386161643139626438656463306639353565"}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593566.178:11546754): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593566.178:11546754): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593566.178:11546754): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593566.178:11546754): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1591292923\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39/9e5c7a48721182df4a0a205a0ac4aaf1a1858be4fb3d66652ae819f846fd0671.pid\" a14=\"6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593566.178:11546754): arch=c000003e syscall=59 success=yes exit=0 a0=c00035d850 a1=c000308f80 a2=c000309000 a3=0 items=2 ppid=4000 pid=2861122 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593565.909:11546753): proctitle=6A71002D2D7261772D6F7574707574002E737461747573"}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593565.909:11546753): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:b6 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593565.909:11546753): item=0 name=\"/usr/bin/jq\" inode=7115963 dev=00:b6 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593565.909:11546753): cwd=\"/app\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593565.909:11546753): argc=3 a0=\"jq\" a1=\"--raw-output\" a2=\".status\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593565.909:11546753): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593565.909:11546753): arch=c000003e syscall=59 success=yes exit=0 a0=5c6b2cae89a0 a1=5c6b2cae9280 a2=5c6b2cae5300 a3=8 items=2 ppid=2861119 pid=2861121 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"jq\" exe=\"/usr/bin/jq\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593565.908:11546752): proctitle=6375726C002D2D73696C656E7400687474703A2F2F3132372E302E302E313A38312F6170692F"}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593565.908:11546752): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:b6 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593565.908:11546752): item=0 name=\"/usr/bin/curl\" inode=7115848 dev=00:b6 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593565.908:11546752): cwd=\"/app\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593565.908:11546752): argc=3 a0=\"curl\" a1=\"--silent\" a2=\"http://127.0.0.1:81/api/\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593565.908:11546752): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593565.908:11546752): arch=c000003e syscall=59 success=yes exit=0 a0=5c6b2cae89d0 a1=5c6b2cae92b0 a2=5c6b2cae5300 a3=8 items=2 ppid=2861119 pid=2861120 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"curl\" exe=\"/usr/bin/curl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593565.903:11546751): proctitle=2F62696E2F62617368002F62696E2F636865636B2D6865616C7468"}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593565.903:11546751): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:b6 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593565.903:11546751): item=1 name=\"/bin/bash\" inode=6954383 dev=00:b6 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593565.903:11546751): item=0 name=\"/bin/check-health\" inode=8694993 dev=00:b6 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593565.903:11546751): cwd=\"/app\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593565.903:11546751): argc=2 a0=\"/bin/bash\" a1=\"/bin/check-health\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593565.903:11546751): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593565.903:11546751): arch=c000003e syscall=59 success=yes exit=0 a0=c000027350 a1=c00002a800 a2=c00016e280 a3=0 items=3 ppid=2861100 pid=2861113 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"check-health\" exe=\"/usr/bin/bash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593565.865:11546750): proctitle=2F7573722F62696E2F707974686F6E33002F7573722F62696E2F616E7369626C65002D2D76657273696F6E"}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593565.865:11546750): item=2 name=\"/lib/ld-musl-x86_64.so.1\" inode=6691347 dev=00:38 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593565.865:11546750): item=1 name=\"/usr/bin/python3\" inode=6867528 dev=00:38 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593565.865:11546750): item=0 name=\"/usr/bin/ansible\" inode=6861055 dev=00:38 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593565.865:11546750): cwd=\"/ansible\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593565.865:11546750): argc=3 a0=\"/usr/bin/python3\" a1=\"/usr/bin/ansible\" a2=\"--version\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593565.865:11546750): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593565.865:11546750): arch=c000003e syscall=59 success=yes exit=0 a0=c0000273e0 a1=c0000d3350 a2=c0000db1c0 a3=0 items=3 ppid=2291 pid=2861094 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"ansible\" exe=\"/usr/bin/python3.12\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593565.850:11546749): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593565.850:11546749): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593565.850:11546749): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:173 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593565.850:11546749): cwd=\"/var/lib/docker/rootfs/overlayfs/3d00cea9d890ac76ec9bbdca47f4d82e83b0a918911a118694314103c0f1ab42\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593565.850:11546749): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593565.850:11546749): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b860 a1=c00017f338 a2=c000201c00 a3=0 items=2 ppid=2861100 pid=2861109 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593565.836:11546748): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F33643030636561396438393061633736656339626264636134"}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593565.836:11546748): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593565.836:11546748): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593565.836:11546748): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/3d00cea9d890ac76ec9bbdca47f4d82e83b0a918911a118694314103c0f1ab42\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593565.836:11546748): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/3d00cea9d890ac76ec9bbdca47f4d82e83b0a918911a118694314103c0f1ab42/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process4225837075\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/3d00cea9d890ac76ec9bbdca47f4d82e83b0a918911a118694314103c0f1ab42/88b86fc992d795727e1cf70be2331cdcd479762adfd15f404fd25103445f9460.pid\" a14=\"3d00cea9d890ac76ec9bbdca47f4d82e83b0a918911a118694314103c0f1ab42\""}
{"ts": "2026-04-30T23:59:26Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593565.836:11546748): arch=c000003e syscall=59 success=yes exit=0 a0=c000384570 a1=c000340600 a2=c000340680 a3=0 items=2 ppid=4295 pid=2861100 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593565.812:11546747): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593565.812:11546747): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593565.812:11546747): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593565.812:11546747): cwd=\"/var/lib/docker/rootfs/overlayfs/9a8159a203300a4780aaf09648666255b8dfa1b9b4c5cadd8ec10b63e26015ad\""}
{"ts": "2026-04-30T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593565.812:11546747): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593565.812:11546747): arch=c000003e syscall=59 success=yes exit=0 a0=c00017d850 a1=c000181338 a2=c000183c00 a3=0 items=2 ppid=2861082 pid=2861091 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593565.799:11546746): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F39613831353961323033333030613437383061616630393634"}
{"ts": "2026-04-30T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593565.799:11546746): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593565.799:11546746): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593565.799:11546746): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/9a8159a203300a4780aaf09648666255b8dfa1b9b4c5cadd8ec10b63e26015ad\""}
{"ts": "2026-04-30T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593565.799:11546746): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/9a8159a203300a4780aaf09648666255b8dfa1b9b4c5cadd8ec10b63e26015ad/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2940224770\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/9a8159a203300a4780aaf09648666255b8dfa1b9b4c5cadd8ec10b63e26015ad/785e8c37635dda9c4aeb6b24c2c5229151df8a64ac593b5fde784d789eb9339a.pid\" a14=\"9a8159a203300a4780aaf09648666255b8dfa1b9b4c5cadd8ec10b63e26015ad\""}
{"ts": "2026-04-30T23:59:25Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593565.799:11546746): arch=c000003e syscall=59 success=yes exit=0 a0=c0000b06c0 a1=c000381a00 a2=c000381a80 a3=0 items=2 ppid=2291 pid=2861082 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593564.792:11546745): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593564.792:11546745): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593564.792:11546745): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593564.792:11546745): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593564.792:11546745): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593564.792:11546745): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593564.792:11546745): arch=c000003e syscall=59 success=yes exit=0 a0=7faf8d900d60 a1=7faee3002860 a2=634a8a009a40 a3=8 items=2 ppid=5417 pid=2861078 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593564.792:11546744): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593564.792:11546744): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593564.792:11546744): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593564.792:11546744): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee3002860 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2861078 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593564.792:11546743): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593564.792:11546743): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593564.792:11546743): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593564.792:11546743): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee3002860 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2861078 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593564.792:11546742): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593564.792:11546742): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593564.792:11546742): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593564.792:11546742): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee3002860 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2861078 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593564.792:11546741): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593564.792:11546741): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593564.792:11546741): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593564.792:11546741): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee3002860 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2861078 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593564.792:11546740): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593564.792:11546740): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593564.792:11546740): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593564.792:11546740): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee3002860 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2861078 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593564.792:11546739): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593564.792:11546739): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593564.792:11546739): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593564.792:11546739): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee3002860 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2861078 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593564.789:11546738): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593564.789:11546738): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593564.789:11546738): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593564.789:11546738): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593564.789:11546738): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593564.789:11546738): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593564.789:11546738): arch=c000003e syscall=59 success=yes exit=0 a0=7faf8d900d60 a1=7faee3002820 a2=634a8a009a40 a3=8 items=2 ppid=5417 pid=2861077 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593564.789:11546737): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593564.789:11546737): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593564.789:11546737): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593564.789:11546737): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee3002820 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2861077 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593564.789:11546736): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593564.789:11546736): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593564.789:11546736): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593564.789:11546736): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee3002820 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2861077 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593564.789:11546735): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593564.789:11546735): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593564.789:11546735): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593564.789:11546735): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee3002820 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2861077 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593564.789:11546734): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593564.789:11546734): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593564.789:11546734): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593564.789:11546734): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee3002820 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2861077 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593564.789:11546733): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593564.789:11546733): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593564.789:11546733): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593564.789:11546733): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee3002820 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2861077 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593564.789:11546732): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593564.789:11546732): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593564.789:11546732): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593564.789:11546732): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee3002820 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2861077 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593564.785:11546731): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593564.785:11546731): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593564.785:11546731): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593564.785:11546731): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593564.785:11546731): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593564.785:11546731): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593564.785:11546731): arch=c000003e syscall=59 success=yes exit=0 a0=7faf8d900d60 a1=7faeecc024c0 a2=634a8a009a40 a3=8 items=2 ppid=5417 pid=2861076 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593564.785:11546730): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593564.785:11546730): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593564.785:11546730): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593564.785:11546730): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeecc024c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2861076 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593564.785:11546729): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593564.785:11546729): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593564.785:11546729): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593564.785:11546729): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeecc024c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2861076 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593564.785:11546728): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593564.785:11546728): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593564.785:11546728): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593564.785:11546728): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeecc024c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2861076 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593564.785:11546727): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593564.785:11546727): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593564.785:11546727): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593564.785:11546727): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeecc024c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2861076 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593564.785:11546726): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593564.785:11546726): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593564.785:11546726): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593564.785:11546726): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeecc024c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2861076 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593564.785:11546725): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593564.785:11546725): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593564.785:11546725): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593564.785:11546725): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeecc024c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2861076 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593564.066:11546724): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593564.066:11546724): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593564.066:11546724): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593564.066:11546724): cwd=\"/var/lib/docker/rootfs/overlayfs/7e96c0f67233d10fc0728f922615e0e7f5d3377f41b4a6a05124441cfe955e5f\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593564.066:11546724): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593564.066:11546724): arch=c000003e syscall=59 success=yes exit=0 a0=c0001eb840 a1=c0001ef338 a2=c0001f1c00 a3=0 items=2 ppid=2861056 pid=2861065 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593564.052:11546723): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F37653936633066363732333364313066633037323866393232"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593564.052:11546723): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593564.052:11546723): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593564.052:11546723): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/7e96c0f67233d10fc0728f922615e0e7f5d3377f41b4a6a05124441cfe955e5f\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593564.052:11546723): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/7e96c0f67233d10fc0728f922615e0e7f5d3377f41b4a6a05124441cfe955e5f/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1758767730\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/7e96c0f67233d10fc0728f922615e0e7f5d3377f41b4a6a05124441cfe955e5f/98425cbfabe81bfdcb7ccd30eed6e338878fe10f0a159ecec46eb6aedea060a8.pid\" a14=\"7e96c0f67233d10fc0728f922615e0e7f5d3377f41b4a6a05124441cfe955e5f\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593564.052:11546723): arch=c000003e syscall=59 success=yes exit=0 a0=c0000a6cb0 a1=c0002b1d00 a2=c0002b1d80 a3=0 items=2 ppid=3913 pid=2861056 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593564.044:11546722): proctitle=77676574002D2D737069646572002D7100687474703A2F2F3132372E302E302E313A383038302F737461747573"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593564.044:11546722): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:37 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593564.044:11546722): item=0 name=\"/usr/bin/wget\" inode=3454556 dev=00:37 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593564.044:11546722): cwd=\"/data\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593564.044:11546722): argc=4 a0=\"wget\" a1=\"--spider\" a2=\"-q\" a3=\"http://127.0.0.1:8080/status\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593564.044:11546722): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593564.044:11546722): arch=c000003e syscall=59 success=yes exit=0 a0=7498b7bc4408 a1=7498b7bc43b0 a2=7498b7bc43d8 a3=8080808080808080 items=2 ppid=2861049 pid=2861055 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593564.041:11546721): proctitle=2F62696E2F7368002D630077676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A383038302F737461747573207C7C20657869742031"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593564.041:11546721): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:37 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593564.041:11546721): item=0 name=\"/bin/sh\" inode=3454556 dev=00:37 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593564.041:11546721): cwd=\"/data\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593564.041:11546721): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=77676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A383038302F737461747573207C7C20657869742031"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593564.041:11546721): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593564.041:11546721): arch=c000003e syscall=59 success=yes exit=0 a0=c00019ef58 a1=c000022680 a2=c0000226a0 a3=0 items=2 ppid=2861034 pid=2861049 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593563.998:11546720): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593563.998:11546720): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593563.998:11546720): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593563.998:11546720): cwd=\"/var/lib/docker/rootfs/overlayfs/9d998ef1eacb3b076ca0da4256f08add55d0bbb54d81229185d76af8553a0c77\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593563.998:11546720): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593563.998:11546720): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5870 a1=c0001c9350 a2=c0001cbc40 a3=0 items=2 ppid=2861034 pid=2861046 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593563.985:11546719): proctitle=77676574002D2D737069646572002D7100687474703A2F2F3132372E302E302E313A333030302F"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593563.985:11546719): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6688979 dev=00:b0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593563.985:11546719): item=0 name=\"/usr/bin/wget\" inode=6699356 dev=00:b0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593563.985:11546719): cwd=\"/data/docuseal\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593563.985:11546719): argc=4 a0=\"wget\" a1=\"--spider\" a2=\"-q\" a3=\"http://127.0.0.1:3000/\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593563.985:11546719): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593563.985:11546719): arch=c000003e syscall=59 success=yes exit=0 a0=733dbbc0f558 a1=733dbbc0f478 a2=733dbbc0f4a0 a3=733dbbc0a6a4 items=2 ppid=2861028 pid=2861035 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593563.979:11546718): proctitle=2F62696E2F7368002D630077676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A333030302F207C7C20657869742031"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593563.979:11546718): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6688979 dev=00:b0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593563.979:11546718): item=0 name=\"/bin/sh\" inode=6699356 dev=00:b0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593563.979:11546718): cwd=\"/data/docuseal\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593563.979:11546718): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=77676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A333030302F207C7C20657869742031"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593563.979:11546718): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593563.979:11546718): arch=c000003e syscall=59 success=yes exit=0 a0=c00018af68 a1=c000022ac0 a2=c00011b290 a3=0 items=2 ppid=2861015 pid=2861028 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593563.980:11546717): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F39643939386566316561636233623037366361306461343235"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593563.980:11546717): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593563.980:11546717): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593563.980:11546717): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/9d998ef1eacb3b076ca0da4256f08add55d0bbb54d81229185d76af8553a0c77\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593563.980:11546717): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/9d998ef1eacb3b076ca0da4256f08add55d0bbb54d81229185d76af8553a0c77/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1545980003\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/9d998ef1eacb3b076ca0da4256f08add55d0bbb54d81229185d76af8553a0c77/c6df6bf0a247c72dbe47d236a843cb860fca9505263d95d49ebb8807f78a843e.pid\" a14=\"9d998ef1eacb3b076ca0da4256f08add55d0bbb54d81229185d76af8553a0c77\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593563.980:11546717): arch=c000003e syscall=59 success=yes exit=0 a0=c000326920 a1=c0000c8780 a2=c0000c8900 a3=0 items=2 ppid=2253 pid=2861034 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593563.936:11546716): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593563.936:11546716): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593563.936:11546716): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593563.936:11546716): cwd=\"/var/lib/docker/rootfs/overlayfs/54b29fc0e66ed9250ab34b02c7796cc10123209dc181d39249b516ee4894714f\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593563.936:11546716): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593563.936:11546716): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b830 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=2861015 pid=2861024 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593563.920:11546715): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F35346232396663306536366564393235306162333462303263"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593563.920:11546715): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593563.920:11546715): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593563.920:11546715): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/54b29fc0e66ed9250ab34b02c7796cc10123209dc181d39249b516ee4894714f\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593563.920:11546715): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/54b29fc0e66ed9250ab34b02c7796cc10123209dc181d39249b516ee4894714f/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3212802085\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/54b29fc0e66ed9250ab34b02c7796cc10123209dc181d39249b516ee4894714f/24e6c59970c682778d5884b2644186541c05bcbbb7119a319ad080c08ce418be.pid\" a14=\"54b29fc0e66ed9250ab34b02c7796cc10123209dc181d39249b516ee4894714f\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593563.920:11546715): arch=c000003e syscall=59 success=yes exit=0 a0=c00017e6d0 a1=c0002cf900 a2=c0002cf980 a3=0 items=2 ppid=4356 pid=2861015 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593563.827:11546714): proctitle=6D617269616462002D2D64656661756C74732D65787472612D66696C653D2F7661722F6C69622F6D7973716C2F2E6D792D6865616C7468636865636B2E636E66002D2D70726F746F636F6C00736F636B6574002D42002D2D736B69702D636F6C756D6E2D6E616D6573002D650073656C65637420312066726F6D20696E666F72"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593563.827:11546714): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593563.827:11546714): item=0 name=\"/usr/bin/mariadb\" inode=7117817 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593563.827:11546714): cwd=\"/\""}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593563.827:11546714): argc=8 a0=\"mariadb\" a1=\"--defaults-extra-file=/var/lib/mysql/.my-healthcheck.cnf\" a2=\"--protocol\" a3=\"socket\" a4=\"-B\" a5=\"--skip-column-names\" a6=\"-e\" a7=73656C65637420312066726F6D20696E666F726D6174696F6E5F736368656D612E454E47494E455320574845524520656E67696E653D27696E6E6F64622720414E4420737570706F727420696E202827594553272C202744454641554C54272C2027454E41424C45442729"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593563.827:11546714): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:24Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593563.827:11546714): arch=c000003e syscall=59 success=yes exit=0 a0=5dbcf0e2f990 a1=5dbcf0e519c0 a2=5dbcf0e30860 a3=8 items=2 ppid=2861007 pid=2861014 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"mariadb\" exe=\"/usr/bin/mariadb\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593563.813:11546713): proctitle=6D617269616462002D2D64656661756C74732D65787472612D66696C653D2F7661722F6C69622F6D7973716C2F2E6D792D6865616C7468636865636B2E636E66002D2D70726F746F636F6C00736F636B6574002D42002D2D736B69702D636F6C756D6E2D6E616D6573002D650073656C656374204040736B69705F6E6574776F"}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593563.813:11546713): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593563.813:11546713): item=0 name=\"/usr/bin/mariadb\" inode=7117817 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593563.813:11546713): cwd=\"/\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593563.813:11546713): argc=8 a0=\"mariadb\" a1=\"--defaults-extra-file=/var/lib/mysql/.my-healthcheck.cnf\" a2=\"--protocol\" a3=\"socket\" a4=\"-B\" a5=\"--skip-column-names\" a6=\"-e\" a7=73656C656374204040736B69705F6E6574776F726B696E67"}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593563.813:11546713): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593563.813:11546713): arch=c000003e syscall=59 success=yes exit=0 a0=5dbcf0e2ffe0 a1=5dbcf0e51810 a2=5dbcf0e304a0 a3=8 items=2 ppid=2861007 pid=2861013 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"mariadb\" exe=\"/usr/bin/mariadb\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593563.805:11546712): proctitle=2F62696E2F62617368002F7573722F6C6F63616C2F62696E2F6865616C7468636865636B2E7368002D2D636F6E6E656374002D2D696E6E6F64625F696E697469616C697A6564"}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593563.805:11546712): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593563.805:11546712): item=1 name=\"/bin/bash\" inode=6963796 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593563.805:11546712): item=0 name=\"/usr/local/bin/healthcheck.sh\" inode=7348502 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593563.805:11546712): cwd=\"/\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593563.805:11546712): argc=4 a0=\"/bin/bash\" a1=\"/usr/local/bin/healthcheck.sh\" a2=\"--connect\" a3=\"--innodb_initialized\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593563.805:11546712): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593563.805:11546712): arch=c000003e syscall=59 success=yes exit=0 a0=c0000289a0 a1=c000022aa0 a2=c00013a320 a3=0 items=3 ppid=2860995 pid=2861007 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"healthcheck.sh\" exe=\"/usr/bin/bash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593563.759:11546711): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593563.759:11546711): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593563.759:11546711): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593563.759:11546711): cwd=\"/var/lib/docker/rootfs/overlayfs/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593563.759:11546711): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593563.759:11546711): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b840 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=2860995 pid=2861005 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593563.744:11546710): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F37656465303139653363623065383839303138636162386266"}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593563.744:11546710): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593563.744:11546710): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593563.744:11546710): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593563.744:11546710): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3067285389\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7/91ed91fb3e934e18882ea8e8f9ed7571308cdaabfa9b464317bdb385be5c4454.pid\" a14=\"7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593563.744:11546710): arch=c000003e syscall=59 success=yes exit=0 a0=c0001e9890 a1=c0001da580 a2=c0001da600 a3=0 items=2 ppid=4475 pid=2860995 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593563.458:11546709): proctitle=77676574002D2D737069646572002D7100687474703A2F2F3132372E302E302E313A383038302F737461747573"}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593563.458:11546709): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:36 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593563.458:11546709): item=0 name=\"/usr/bin/wget\" inode=3454556 dev=00:36 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593563.458:11546709): cwd=\"/data\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593563.458:11546709): argc=4 a0=\"wget\" a1=\"--spider\" a2=\"-q\" a3=\"http://127.0.0.1:8080/status\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593563.458:11546709): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593563.458:11546709): arch=c000003e syscall=59 success=yes exit=0 a0=7bf2eb991408 a1=7bf2eb9913b0 a2=7bf2eb9913d8 a3=8080808080808080 items=2 ppid=2860988 pid=2860994 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593563.455:11546708): proctitle=2F62696E2F7368002D630077676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A383038302F737461747573207C7C20657869742031"}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593563.455:11546708): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:36 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593563.455:11546708): item=0 name=\"/bin/sh\" inode=3454556 dev=00:36 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593563.455:11546708): cwd=\"/data\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593563.455:11546708): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=77676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A383038302F737461747573207C7C20657869742031"}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593563.455:11546708): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593563.455:11546708): arch=c000003e syscall=59 success=yes exit=0 a0=c00018af28 a1=c000022ac0 a2=c000022ae0 a3=0 items=2 ppid=2860975 pid=2860988 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593563.414:11546707): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593563.414:11546707): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593563.414:11546707): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593563.414:11546707): cwd=\"/var/lib/docker/rootfs/overlayfs/dc584acf339b0dd02a15498b48f6353fdccfb4b26c1ae9c833c37fffce3c4bfa\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593563.414:11546707): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593563.414:11546707): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b820 a1=c00017f338 a2=c000181c00 a3=0 items=2 ppid=2860975 pid=2860984 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593563.399:11546706): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F64633538346163663333396230646430326131353439386234"}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593563.399:11546706): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593563.399:11546706): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593563.399:11546706): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/dc584acf339b0dd02a15498b48f6353fdccfb4b26c1ae9c833c37fffce3c4bfa\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593563.399:11546706): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/dc584acf339b0dd02a15498b48f6353fdccfb4b26c1ae9c833c37fffce3c4bfa/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process4066585604\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/dc584acf339b0dd02a15498b48f6353fdccfb4b26c1ae9c833c37fffce3c4bfa/defc7d1ea8351b23fa82976c01a03d4c51a1331ea7299e40aa90f9b38d1aa349.pid\" a14=\"dc584acf339b0dd02a15498b48f6353fdccfb4b26c1ae9c833c37fffce3c4bfa\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593563.399:11546706): arch=c000003e syscall=59 success=yes exit=0 a0=c000010b30 a1=c000142080 a2=c000142100 a3=0 items=2 ppid=2257 pid=2860975 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593563.382:11546705): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593563.382:11546705): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593563.382:11546705): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593563.382:11546705): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593563.382:11546705): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593563.382:11546705): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593563.382:11546705): arch=c000003e syscall=59 success=yes exit=0 a0=76617ac47d60 a1=7660bbc48f20 a2=5669b9d93a40 a3=8 items=2 ppid=5468 pid=2860974 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593563.382:11546704): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593563.382:11546704): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593563.382:11546704): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593563.382:11546704): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48f20 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2860974 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593563.381:11546703): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593563.381:11546703): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593563.381:11546703): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593563.381:11546703): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48f20 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2860974 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593563.381:11546702): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593563.381:11546702): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593563.381:11546702): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593563.381:11546702): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48f20 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2860974 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593563.381:11546701): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593563.381:11546701): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593563.381:11546701): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593563.381:11546701): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48f20 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2860974 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593563.381:11546700): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593563.381:11546700): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593563.381:11546700): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593563.381:11546700): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48f20 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2860974 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593563.381:11546699): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593563.381:11546699): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593563.381:11546699): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593563.381:11546699): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48f20 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2860974 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593563.379:11546698): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593563.379:11546698): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593563.379:11546698): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593563.379:11546698): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593563.379:11546698): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593563.379:11546698): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593563.379:11546698): arch=c000003e syscall=59 success=yes exit=0 a0=76617ac47d60 a1=7660bbc48a80 a2=5669b9d93a40 a3=8 items=2 ppid=5468 pid=2860973 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593563.378:11546697): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593563.378:11546697): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593563.378:11546697): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593563.378:11546697): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48a80 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2860973 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593563.378:11546696): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593563.378:11546696): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593563.378:11546696): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593563.378:11546696): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48a80 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2860973 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593563.378:11546695): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593563.378:11546695): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593563.378:11546695): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593563.378:11546695): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48a80 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2860973 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593563.378:11546694): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593563.378:11546694): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593563.378:11546694): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593563.378:11546694): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48a80 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2860973 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593563.378:11546693): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593563.378:11546693): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593563.378:11546693): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593563.378:11546693): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48a80 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2860973 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593563.378:11546692): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593563.378:11546692): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593563.378:11546692): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593563.378:11546692): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48a80 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2860973 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593563.375:11546691): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593563.375:11546691): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593563.375:11546691): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593563.375:11546691): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593563.375:11546691): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593563.375:11546691): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593563.375:11546691): arch=c000003e syscall=59 success=yes exit=0 a0=76617ac47d60 a1=7660bbc48aa0 a2=5669b9d93a40 a3=8 items=2 ppid=5468 pid=2860972 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593563.375:11546690): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593563.375:11546690): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593563.375:11546690): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593563.375:11546690): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48aa0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2860972 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593563.375:11546689): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593563.375:11546689): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593563.375:11546689): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593563.375:11546689): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48aa0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2860972 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593563.375:11546688): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593563.375:11546688): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593563.375:11546688): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593563.375:11546688): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48aa0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2860972 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593563.375:11546687): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593563.375:11546687): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593563.375:11546687): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593563.375:11546687): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48aa0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2860972 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593563.375:11546686): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593563.375:11546686): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593563.375:11546686): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593563.375:11546686): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48aa0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2860972 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593563.375:11546685): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593563.375:11546685): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593563.375:11546685): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:23Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593563.375:11546685): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48aa0 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2860972 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593562.351:11546684): proctitle=6375726C002D6600687474703A2F2F6C6F63616C686F73743A383434332F6865616C74687A"}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593562.351:11546684): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8277530 dev=00:96 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593562.351:11546684): item=0 name=\"/usr/bin/curl\" inode=8272239 dev=00:96 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593562.351:11546684): cwd=\"/\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593562.351:11546684): argc=3 a0=\"curl\" a1=\"-f\" a2=\"http://localhost:8443/healthz\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593562.351:11546684): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593562.351:11546684): arch=c000003e syscall=59 success=yes exit=0 a0=c00017edb0 a1=c000022680 a2=c000194ab0 a3=0 items=2 ppid=2860950 pid=2860963 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"curl\" exe=\"/usr/bin/curl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593562.321:11546683): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593562.321:11546683): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6694357 dev=00:4a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593562.321:11546683): item=0 name=\"/usr/local/bin/redis-cli\" inode=6703632 dev=00:4a mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593562.321:11546683): cwd=\"/data\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593562.321:11546683): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593562.321:11546683): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593562.321:11546683): arch=c000003e syscall=59 success=yes exit=0 a0=c000028760 a1=c000119350 a2=c0000dd1c0 a3=0 items=2 ppid=2860912 pid=2860939 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593562.312:11546682): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593562.312:11546682): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6694357 dev=00:4b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593562.312:11546682): item=0 name=\"/usr/local/bin/redis-cli\" inode=6703632 dev=00:4b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593562.312:11546682): cwd=\"/data\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593562.312:11546682): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593562.312:11546682): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593562.312:11546682): arch=c000003e syscall=59 success=yes exit=0 a0=c0000289a0 a1=c0000c7350 a2=c0000cf1c0 a3=0 items=2 ppid=2860913 pid=2860940 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593562.302:11546681): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593562.302:11546681): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593562.302:11546681): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:19f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593562.302:11546681): cwd=\"/var/lib/docker/rootfs/overlayfs/39100183abc56a19c2ae07206cdab399444cf7fa09e4b9d16d02b58b22eb293c\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593562.302:11546681): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593562.302:11546681): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b8c0 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=2860950 pid=2860960 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593562.285:11546680): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F33393130303138336162633536613139633261653037323036"}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593562.285:11546680): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593562.285:11546680): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593562.285:11546680): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/39100183abc56a19c2ae07206cdab399444cf7fa09e4b9d16d02b58b22eb293c\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593562.285:11546680): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/39100183abc56a19c2ae07206cdab399444cf7fa09e4b9d16d02b58b22eb293c/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3855625177\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/39100183abc56a19c2ae07206cdab399444cf7fa09e4b9d16d02b58b22eb293c/6d463e2caeacd015bdba26473c564a81e7baa823f6fc7d5ef6a810053be557d0.pid\" a14=\"39100183abc56a19c2ae07206cdab399444cf7fa09e4b9d16d02b58b22eb293c\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593562.285:11546680): arch=c000003e syscall=59 success=yes exit=0 a0=c000010ef0 a1=c0001a1700 a2=c0000e6000 a3=0 items=2 ppid=3416 pid=2860950 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593562.256:11546679): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593562.256:11546678): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593562.256:11546679): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593562.256:11546678): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593562.256:11546679): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:173 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593562.256:11546678): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cc mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593562.256:11546679): cwd=\"/var/lib/docker/rootfs/overlayfs/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593562.256:11546678): cwd=\"/var/lib/docker/rootfs/overlayfs/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593562.256:11546679): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593562.256:11546679): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b830 a1=c00017f338 a2=c000181c00 a3=0 items=2 ppid=2860912 pid=2860933 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593562.256:11546678): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593562.256:11546678): arch=c000003e syscall=59 success=yes exit=0 a0=c0001cd880 a1=c0001d1350 a2=c0001d3c40 a3=0 items=2 ppid=2860913 pid=2860930 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593562.239:11546677): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F30613638333732643666643238323031363834626539383237"}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593562.239:11546677): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593562.239:11546677): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593562.239:11546676): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F34636330343638363065393965643463653631636334663763"}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593562.239:11546677): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593562.239:11546676): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593562.239:11546677): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1187677992\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748/2f9dd8b0f1380aa268d1e8a426bf95493604f3939f3898eafcf40a0a1a5e13d0.pid\" a14=\"0a68372d6fd28201684be9827a5de0d3c04e6e08d164a3049faa362bc53f9748\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593562.239:11546676): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593562.239:11546676): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593562.239:11546676): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2652970644\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d/74e5fcb5f1bf456f4750f7dca626e4033f8dd0ec19617927b959db41a0213596.pid\" a14=\"4cc046860e99ed4ce61cc4f7c543175750997c08579b75447cbf7907fdb6134d\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593562.239:11546677): arch=c000003e syscall=59 success=yes exit=0 a0=c00030f810 a1=c000405f00 a2=c00017fc80 a3=0 items=2 ppid=2638 pid=2860913 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593562.239:11546676): arch=c000003e syscall=59 success=yes exit=0 a0=c0002b3a90 a1=c000394880 a2=c000394900 a3=0 items=2 ppid=3571 pid=2860912 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593562.015:11546675): proctitle=67726570003A30424238002F70726F632F6E65742F746370"}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593562.015:11546675): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6834212 dev=00:9d mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593562.015:11546675): item=0 name=\"/bin/grep\" inode=6832538 dev=00:9d mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593562.015:11546675): cwd=\"/app\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593562.015:11546675): argc=3 a0=\"grep\" a1=\":0BB8\" a2=\"/proc/net/tcp\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593562.015:11546675): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593562.015:11546675): arch=c000003e syscall=59 success=yes exit=0 a0=5d1b69f6c758 a1=5d1b39648990 a2=5d1b69f6c6e8 a3=8 items=2 ppid=2860905 pid=2860911 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"grep\" exe=\"/bin/grep\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593562.010:11546674): proctitle=2F62696E2F7368002D630067726570203A30424238202F70726F632F6E65742F746370207C7C20657869742031"}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593562.010:11546674): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6834212 dev=00:9d mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593562.010:11546674): item=0 name=\"/bin/sh\" inode=6832457 dev=00:9d mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593562.010:11546674): cwd=\"/app\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593562.010:11546674): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=67726570203A30424238202F70726F632F6E65742F746370207C7C20657869742031"}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593562.010:11546674): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593562.010:11546674): arch=c000003e syscall=59 success=yes exit=0 a0=c000196ee8 a1=c000022680 a2=c0000d88c0 a3=0 items=2 ppid=4578 pid=2860905 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593561.969:11546673): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593561.969:11546673): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593561.969:11546673): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593561.969:11546673): cwd=\"/var/lib/docker/rootfs/overlayfs/99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593561.969:11546673): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593561.969:11546673): arch=c000003e syscall=59 success=yes exit=0 a0=c0001cd890 a1=c0001d1350 a2=c0001d3c40 a3=0 items=2 ppid=2860893 pid=2860903 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593561.954:11546672): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F39393735326335353431306262366163653365353739303464"}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593561.954:11546672): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593561.954:11546672): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593561.954:11546672): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593561.954:11546672): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2781602886\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2/1fd4982d25f6f2718cd75a99d272d17dc084db693a2da1e3ffe17869910ff357.pid\" a14=\"99752c55410bb6ace3e57904dc2c1a2f503aa02b37e06267893a529d96259bd2\""}
{"ts": "2026-04-30T23:59:22Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593561.954:11546672): arch=c000003e syscall=59 success=yes exit=0 a0=c0000b90a0 a1=c000208e80 a2=c000208f00 a3=0 items=2 ppid=4578 pid=2860893 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593561.601:11546671): proctitle=2F62696E2F7368002D630070675F69737265616479202D552077696E646D696C6C5F75736572202D642077696E646D696C6C5F6462"}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593561.601:11546671): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:53 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593561.601:11546671): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:53 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593561.601:11546671): cwd=\"/\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593561.601:11546671): argc=5 a0=\"pg_isready\" a1=\"-U\" a2=\"windmill_user\" a3=\"-d\" a4=\"windmill_db\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593561.601:11546671): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593561.601:11546671): arch=c000003e syscall=59 success=yes exit=0 a0=73f65c09f3f8 a1=73f65c09f290 a2=73f65c09f378 a3=0 items=2 ppid=3688 pid=2860885 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593561.598:11546670): proctitle=2F62696E2F7368002D630070675F69737265616479202D552077696E646D696C6C5F75736572202D642077696E646D696C6C5F6462"}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593561.598:11546670): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:53 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593561.598:11546670): item=0 name=\"/bin/sh\" inode=8589166 dev=00:53 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593561.598:11546670): cwd=\"/\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593561.598:11546670): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552077696E646D696C6C5F75736572202D642077696E646D696C6C5F6462"}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593561.598:11546670): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593561.598:11546670): arch=c000003e syscall=59 success=yes exit=0 a0=c00018cf38 a1=c000022ac0 a2=c0001348c0 a3=0 items=2 ppid=2860872 pid=2860885 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593561.567:11546669): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520617065785F75736572202D6420617065785F6462"}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593561.567:11546669): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:69 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593561.567:11546669): item=0 name=\"/usr/local/bin/pg_isready\" inode=6091069 dev=00:69 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593561.567:11546669): cwd=\"/\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593561.567:11546669): argc=5 a0=\"pg_isready\" a1=\"-U\" a2=\"apex_user\" a3=\"-d\" a4=\"apex_db\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593561.567:11546669): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593561.567:11546669): arch=c000003e syscall=59 success=yes exit=0 a0=7ef6733983f8 a1=7ef673398278 a2=7ef673398378 a3=0 items=2 ppid=3652 pid=2860865 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593561.564:11546668): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520617065785F75736572202D6420617065785F6462"}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593561.564:11546668): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3456344 dev=00:69 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593561.564:11546668): item=0 name=\"/bin/sh\" inode=3454556 dev=00:69 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593561.564:11546668): cwd=\"/\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593561.564:11546668): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520617065785F75736572202D6420617065785F6462"}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593561.564:11546668): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593561.564:11546668): arch=c000003e syscall=59 success=yes exit=0 a0=c00019cf68 a1=c000022680 a2=c0001508c0 a3=0 items=2 ppid=2860853 pid=2860865 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593561.549:11546667): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593561.549:11546667): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593561.549:11546667): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:173 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593561.549:11546667): cwd=\"/var/lib/docker/rootfs/overlayfs/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593561.549:11546667): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593561.549:11546667): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5890 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=2860872 pid=2860882 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593561.533:11546666): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F32613336356335636263646565393463656638656238333338"}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593561.533:11546666): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593561.533:11546666): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593561.533:11546666): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593561.533:11546666): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3517505710\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c/4b7f54f42db5a0676a5fe0c43bcb7371e10d52b81aac285fde8a1ae6cda6fbc5.pid\" a14=\"2a365c5cbcdee94cef8eb83387301a8756e7538c1049b4c58449c0646b43c50c\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593561.533:11546666): arch=c000003e syscall=59 success=yes exit=0 a0=c00033b8f0 a1=c00037c000 a2=c00037c080 a3=0 items=2 ppid=3688 pid=2860872 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593561.519:11546665): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593561.519:11546665): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593561.519:11546665): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593561.519:11546665): cwd=\"/var/lib/docker/rootfs/overlayfs/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593561.519:11546665): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593561.519:11546665): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5890 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=2860853 pid=2860863 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593561.503:11546664): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F63316638663937643533353936653936373532306466353366"}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593561.503:11546664): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593561.503:11546664): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593561.503:11546664): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593561.503:11546664): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3706953502\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83/5d231d248f2cd74936c6abd056ed2bbcea9256e0153e8ef2a01e92e71bd58078.pid\" a14=\"c1f8f97d53596e967520df53fab27faff436876b90ee0f2e344cc170bca33f83\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593561.503:11546664): arch=c000003e syscall=59 success=yes exit=0 a0=c00042e620 a1=c000209880 a2=c000209900 a3=0 items=2 ppid=3652 pid=2860853 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593561.489:11546663): proctitle=2F62696E2F7368002D630070675F69737265616479202D552074797065626F74"}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593561.489:11546663): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:51 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593561.489:11546663): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:51 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593561.489:11546663): cwd=\"/\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593561.489:11546663): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"typebot\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593561.489:11546663): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593561.489:11546663): arch=c000003e syscall=59 success=yes exit=0 a0=754355f81278 a1=754355f811d8 a2=754355f811f8 a3=8080808080808080 items=2 ppid=3558 pid=2860845 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593561.485:11546662): proctitle=2F62696E2F7368002D630070675F69737265616479202D552074797065626F74"}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593561.485:11546662): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:51 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593561.485:11546662): item=0 name=\"/bin/sh\" inode=8589166 dev=00:51 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593561.485:11546662): cwd=\"/\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593561.485:11546662): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552074797065626F74"}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593561.485:11546662): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593561.485:11546662): arch=c000003e syscall=59 success=yes exit=0 a0=c000194f68 a1=c000022680 a2=c0000d88c0 a3=0 items=2 ppid=2860833 pid=2860845 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593561.432:11546661): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593561.432:11546661): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593561.432:11546661): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593561.432:11546661): cwd=\"/var/lib/docker/rootfs/overlayfs/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593561.432:11546661): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593561.432:11546661): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5890 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=2860833 pid=2860842 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593561.418:11546660): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F61353866643439636235323962633263336335663434343763"}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593561.418:11546660): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593561.418:11546660): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593561.418:11546660): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593561.418:11546660): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2246921134\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b/e84fd20b47aa5d7d3dc77b36b48641b18733b94294f75bbf5101fe78b2784ac0.pid\" a14=\"a58fd49cb529bc2c3c5f4447c9ccbae837530349ce554292b547968ead4cb59b\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593561.418:11546660): arch=c000003e syscall=59 success=yes exit=0 a0=c000428550 a1=c00041e880 a2=c00041e900 a3=0 items=2 ppid=3558 pid=2860833 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593561.381:11546659): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520646F63757365616C"}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593561.381:11546659): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:54 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593561.381:11546659): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:54 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593561.381:11546659): cwd=\"/\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593561.381:11546659): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"docuseal\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593561.381:11546659): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593561.381:11546659): arch=c000003e syscall=59 success=yes exit=0 a0=74f8c4356288 a1=74f8c43561e8 a2=74f8c4356208 a3=0 items=2 ppid=3223 pid=2860825 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593561.378:11546658): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520646F63757365616C"}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593561.378:11546658): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:54 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593561.378:11546658): item=0 name=\"/bin/sh\" inode=8589166 dev=00:54 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593561.378:11546658): cwd=\"/\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593561.378:11546658): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520646F63757365616C"}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593561.378:11546658): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593561.378:11546658): arch=c000003e syscall=59 success=yes exit=0 a0=c0000fcf68 a1=c000022680 a2=c0001508c0 a3=0 items=2 ppid=3223 pid=2860825 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593561.329:11546657): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593561.329:11546657): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593561.329:11546657): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593561.329:11546657): cwd=\"/var/lib/docker/rootfs/overlayfs/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593561.329:11546657): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593561.329:11546657): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b840 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=2860813 pid=2860822 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593561.314:11546656): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F33363066643730616536656237636435653039353463653966"}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593561.314:11546656): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593561.314:11546656): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593561.314:11546656): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593561.314:11546656): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2472817522\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a/c010d7ffd75a2165287dbdb134520956e007d8639eba1d13638cc80254631734.pid\" a14=\"360fd70ae6eb7cd5e0954ce9fabc3f41ec861f0028b80fa3a053269682ce489a\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593561.314:11546656): arch=c000003e syscall=59 success=yes exit=0 a0=c000401a60 a1=c000199780 a2=c000199800 a3=0 items=2 ppid=3223 pid=2860813 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593561.289:11546655): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593561.289:11546655): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=5809101 dev=00:5b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593561.289:11546655): item=0 name=\"/usr/local/bin/redis-cli\" inode=928088 dev=00:5b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593561.289:11546655): cwd=\"/data\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593561.289:11546655): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593561.289:11546655): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593561.289:11546655): arch=c000003e syscall=59 success=yes exit=0 a0=c000028760 a1=c00009f350 a2=c0001671c0 a3=0 items=2 ppid=2860793 pid=2860807 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593561.241:11546654): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593561.241:11546654): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593561.241:11546654): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593561.241:11546654): cwd=\"/var/lib/docker/rootfs/overlayfs/7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593561.241:11546654): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593561.241:11546654): arch=c000003e syscall=59 success=yes exit=0 a0=c00024d880 a1=c000251350 a2=c000253c40 a3=0 items=2 ppid=2860793 pid=2860802 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593561.226:11546653): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F37653133646436663732366137623537636331343730633130"}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593561.226:11546653): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593561.226:11546653): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593561.226:11546653): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593561.226:11546653): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3152465883\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc/1e13c8f4e726aa5559884b658a88003c481c4a82000a70dde412bdcea1124a47.pid\" a14=\"7e13dd6f726a7b57cc1470c1039bc96afa948a1beb7503cebff44e9717c43cdc\""}
{"ts": "2026-04-30T23:59:21Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593561.226:11546653): arch=c000003e syscall=59 success=yes exit=0 a0=c0004065d0 a1=c00013b080 a2=c00013b100 a3=0 items=2 ppid=3759 pid=2860793 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593560.417:11546652): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593560.417:11546652): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593560.417:11546652): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593560.417:11546652): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593560.417:11546652): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593560.417:11546652): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593560.417:11546652): arch=c000003e syscall=59 success=yes exit=0 a0=75e2ac12cd60 a1=75e2460007c0 a2=6265ad214650 a3=8 items=2 ppid=5407 pid=2860783 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593560.417:11546651): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593560.417:11546651): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593560.417:11546651): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593560.417:11546651): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2460007c0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2860783 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593560.417:11546650): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593560.417:11546650): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593560.417:11546650): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593560.417:11546650): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2460007c0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2860783 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593560.417:11546649): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593560.417:11546649): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593560.417:11546649): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593560.417:11546649): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2460007c0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2860783 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593560.417:11546648): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593560.417:11546648): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593560.417:11546648): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593560.417:11546648): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2460007c0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2860783 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593560.417:11546647): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593560.417:11546647): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593560.417:11546647): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593560.417:11546647): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2460007c0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2860783 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593560.416:11546646): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593560.416:11546646): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593560.416:11546646): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593560.416:11546646): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e2460007c0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2860783 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593560.414:11546645): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593560.414:11546645): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593560.414:11546645): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593560.414:11546645): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593560.414:11546645): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593560.414:11546645): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593560.414:11546645): arch=c000003e syscall=59 success=yes exit=0 a0=75e2ac12cd60 a1=75e246000780 a2=6265ad214650 a3=8 items=2 ppid=5407 pid=2860782 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593560.414:11546644): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593560.414:11546644): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593560.414:11546644): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593560.414:11546644): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246000780 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2860782 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593560.414:11546643): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593560.414:11546643): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593560.414:11546643): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593560.414:11546643): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246000780 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2860782 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593560.414:11546642): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593560.414:11546642): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593560.414:11546642): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593560.414:11546642): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246000780 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2860782 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593560.414:11546641): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593560.414:11546641): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593560.414:11546641): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593560.414:11546641): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246000780 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2860782 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593560.414:11546640): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593560.414:11546640): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593560.414:11546640): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593560.414:11546640): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246000780 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2860782 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593560.414:11546639): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593560.414:11546639): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593560.414:11546639): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593560.414:11546639): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246000780 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2860782 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593560.411:11546638): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593560.411:11546638): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593560.411:11546638): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593560.411:11546638): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593560.411:11546638): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593560.411:11546638): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593560.411:11546638): arch=c000003e syscall=59 success=yes exit=0 a0=75e2ac12cd60 a1=75e246000700 a2=6265ad214650 a3=8 items=2 ppid=5407 pid=2860781 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593560.411:11546637): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593560.411:11546637): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593560.411:11546637): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593560.411:11546637): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246000700 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2860781 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593560.411:11546636): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593560.411:11546636): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593560.411:11546636): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593560.411:11546636): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246000700 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2860781 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593560.411:11546635): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593560.411:11546635): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593560.411:11546635): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593560.411:11546635): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246000700 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2860781 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593560.410:11546634): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593560.410:11546634): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593560.410:11546634): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593560.410:11546634): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246000700 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2860781 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593560.410:11546633): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593560.410:11546633): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593560.410:11546633): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593560.410:11546633): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246000700 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2860781 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593560.410:11546632): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593560.410:11546632): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593560.410:11546632): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593560.410:11546632): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e246000700 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2860781 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593560.221:11546631): proctitle=6E6F6465002D65007265717569726528276874747027292E6765742827687474703A2F2F27202B207265717569726528276F7327292E686F73746E616D652829202B20273A333030302F272C2072203D3E2070726F636573732E657869742828722E737461747573436F6465203D3D3D20323030207C7C20722E737461747573"}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593560.221:11546631): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6834212 dev=00:8f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593560.221:11546631): item=0 name=\"/usr/local/bin/node\" inode=6881221 dev=00:8f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593560.221:11546631): cwd=\"/app\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593560.221:11546631): argc=3 a0=\"node\" a1=\"-e\" a2=7265717569726528276874747027292E6765742827687474703A2F2F27202B207265717569726528276F7327292E686F73746E616D652829202B20273A333030302F272C2072203D3E2070726F636573732E657869742828722E737461747573436F6465203D3D3D20323030207C7C20722E737461747573436F6465203D3D3D2033303729203F2030203A203129292E6F6E28276572726F72272C202829203D3E2070726F636573732E6578697428312929"}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593560.221:11546631): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593560.221:11546631): arch=c000003e syscall=59 success=yes exit=0 a0=63f109589c68 a1=63f1095898f8 a2=63f109589ba8 a3=8 items=2 ppid=2860764 pid=2860770 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"node\" exe=\"/usr/local/bin/node\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593560.217:11546630): proctitle=2F62696E2F7368002D63006E6F6465202D6520227265717569726528276874747027292E6765742827687474703A2F2F27202B207265717569726528276F7327292E686F73746E616D652829202B20273A333030302F272C2072203D3E2070726F636573732E657869742828722E737461747573436F6465203D3D3D20323030"}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593560.217:11546630): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6834212 dev=00:8f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593560.217:11546630): item=0 name=\"/bin/sh\" inode=6832457 dev=00:8f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593560.217:11546630): cwd=\"/app\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593560.217:11546630): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=6E6F6465202D6520227265717569726528276874747027292E6765742827687474703A2F2F27202B207265717569726528276F7327292E686F73746E616D652829202B20273A333030302F272C2072203D3E2070726F636573732E657869742828722E737461747573436F6465203D3D3D20323030207C7C20722E737461747573436F6465203D3D3D2033303729203F2030203A203129292E6F6E28276572726F72272C202829203D3E2070726F636573732E657869742831292922"}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593560.217:11546630): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593560.217:11546630): arch=c000003e syscall=59 success=yes exit=0 a0=c00018eed8 a1=c000022ac0 a2=c000120240 a3=0 items=2 ppid=2860751 pid=2860764 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593560.171:11546629): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593560.171:11546629): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593560.171:11546629): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593560.171:11546629): cwd=\"/var/lib/docker/rootfs/overlayfs/62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593560.171:11546629): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593560.171:11546629): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b860 a1=c00017f338 a2=c000181c80 a3=0 items=2 ppid=2860751 pid=2860761 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593560.156:11546628): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36326666313836633935353866356138376238373161616432"}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593560.156:11546628): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593560.156:11546628): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593560.156:11546628): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593560.156:11546628): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2511564500\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638/71bd74ca6df8b8a0032d9a50ebf545f647e22e45ef22a9c2e8e52878bfc2cc9c.pid\" a14=\"62ff186c9558f5a87b871aad2189553b6748d81d514aec3146c01ec6c66d8638\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593560.156:11546628): arch=c000003e syscall=59 success=yes exit=0 a0=c00046c720 a1=c00041e500 a2=c00041e580 a3=0 items=2 ppid=4094 pid=2860751 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593560.023:11546627): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593560.023:11546627): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:4f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593560.023:11546627): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:4f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593560.023:11546627): cwd=\"/\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593560.023:11546627): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"postgres\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593560.023:11546627): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593560.023:11546627): arch=c000003e syscall=59 success=yes exit=0 a0=7f3856bae288 a1=7f3856bae1e8 a2=7f3856bae208 a3=0 items=2 ppid=3630 pid=2860743 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593560.020:11546626): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593560.020:11546626): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:4f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593560.020:11546626): item=0 name=\"/bin/sh\" inode=8589166 dev=00:4f mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593560.020:11546626): cwd=\"/\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593560.020:11546626): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593560.020:11546626): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593560.020:11546626): arch=c000003e syscall=59 success=yes exit=0 a0=c0001a8f78 a1=c000022680 a2=c0001508c0 a3=0 items=2 ppid=3630 pid=2860743 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593559.973:11546625): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593559.973:11546625): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593559.973:11546625): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593559.973:11546625): cwd=\"/var/lib/docker/rootfs/overlayfs/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593559.973:11546625): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593559.973:11546625): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c58a0 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=2860731 pid=2860740 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593559.960:11546624): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36373039376639343730643235616536323333306332373865"}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593559.960:11546624): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593559.960:11546624): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593559.960:11546624): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593559.960:11546624): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1934613846\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41/001b627b72b711ee0cc2935ded8d94e32d18b8ae6ce48ceab24b1c9718e55191.pid\" a14=\"67097f9470d25ae62330c278e0c2e85dfc8f9d19e1312855b18be973b4d19e41\""}
{"ts": "2026-04-30T23:59:20Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593559.960:11546624): arch=c000003e syscall=59 success=yes exit=0 a0=c0003898d0 a1=c00037e080 a2=c00037e100 a3=0 items=2 ppid=3630 pid=2860731 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593559.585:11546623): proctitle=72656469732D636C690070696E67"}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593559.585:11546623): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6694357 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593559.585:11546623): item=0 name=\"/usr/local/bin/redis-cli\" inode=6703632 dev=00:4c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593559.585:11546623): cwd=\"/data\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593559.585:11546623): argc=2 a0=\"redis-cli\" a1=\"ping\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593559.585:11546623): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593559.585:11546623): arch=c000003e syscall=59 success=yes exit=0 a0=c000028760 a1=c00009f350 a2=c00014f1c0 a3=0 items=2 ppid=2860712 pid=2860725 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"redis-cli\" exe=\"/usr/local/bin/redis-cli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593559.534:11546622): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593559.534:11546622): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593559.534:11546622): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593559.534:11546622): cwd=\"/var/lib/docker/rootfs/overlayfs/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593559.534:11546622): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593559.534:11546622): arch=c000003e syscall=59 success=yes exit=0 a0=c0001eb830 a1=c0001ef338 a2=c0001f1c00 a3=0 items=2 ppid=2860712 pid=2860722 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593559.519:11546621): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F34383062353761303034306362373564646534356436663664"}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593559.519:11546621): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593559.519:11546621): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593559.519:11546621): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593559.519:11546621): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process947481822\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af/82956ae986dd7832c316bdb6d89a7697eda300b7145adcc105d81f3b6a260ea1.pid\" a14=\"480b57a0040cb75dde45d6f6d2f486f009009c0be1f4f97f35dd3caa718ba1af\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593559.519:11546621): arch=c000003e syscall=59 success=yes exit=0 a0=c0002755e0 a1=c000154180 a2=c000154f00 a3=0 items=2 ppid=2767 pid=2860712 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593559.303:11546620): proctitle=636C616D647363616E002D2D76657273696F6E"}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593559.303:11546620): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=6689254 dev=00:30 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593559.303:11546620): item=0 name=\"/usr/bin/clamdscan\" inode=6714733 dev=00:30 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593559.303:11546620): cwd=\"/\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593559.303:11546620): argc=2 a0=\"clamdscan\" a1=\"--version\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593559.303:11546620): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593559.303:11546620): arch=c000003e syscall=59 success=yes exit=0 a0=c000027380 a1=c0000d3350 a2=c0000c9950 a3=0 items=2 ppid=2860692 pid=2860706 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"clamdscan\" exe=\"/usr/bin/clamdscan\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593559.256:11546619): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593559.256:11546619): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593559.256:11546619): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593559.256:11546619): cwd=\"/var/lib/docker/rootfs/overlayfs/60ba518f9a5f7016add1133158f649e99ef850284ee96e9bc71f602039398291\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593559.256:11546619): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593559.256:11546619): arch=c000003e syscall=59 success=yes exit=0 a0=c000310010 a1=c000316000 a2=c000318000 a3=0 items=2 ppid=2860692 pid=2860703 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593559.237:11546618): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36306261353138663961356637303136616464313133333135"}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593559.237:11546618): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593559.237:11546618): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593559.237:11546618): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/60ba518f9a5f7016add1133158f649e99ef850284ee96e9bc71f602039398291\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593559.237:11546618): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/60ba518f9a5f7016add1133158f649e99ef850284ee96e9bc71f602039398291/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process738538065\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/60ba518f9a5f7016add1133158f649e99ef850284ee96e9bc71f602039398291/fb85849a1690352415da1919ae44b16217eb17effb9a272357e20d787d93e835.pid\" a14=\"60ba518f9a5f7016add1133158f649e99ef850284ee96e9bc71f602039398291\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593559.237:11546618): arch=c000003e syscall=59 success=yes exit=0 a0=c000230ce0 a1=c000133280 a2=c0002de000 a3=0 items=2 ppid=3012723 pid=2860692 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593559.229:11546617): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550067726F777468626F6F6B002D6400706F737467726573"}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593559.229:11546617): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593559.229:11546617): item=0 name=\"/usr/lib/postgresql/17/bin/pg_isready\" inode=3958125 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593559.229:11546617): cwd=\"/\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593559.229:11546617): argc=5 a0=\"/usr/lib/postgresql/17/bin/pg_isready\" a1=\"-U\" a2=\"growthbook\" a3=\"-d\" a4=\"postgres\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593559.229:11546617): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593559.229:11546617): arch=c000003e syscall=59 success=yes exit=0 a0=597f72c9e890 a1=597f72d03490 a2=597f729fd970 a3=7f27826c0e70 items=2 ppid=2860683 pid=2860690 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/lib/postgresql/17/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593559.210:11546616): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550070726F6D6574686575735F61646D696E002D640070726F6D6574686575735F61646D696E"}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593559.210:11546616): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=5581428 dev=00:af mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593559.210:11546616): item=0 name=\"/usr/lib/postgresql/17/bin/pg_isready\" inode=5809487 dev=00:af mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593559.210:11546616): cwd=\"/\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593559.210:11546616): argc=5 a0=\"/usr/lib/postgresql/17/bin/pg_isready\" a1=\"-U\" a2=\"prometheus_admin\" a3=\"-d\" a4=\"prometheus_admin\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593559.210:11546616): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593559.210:11546616): arch=c000003e syscall=59 success=yes exit=0 a0=5e46a2fb83f0 a1=5e46a2f21ff0 a2=5e46a2f1d970 a3=7958c8c54e70 items=2 ppid=2860665 pid=2860689 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/lib/postgresql/17/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593559.191:11546615): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550067726F777468626F6F6B002D6400706F737467726573"}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593559.191:11546615): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593559.191:11546615): item=1 name=\"/usr/bin/perl\" inode=6956288 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593559.191:11546615): item=0 name=\"/usr/bin/pg_isready\" inode=4211279 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593559.191:11546615): cwd=\"/\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593559.191:11546615): argc=6 a0=\"/usr/bin/perl\" a1=\"/usr/bin/pg_isready\" a2=\"-U\" a3=\"growthbook\" a4=\"-d\" a5=\"postgres\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593559.191:11546615): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593559.191:11546615): arch=c000003e syscall=59 success=yes exit=0 a0=60fbc3516640 a1=60fb8f36c9a8 a2=60fbc35165d8 a3=8 items=3 ppid=2860683 pid=2860690 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/bin/perl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593559.184:11546614): proctitle=2F62696E2F7368002D630070675F69737265616479202D552067726F777468626F6F6B202D6420706F737467726573"}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593559.184:11546614): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6968454 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593559.184:11546614): item=0 name=\"/bin/sh\" inode=6954646 dev=00:a0 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593559.184:11546614): cwd=\"/\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593559.184:11546614): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552067726F777468626F6F6B202D6420706F737467726573"}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593559.184:11546614): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593559.184:11546614): arch=c000003e syscall=59 success=yes exit=0 a0=c000196eb0 a1=c000022680 a2=c000025140 a3=0 items=2 ppid=4084 pid=2860683 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/usr/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593559.166:11546613): proctitle=2F7573722F62696E2F7065726C002F7573722F62696E2F70675F69737265616479002D550070726F6D6574686575735F61646D696E002D640070726F6D6574686575735F61646D696E"}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593559.166:11546613): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=5581428 dev=00:af mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593559.166:11546613): item=1 name=\"/usr/bin/perl\" inode=5580916 dev=00:af mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593559.166:11546613): item=0 name=\"/usr/bin/pg_isready\" inode=5823482 dev=00:af mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593559.166:11546613): cwd=\"/\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593559.166:11546613): argc=6 a0=\"/usr/bin/perl\" a1=\"/usr/bin/pg_isready\" a2=\"-U\" a3=\"prometheus_admin\" a4=\"-d\" a5=\"prometheus_admin\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593559.166:11546613): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593559.166:11546613): arch=c000003e syscall=59 success=yes exit=0 a0=56d6f33ad678 a1=56d6f33ad5e0 a2=56d6f33ad610 a3=8 items=3 ppid=2860665 pid=2860689 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/bin/perl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593559.162:11546612): proctitle=2F62696E2F7368002D630070675F69737265616479202D552070726F6D6574686575735F61646D696E202D642070726F6D6574686575735F61646D696E"}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593559.162:11546612): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=5581428 dev=00:af mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593559.162:11546612): item=0 name=\"/bin/sh\" inode=5580787 dev=00:af mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593559.162:11546612): cwd=\"/\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593559.162:11546612): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D552070726F6D6574686575735F61646D696E202D642070726F6D6574686575735F61646D696E"}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593559.162:11546612): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593559.162:11546612): arch=c000003e syscall=59 success=yes exit=0 a0=c00017ae80 a1=c000022ac0 a2=c0001000c0 a3=0 items=2 ppid=2860652 pid=2860665 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/usr/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593559.138:11546611): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593559.138:11546611): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593559.138:11546611): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:173 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593559.138:11546611): cwd=\"/var/lib/docker/rootfs/overlayfs/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593559.138:11546611): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593559.138:11546611): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3830 a1=c0001f7338 a2=c0001f9c40 a3=0 items=2 ppid=2860670 pid=2860679 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593559.124:11546610): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F30326662356464303063653239313436373264356635333762"}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593559.124:11546610): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593559.124:11546610): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593559.124:11546610): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593559.124:11546610): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2450964526\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf/9848b2a119cb86efb3665dc1984970c64ac6168102b18defe64c5836c645151c.pid\" a14=\"02fb5dd00ce2914672d5f537bf8bb36a0908851493efb9e1b3038943b577e7cf\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593559.124:11546610): arch=c000003e syscall=59 success=yes exit=0 a0=c0000118a0 a1=c0003f4480 a2=c0003f4500 a3=0 items=2 ppid=4084 pid=2860670 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593559.107:11546609): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593559.107:11546609): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593559.107:11546609): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593559.107:11546609): cwd=\"/var/lib/docker/rootfs/overlayfs/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593559.107:11546609): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593559.107:11546609): arch=c000003e syscall=59 success=yes exit=0 a0=c000245880 a1=c000249350 a2=c00024bc80 a3=0 items=2 ppid=2860652 pid=2860661 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593559.094:11546608): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F39366463666130373439336431613065353531353136646432"}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593559.094:11546608): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593559.094:11546608): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593559.094:11546608): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593559.094:11546608): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process484896973\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24/92bacc6020b7e055e7e3dafa1e8828ac6268a99b0b1342a281cd8f3f297bf294.pid\" a14=\"96dcfa07493d1a0e551516dd25644707c00be275d58123d52358a7d61a7f6b24\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593559.094:11546608): arch=c000003e syscall=59 success=yes exit=0 a0=c0003403b0 a1=c00034a480 a2=c00034a500 a3=0 items=2 ppid=4402 pid=2860652 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593559.008:11546607): proctitle=6375726C002D6600687474703A2F2F6C6F63616C686F73743A31373137302F"}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593559.008:11546607): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=3566853 dev=00:8b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593559.008:11546607): item=0 name=\"/usr/bin/curl\" inode=3574788 dev=00:8b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593559.008:11546607): cwd=\"/app\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593559.008:11546607): argc=3 a0=\"curl\" a1=\"-f\" a2=\"http://localhost:17170/\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593559.008:11546607): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593559.008:11546607): arch=c000003e syscall=59 success=yes exit=0 a0=c00018d0f0 a1=c000022ac0 a2=c00013ec00 a3=0 items=2 ppid=2860633 pid=2860645 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"curl\" exe=\"/usr/bin/curl\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593558.962:11546606): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593558.962:11546606): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593558.962:11546606): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593558.962:11546606): cwd=\"/var/lib/docker/rootfs/overlayfs/5bd3e1d5545f7ec51999f8794a4b4d6cc0fd1d92f87a78cfdfb129e440cd0559\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593558.962:11546606): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593558.962:11546606): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5890 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=2860633 pid=2860642 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593558.948:11546605): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F35626433653164353534356637656335313939396638373934"}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593558.948:11546605): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593558.948:11546605): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593558.948:11546605): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/5bd3e1d5545f7ec51999f8794a4b4d6cc0fd1d92f87a78cfdfb129e440cd0559\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593558.948:11546605): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/5bd3e1d5545f7ec51999f8794a4b4d6cc0fd1d92f87a78cfdfb129e440cd0559/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2170263933\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/5bd3e1d5545f7ec51999f8794a4b4d6cc0fd1d92f87a78cfdfb129e440cd0559/28fa3ee008afe5c59e94708794223af70eb3ccfc10c68ae19571d172900f3e2b.pid\" a14=\"5bd3e1d5545f7ec51999f8794a4b4d6cc0fd1d92f87a78cfdfb129e440cd0559\""}
{"ts": "2026-04-30T23:59:19Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593558.948:11546605): arch=c000003e syscall=59 success=yes exit=0 a0=c00021eb00 a1=c0002d7100 a2=c0002d7f00 a3=0 items=2 ppid=4527 pid=2860633 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593558.778:11546604): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593558.778:11546604): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593558.778:11546604): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593558.778:11546604): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593558.778:11546604): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593558.778:11546604): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593558.778:11546604): arch=c000003e syscall=59 success=yes exit=0 a0=7faf8d900d60 a1=7faee3002860 a2=634a8a009a40 a3=8 items=2 ppid=5417 pid=2860632 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593558.778:11546603): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593558.778:11546603): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593558.778:11546603): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593558.778:11546603): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee3002860 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2860632 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593558.778:11546602): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593558.778:11546602): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593558.778:11546602): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593558.778:11546602): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee3002860 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2860632 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593558.778:11546601): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593558.778:11546601): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593558.778:11546601): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593558.778:11546601): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee3002860 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2860632 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593558.778:11546600): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593558.778:11546600): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593558.778:11546600): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593558.778:11546600): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee3002860 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2860632 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593558.778:11546599): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593558.778:11546599): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593558.778:11546599): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593558.778:11546599): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee3002860 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2860632 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593558.777:11546598): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593558.777:11546598): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593558.777:11546598): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593558.777:11546598): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee3002860 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2860632 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593558.775:11546597): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593558.775:11546597): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593558.775:11546597): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593558.775:11546597): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593558.775:11546597): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593558.775:11546597): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593558.775:11546597): arch=c000003e syscall=59 success=yes exit=0 a0=7faf8d900d60 a1=7faee3002840 a2=634a8a009a40 a3=8 items=2 ppid=5417 pid=2860631 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593558.775:11546596): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593558.775:11546596): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593558.775:11546596): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593558.775:11546596): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee3002840 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2860631 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593558.774:11546595): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593558.774:11546595): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593558.774:11546595): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593558.774:11546595): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee3002840 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2860631 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593558.774:11546594): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593558.774:11546594): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593558.774:11546594): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593558.774:11546594): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee3002840 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2860631 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593558.774:11546593): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593558.774:11546593): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593558.774:11546593): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593558.774:11546593): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee3002840 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2860631 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593558.774:11546592): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593558.774:11546592): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593558.774:11546592): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593558.774:11546592): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee3002840 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2860631 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593558.774:11546591): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593558.774:11546591): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593558.774:11546591): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593558.774:11546591): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faee3002840 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2860631 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593558.772:11546590): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593558.772:11546590): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593558.772:11546590): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593558.772:11546590): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593558.772:11546590): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593558.772:11546590): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593558.772:11546590): arch=c000003e syscall=59 success=yes exit=0 a0=7faf8d900d60 a1=7faeb7a10dc0 a2=634a8a009a40 a3=8 items=2 ppid=5417 pid=2860630 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593558.771:11546589): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593558.771:11546589): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593558.771:11546589): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593558.771:11546589): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeb7a10dc0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2860630 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593558.771:11546588): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593558.771:11546588): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593558.771:11546588): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593558.771:11546588): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeb7a10dc0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2860630 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593558.771:11546587): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593558.771:11546587): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593558.771:11546587): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593558.771:11546587): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeb7a10dc0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2860630 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593558.771:11546586): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593558.771:11546586): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593558.771:11546586): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593558.771:11546586): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeb7a10dc0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2860630 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593558.771:11546585): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593558.771:11546585): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593558.771:11546585): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593558.771:11546585): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeb7a10dc0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2860630 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593558.771:11546584): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593558.771:11546584): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593558.771:11546584): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593558.771:11546584): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeb7a10dc0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2860630 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593558.754:11546583): proctitle=6C73002F"}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593558.754:11546583): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6952479 dev=00:91 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593558.754:11546583): item=0 name=\"/usr/bin/ls\" inode=6837222 dev=00:91 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593558.754:11546583): cwd=\"/project\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593558.754:11546583): argc=2 a0=\"ls\" a1=\"/\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593558.754:11546583): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593558.754:11546583): arch=c000003e syscall=59 success=yes exit=0 a0=5c56548e16f0 a1=5c56276a6990 a2=5c56548e1698 a3=8 items=2 ppid=2860623 pid=2860629 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"ls\" exe=\"/usr/bin/ls\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593558.750:11546582): proctitle=2F62696E2F7368002D63006C73202F203E202F6465762F6E756C6C207C7C20657869742031"}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593558.750:11546582): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6952479 dev=00:91 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593558.750:11546582): item=0 name=\"/bin/sh\" inode=6834806 dev=00:91 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593558.750:11546582): cwd=\"/project\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593558.750:11546582): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=6C73202F203E202F6465762F6E756C6C207C7C20657869742031"}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593558.750:11546582): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593558.750:11546582): arch=c000003e syscall=59 success=yes exit=0 a0=c00018ae78 a1=c000022aa0 a2=c00013a320 a3=0 items=2 ppid=2860610 pid=2860623 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/usr/bin/dash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593558.708:11546581): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593558.708:11546581): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593558.708:11546581): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593558.708:11546581): cwd=\"/var/lib/docker/rootfs/overlayfs/aafc3318f2a2fddff1da5e3c92952f5057b4e21f72626d5770313f32f540051d\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593558.708:11546581): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593558.708:11546581): arch=c000003e syscall=59 success=yes exit=0 a0=c0001cd890 a1=c0001d1350 a2=c0001d3c40 a3=0 items=2 ppid=2860610 pid=2860619 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593558.694:11546580): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F61616663333331386632613266646466663164613565336339"}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593558.694:11546580): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593558.694:11546580): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593558.694:11546580): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/aafc3318f2a2fddff1da5e3c92952f5057b4e21f72626d5770313f32f540051d\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593558.694:11546580): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/aafc3318f2a2fddff1da5e3c92952f5057b4e21f72626d5770313f32f540051d/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3861688352\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/aafc3318f2a2fddff1da5e3c92952f5057b4e21f72626d5770313f32f540051d/2c2a746e803f2d59e6d6d3d4e98c49ff42b32c5ebedc1bb577c146d07a10ab16.pid\" a14=\"aafc3318f2a2fddff1da5e3c92952f5057b4e21f72626d5770313f32f540051d\""}
{"ts": "2026-04-30T23:59:18Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593558.694:11546580): arch=c000003e syscall=59 success=yes exit=0 a0=c000292280 a1=c000298000 a2=c000298080 a3=0 items=2 ppid=4396 pid=2860610 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593557.365:11546579): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593557.365:11546579): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593557.365:11546579): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593557.365:11546579): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593557.365:11546579): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593557.365:11546579): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593557.365:11546579): arch=c000003e syscall=59 success=yes exit=0 a0=76617ac47d60 a1=7660bbc48a80 a2=5669b9d93a40 a3=8 items=2 ppid=5468 pid=2860601 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593557.365:11546578): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593557.365:11546578): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593557.365:11546578): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593557.365:11546578): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48a80 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2860601 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593557.365:11546577): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593557.365:11546577): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593557.365:11546577): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593557.365:11546577): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48a80 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2860601 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593557.365:11546576): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593557.365:11546576): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593557.365:11546576): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593557.365:11546576): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48a80 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2860601 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593557.365:11546575): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593557.365:11546575): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593557.365:11546575): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593557.365:11546575): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48a80 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2860601 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593557.365:11546574): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593557.365:11546574): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593557.365:11546574): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593557.365:11546574): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48a80 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2860601 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593557.365:11546573): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593557.365:11546573): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593557.365:11546573): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593557.365:11546573): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48a80 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2860601 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593557.362:11546572): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593557.362:11546572): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593557.362:11546572): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593557.362:11546572): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593557.362:11546572): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593557.362:11546572): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593557.362:11546572): arch=c000003e syscall=59 success=yes exit=0 a0=76617ac47d60 a1=7660e9800080 a2=5669b9d93a40 a3=8 items=2 ppid=5468 pid=2860600 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593557.362:11546571): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593557.362:11546571): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593557.362:11546571): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593557.362:11546571): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660e9800080 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2860600 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593557.362:11546570): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593557.362:11546570): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593557.362:11546570): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593557.362:11546570): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660e9800080 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2860600 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593557.362:11546569): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593557.362:11546569): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593557.362:11546569): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593557.362:11546569): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660e9800080 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2860600 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593557.362:11546568): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593557.362:11546568): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593557.362:11546568): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593557.362:11546568): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660e9800080 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2860600 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593557.362:11546567): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593557.362:11546567): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593557.362:11546567): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593557.362:11546567): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660e9800080 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2860600 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593557.362:11546566): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593557.362:11546566): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593557.362:11546566): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593557.362:11546566): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660e9800080 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2860600 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593557.359:11546565): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593557.359:11546565): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593557.359:11546565): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:a9 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593557.359:11546565): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593557.359:11546565): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593557.359:11546565): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593557.359:11546565): arch=c000003e syscall=59 success=yes exit=0 a0=76617ac47d60 a1=7660bbc48680 a2=5669b9d93a40 a3=8 items=2 ppid=5468 pid=2860599 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593557.359:11546564): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593557.359:11546564): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593557.359:11546564): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593557.359:11546564): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48680 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2860599 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593557.359:11546563): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593557.359:11546563): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593557.359:11546563): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593557.359:11546563): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48680 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2860599 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593557.359:11546562): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593557.359:11546562): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593557.359:11546562): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593557.359:11546562): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48680 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2860599 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593557.359:11546561): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593557.359:11546561): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593557.359:11546561): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593557.359:11546561): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48680 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2860599 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593557.359:11546560): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593557.359:11546560): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593557.359:11546560): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593557.359:11546560): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48680 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2860599 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593557.359:11546559): proctitle=77696E646D696C6C00736572766572"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593557.359:11546559): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593557.359:11546559): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593557.359:11546559): arch=c000003e syscall=59 success=no exit=-2 a0=76617ac47d60 a1=7660bbc48680 a2=5669b9d93a40 a3=8 items=1 ppid=5468 pid=2860599 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593557.123:11546558): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520666F7267656A6F"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593557.123:11546558): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:52 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593557.123:11546558): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:52 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593557.123:11546558): cwd=\"/\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593557.123:11546558): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"forgejo\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593557.123:11546558): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593557.123:11546558): arch=c000003e syscall=59 success=yes exit=0 a0=762f63f7a278 a1=762f63f7a1d8 a2=762f63f7a1f8 a3=8080808080808080 items=2 ppid=3626 pid=2860591 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593557.119:11546557): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520666F7267656A6F"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593557.119:11546557): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:52 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593557.119:11546557): item=0 name=\"/bin/sh\" inode=8589166 dev=00:52 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593557.119:11546557): cwd=\"/\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593557.119:11546557): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520666F7267656A6F"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593557.119:11546557): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593557.119:11546557): arch=c000003e syscall=59 success=yes exit=0 a0=c00018af38 a1=c000022ac0 a2=c0001348c0 a3=0 items=2 ppid=2860578 pid=2860591 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593557.074:11546556): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593557.074:11546556): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593557.074:11546556): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593557.074:11546556): cwd=\"/var/lib/docker/rootfs/overlayfs/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593557.074:11546556): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593557.074:11546556): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5890 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=2860578 pid=2860588 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593557.060:11546555): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F32636464336430383963393436373631633432633763666334"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593557.060:11546555): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593557.060:11546555): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593557.060:11546555): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593557.060:11546555): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1930514287\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251/62ca0c9cefa523c1843b35de78c8c597d53a37e4b6562c3fdce894b1877ee1e9.pid\" a14=\"2cdd3d089c946761c42c7cfc41f431ad2beb9c2b89497f7e5a3552578b39f251\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593557.060:11546555): arch=c000003e syscall=59 success=yes exit=0 a0=c00010ba60 a1=c0003fa000 a2=c0003fa080 a3=0 items=2 ppid=3626 pid=2860578 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593557.016:11546554): proctitle=2F7573722F62696E2F6E6F646500646973742F7365727665722E6A73"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593557.016:11546554): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=6974781 dev=00:a7 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593557.016:11546554): item=0 name=\"/usr/local/bin/python3\" inode=7100313 dev=00:a7 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593557.016:11546554): cwd=\"/usr/local/src/app/packages/back-end\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593557.016:11546554): argc=3 a0=\"python3\" a1=\"-u\" a2=\"/usr/local/src/app/packages/back-end/scripts/stats_server.py\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593557.016:11546554): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593557.016:11546554): arch=c000003e syscall=59 success=yes exit=0 a0=7ffed6bf0d40 a1=162c3020 a2=16293e10 a3=8 items=2 ppid=11492 pid=2860577 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"python3\" exe=\"/usr/local/bin/python3.11\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593557.016:11546553): proctitle=2F7573722F62696E2F6E6F646500646973742F7365727665722E6A73"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593557.016:11546553): item=0 name=\"/usr/bin/node_modules/npm/bin/node-gyp-bin/python3\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593557.016:11546553): cwd=\"/usr/local/src/app/packages/back-end\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593557.016:11546553): arch=c000003e syscall=59 success=no exit=-2 a0=7ffed6bf0d40 a1=162c3020 a2=16293e10 a3=8 items=1 ppid=11492 pid=2860577 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"node\" exe=\"/usr/bin/node\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593557.016:11546552): proctitle=2F7573722F62696E2F6E6F646500646973742F7365727665722E6A73"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593557.016:11546552): item=0 name=\"/usr/lib/node_modules/npm/bin/node-gyp-bin/python3\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593557.016:11546552): cwd=\"/usr/local/src/app/packages/back-end\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593557.016:11546552): arch=c000003e syscall=59 success=no exit=-2 a0=7ffed6bf0d40 a1=162c3020 a2=16293e10 a3=8 items=1 ppid=11492 pid=2860577 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"node\" exe=\"/usr/bin/node\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593557.016:11546551): proctitle=2F7573722F62696E2F6E6F646500646973742F7365727665722E6A73"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593557.016:11546551): item=0 name=\"/usr/libexec/lib/node_modules/npm/bin/node-gyp-bin/python3\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593557.016:11546551): cwd=\"/usr/local/src/app/packages/back-end\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593557.016:11546551): arch=c000003e syscall=59 success=no exit=-2 a0=7ffed6bf0d40 a1=162c3020 a2=16293e10 a3=8 items=1 ppid=11492 pid=2860577 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"node\" exe=\"/usr/bin/node\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593557.016:11546550): proctitle=2F7573722F62696E2F6E6F646500646973742F7365727665722E6A73"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593557.016:11546550): item=0 name=\"/usr/local/src/app/node_modules/.bin/python3\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593557.016:11546550): cwd=\"/usr/local/src/app/packages/back-end\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593557.016:11546550): arch=c000003e syscall=59 success=no exit=-2 a0=7ffed6bf0d40 a1=162c3020 a2=16293e10 a3=8 items=1 ppid=11492 pid=2860577 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"node\" exe=\"/usr/bin/node\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593557.016:11546549): proctitle=2F7573722F62696E2F6E6F646500646973742F7365727665722E6A73"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593557.016:11546549): item=0 name=\"/usr/local/share/.config/yarn/link/node_modules/.bin/python3\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593557.016:11546549): cwd=\"/usr/local/src/app/packages/back-end\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593557.016:11546549): arch=c000003e syscall=59 success=no exit=-2 a0=7ffed6bf0d40 a1=162c3020 a2=16293e10 a3=8 items=1 ppid=11492 pid=2860577 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"node\" exe=\"/usr/bin/node\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593557.015:11546548): proctitle=2F7573722F62696E2F6E6F646500646973742F7365727665722E6A73"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593557.015:11546548): item=0 name=\"/usr/local/src/app/node_modules/.bin/python3\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593557.015:11546548): cwd=\"/usr/local/src/app/packages/back-end\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593557.015:11546548): arch=c000003e syscall=59 success=no exit=-2 a0=7ffed6bf0d40 a1=162c3020 a2=16293e10 a3=8 items=1 ppid=11492 pid=2860577 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"node\" exe=\"/usr/bin/node\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593557.015:11546547): proctitle=2F7573722F62696E2F6E6F646500646973742F7365727665722E6A73"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593557.015:11546547): item=0 name=\"/tmp/yarn--1777050535293-0.18640072947539443/python3\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593557.015:11546547): cwd=\"/usr/local/src/app/packages/back-end\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593557.015:11546547): arch=c000003e syscall=59 success=no exit=-2 a0=7ffed6bf0d40 a1=162c3020 a2=16293e10 a3=8 items=1 ppid=11492 pid=2860577 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"node\" exe=\"/usr/bin/node\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593557.015:11546546): proctitle=2F7573722F62696E2F6E6F646500646973742F7365727665722E6A73"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593557.015:11546546): item=0 name=\"/usr/bin/node_modules/npm/bin/node-gyp-bin/python3\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593557.015:11546546): cwd=\"/usr/local/src/app/packages/back-end\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593557.015:11546546): arch=c000003e syscall=59 success=no exit=-2 a0=7ffed6bf0d40 a1=162c3020 a2=16293e10 a3=8 items=1 ppid=11492 pid=2860577 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"node\" exe=\"/usr/bin/node\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593557.015:11546545): proctitle=2F7573722F62696E2F6E6F646500646973742F7365727665722E6A73"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593557.015:11546545): item=0 name=\"/usr/lib/node_modules/npm/bin/node-gyp-bin/python3\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593557.015:11546545): cwd=\"/usr/local/src/app/packages/back-end\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593557.015:11546545): arch=c000003e syscall=59 success=no exit=-2 a0=7ffed6bf0d40 a1=162c3020 a2=16293e10 a3=8 items=1 ppid=11492 pid=2860577 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"node\" exe=\"/usr/bin/node\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593557.015:11546544): proctitle=2F7573722F62696E2F6E6F646500646973742F7365727665722E6A73"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593557.015:11546544): item=0 name=\"/usr/libexec/lib/node_modules/npm/bin/node-gyp-bin/python3\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593557.015:11546544): cwd=\"/usr/local/src/app/packages/back-end\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593557.015:11546544): arch=c000003e syscall=59 success=no exit=-2 a0=7ffed6bf0d40 a1=162c3020 a2=16293e10 a3=8 items=1 ppid=11492 pid=2860577 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"node\" exe=\"/usr/bin/node\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593557.015:11546543): proctitle=2F7573722F62696E2F6E6F646500646973742F7365727665722E6A73"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593557.015:11546543): item=0 name=\"/usr/local/src/app/node_modules/.bin/python3\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593557.015:11546543): cwd=\"/usr/local/src/app/packages/back-end\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593557.015:11546543): arch=c000003e syscall=59 success=no exit=-2 a0=7ffed6bf0d40 a1=162c3020 a2=16293e10 a3=8 items=1 ppid=11492 pid=2860577 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"node\" exe=\"/usr/bin/node\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593557.015:11546542): proctitle=2F7573722F62696E2F6E6F646500646973742F7365727665722E6A73"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593557.015:11546542): item=0 name=\"/usr/local/share/.config/yarn/link/node_modules/.bin/python3\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593557.015:11546542): cwd=\"/usr/local/src/app/packages/back-end\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593557.015:11546542): arch=c000003e syscall=59 success=no exit=-2 a0=7ffed6bf0d40 a1=162c3020 a2=16293e10 a3=8 items=1 ppid=11492 pid=2860577 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"node\" exe=\"/usr/bin/node\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593557.015:11546541): proctitle=2F7573722F62696E2F6E6F646500646973742F7365727665722E6A73"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593557.015:11546541): item=0 name=\"/usr/local/src/app/packages/back-end/node_modules/.bin/python3\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593557.015:11546541): cwd=\"/usr/local/src/app/packages/back-end\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593557.015:11546541): arch=c000003e syscall=59 success=no exit=-2 a0=7ffed6bf0d40 a1=162c3020 a2=16293e10 a3=8 items=1 ppid=11492 pid=2860577 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"node\" exe=\"/usr/bin/node\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593557.015:11546540): proctitle=2F7573722F62696E2F6E6F646500646973742F7365727665722E6A73"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593557.015:11546540): item=0 name=\"/tmp/yarn--1777050545180-0.6694177499645813/python3\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593557.015:11546540): cwd=\"/usr/local/src/app/packages/back-end\""}
{"ts": "2026-04-30T23:59:17Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593557.015:11546540): arch=c000003e syscall=59 success=no exit=-2 a0=7ffed6bf0d40 a1=162c3020 a2=16293e10 a3=8 items=1 ppid=11492 pid=2860577 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"node\" exe=\"/usr/bin/node\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593556.221:11546539): proctitle=6373636C69006D657472696373"}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593556.221:11546539): item=0 name=\"/usr/local/bin/cscli\" inode=7117508 dev=00:65 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593556.221:11546539): cwd=\"/\""}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593556.221:11546539): argc=2 a0=\"cscli\" a1=\"metrics\""}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593556.221:11546539): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593556.221:11546539): arch=c000003e syscall=59 success=yes exit=0 a0=c000027380 a1=c0000d3350 a2=c0000c78f0 a3=0 items=1 ppid=2860542 pid=2860558 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cscli\" exe=\"/usr/local/bin/cscli\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593556.172:11546538): proctitle=636174002F746D702F66616C636F5F6865616C7468"}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593556.172:11546538): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8279763 dev=00:8c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593556.172:11546538): item=0 name=\"/bin/cat\" inode=8279592 dev=00:8c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593556.172:11546538): cwd=\"/\""}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593556.172:11546538): argc=2 a0=\"cat\" a1=\"/tmp/falco_health\""}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593556.172:11546538): arch=c000003e syscall=59 success=yes exit=0 a0=5caf1c2b6c50 a1=5caf1c2b5758 a2=5caf1c2b6bb8 a3=4 items=2 ppid=2860536 pid=2860555 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/bin/busybox\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593556.168:11546537): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593556.168:11546537): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593556.168:11546537): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:46 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593556.168:11546537): cwd=\"/var/lib/docker/rootfs/overlayfs/6e240b3263a20143aa4d507e566bf8e51d46fe0f910bdfa8ddefa9a2f73124d3\""}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593556.168:11546537): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593556.168:11546537): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5890 a1=c0001c9350 a2=c0001cbc40 a3=0 items=2 ppid=2860542 pid=2860552 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593556.165:11546536): proctitle=2F62696E2F7368002D6300636174202F746D702F66616C636F5F6865616C7468207C7C20657869742030"}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593556.165:11546536): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8279763 dev=00:8c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593556.165:11546536): item=0 name=\"/bin/sh\" inode=8279592 dev=00:8c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593556.165:11546536): cwd=\"/\""}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593556.165:11546536): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=636174202F746D702F66616C636F5F6865616C7468207C7C20657869742030"}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593556.165:11546536): arch=c000003e syscall=59 success=yes exit=0 a0=c000155cc8 a1=c0000224e0 a2=c000194e10 a3=0 items=2 ppid=2860523 pid=2860536 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593556.155:11546535): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593556.155:11546535): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:50 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593556.155:11546535): item=0 name=\"/usr/local/bin/pg_isready\" inode=6993403 dev=00:50 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593556.155:11546535): cwd=\"/\""}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593556.155:11546535): argc=3 a0=\"pg_isready\" a1=\"-U\" a2=\"postgres\""}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593556.155:11546535): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593556.155:11546535): arch=c000003e syscall=59 success=yes exit=0 a0=76b2682ea288 a1=76b2682ea1e8 a2=76b2682ea208 a3=0 items=2 ppid=2860505 pid=2860517 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"pg_isready\" exe=\"/usr/local/bin/pg_isready\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593556.150:11546534): proctitle=2F62696E2F7368002D630070675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593556.150:11546534): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:50 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593556.150:11546534): item=0 name=\"/bin/sh\" inode=8589166 dev=00:50 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593556.150:11546534): cwd=\"/\""}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593556.150:11546534): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=70675F69737265616479202D5520706F737467726573"}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593556.150:11546534): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593556.150:11546534): arch=c000003e syscall=59 success=yes exit=0 a0=c000194f68 a1=c000022680 a2=c0000d88c0 a3=0 items=2 ppid=2860505 pid=2860517 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593556.148:11546533): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36653234306233323633613230313433616134643530376535"}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593556.148:11546533): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593556.148:11546533): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593556.148:11546533): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e240b3263a20143aa4d507e566bf8e51d46fe0f910bdfa8ddefa9a2f73124d3\""}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593556.148:11546533): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e240b3263a20143aa4d507e566bf8e51d46fe0f910bdfa8ddefa9a2f73124d3/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1920493289\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e240b3263a20143aa4d507e566bf8e51d46fe0f910bdfa8ddefa9a2f73124d3/ec18d4df3bd46289def525861f3b3cf6fdde58c674de0f6e55ef678ce4bf6976.pid\" a14=\"6e240b3263a20143aa4d507e566bf8e51d46fe0f910bdfa8ddefa9a2f73124d3\""}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593556.148:11546533): arch=c000003e syscall=59 success=yes exit=0 a0=c0002d3110 a1=c0003b8480 a2=c0003b8500 a3=0 items=2 ppid=3555 pid=2860542 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593556.133:11546532): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593556.133:11546532): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593556.133:11546532): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:173 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593556.133:11546532): cwd=\"/var/lib/docker/rootfs/overlayfs/293239633a2ddf31b93206215b8746aa165b26f8930bdc103230de7930321e5e\""}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593556.133:11546532): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593556.133:11546532): arch=c000003e syscall=59 success=yes exit=0 a0=c000203c30 a1=c0000a7038 a2=c000095c40 a3=0 items=2 ppid=2860523 pid=2860532 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593556.119:11546531): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F32393332333936333361326464663331623933323036323135"}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593556.119:11546531): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593556.119:11546531): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593556.119:11546531): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/293239633a2ddf31b93206215b8746aa165b26f8930bdc103230de7930321e5e\""}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593556.119:11546531): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/293239633a2ddf31b93206215b8746aa165b26f8930bdc103230de7930321e5e/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3692582188\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/293239633a2ddf31b93206215b8746aa165b26f8930bdc103230de7930321e5e/5ef1a03a444d1978eae6c689fd20196d97d918dd155887bac0b42671af78abd1.pid\" a14=\"293239633a2ddf31b93206215b8746aa165b26f8930bdc103230de7930321e5e\""}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593556.119:11546531): arch=c000003e syscall=59 success=yes exit=0 a0=c000010920 a1=c0002cb900 a2=c0002cb980 a3=0 items=2 ppid=3980 pid=2860523 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593556.105:11546530): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593556.105:11546530): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593556.105:11546530): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593556.105:11546530): cwd=\"/var/lib/docker/rootfs/overlayfs/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39\""}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593556.105:11546530): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593556.105:11546530): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b840 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=2860505 pid=2860513 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593556.091:11546529): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F36653065616135386161643139626438656463306639353565"}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593556.091:11546529): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593556.091:11546529): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593556.091:11546529): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39\""}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593556.091:11546529): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process463852542\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39/4ee8d006c07c22b2c2b9ff418e3d017e1cffe1189a0a5a75b5045a419dac5d7b.pid\" a14=\"6e0eaa58aad19bd8edc0f955e0d8cdf54332df6bcdbac6d5a4d9c8caf6fb9c39\""}
{"ts": "2026-04-30T23:59:16Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593556.091:11546529): arch=c000003e syscall=59 success=yes exit=0 a0=c00035d6a0 a1=c000308c00 a2=c000308c80 a3=0 items=2 ppid=4000 pid=2860505 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593554.676:11546528): proctitle=77676574002D2D737069646572002D7100687474703A2F2F3132372E302E302E313A38383838"}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593554.676:11546528): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:4e mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593554.676:11546528): item=0 name=\"/usr/bin/wget\" inode=8589166 dev=00:4e mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593554.676:11546528): cwd=\"/\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593554.676:11546528): argc=4 a0=\"wget\" a1=\"--spider\" a2=\"-q\" a3=\"http://127.0.0.1:8888\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593554.676:11546528): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593554.676:11546528): arch=c000003e syscall=59 success=yes exit=0 a0=78da8a577430 a1=78da8a5773a8 a2=78da8a5773d0 a3=0 items=2 ppid=2860497 pid=2860503 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593554.673:11546527): proctitle=2F62696E2F7368002D630077676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A38383838207C7C20657869742031"}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593554.673:11546527): item=1 name=\"/lib/ld-musl-x86_64.so.1\" inode=8850973 dev=00:4e mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593554.673:11546527): item=0 name=\"/bin/sh\" inode=8589166 dev=00:4e mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593554.673:11546527): cwd=\"/\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593554.673:11546527): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=77676574202D2D737069646572202D7120687474703A2F2F3132372E302E302E313A38383838207C7C20657869742031"}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593554.673:11546527): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593554.673:11546527): arch=c000003e syscall=59 success=yes exit=0 a0=c00018cf68 a1=c000022aa0 a2=c00013a320 a3=0 items=2 ppid=2860485 pid=2860497 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/busybox\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593554.626:11546526): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593554.626:11546526): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593554.626:11546526): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593554.626:11546526): cwd=\"/var/lib/docker/rootfs/overlayfs/ab2e3743421ef3813c5eceaa1eec8c8d50314508a1b02e6d87d88698f045c5f5\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593554.626:11546526): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593554.626:11546526): arch=c000003e syscall=59 success=yes exit=0 a0=c00017b850 a1=c00017f338 a2=c000181c40 a3=0 items=2 ppid=2860485 pid=2860494 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593554.612:11546525): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F61623265333734333432316566333831336335656365616131"}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593554.612:11546525): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593554.612:11546525): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593554.612:11546525): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/ab2e3743421ef3813c5eceaa1eec8c8d50314508a1b02e6d87d88698f045c5f5\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593554.612:11546525): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/ab2e3743421ef3813c5eceaa1eec8c8d50314508a1b02e6d87d88698f045c5f5/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process132381959\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/ab2e3743421ef3813c5eceaa1eec8c8d50314508a1b02e6d87d88698f045c5f5/e50fe5eaafde3ca16b5efd4e10417bd9b8d4448ef5e683ffa77cf55c2f50f7ef.pid\" a14=\"ab2e3743421ef3813c5eceaa1eec8c8d50314508a1b02e6d87d88698f045c5f5\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593554.612:11546525): arch=c000003e syscall=59 success=yes exit=0 a0=c0002b4a10 a1=c00019db00 a2=c00019dd80 a3=0 items=2 ppid=2932 pid=2860485 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593554.400:11546524): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593554.400:11546524): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593554.400:11546524): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593554.400:11546524): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593554.400:11546524): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593554.400:11546524): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593554.400:11546524): arch=c000003e syscall=59 success=yes exit=0 a0=75e2ac12cd60 a1=75e26da2b900 a2=6265ad214650 a3=8 items=2 ppid=5407 pid=2860484 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593554.400:11546523): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593554.400:11546523): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593554.400:11546523): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593554.400:11546523): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e26da2b900 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2860484 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593554.400:11546522): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593554.400:11546522): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593554.400:11546522): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593554.400:11546522): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e26da2b900 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2860484 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593554.400:11546521): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593554.400:11546521): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593554.400:11546521): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593554.400:11546521): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e26da2b900 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2860484 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593554.399:11546520): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593554.399:11546520): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593554.399:11546520): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593554.399:11546520): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e26da2b900 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2860484 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593554.399:11546519): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593554.399:11546519): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593554.399:11546519): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593554.399:11546519): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e26da2b900 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2860484 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593554.399:11546518): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593554.399:11546518): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593554.399:11546518): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593554.399:11546518): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e26da2b900 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2860484 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593554.397:11546517): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593554.397:11546517): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593554.397:11546517): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593554.397:11546517): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593554.397:11546517): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593554.397:11546517): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593554.397:11546517): arch=c000003e syscall=59 success=yes exit=0 a0=75e2ac12cd60 a1=75e24645f7c0 a2=6265ad214650 a3=8 items=2 ppid=5407 pid=2860483 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593554.397:11546516): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593554.397:11546516): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593554.397:11546516): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593554.397:11546516): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e24645f7c0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2860483 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593554.397:11546515): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593554.397:11546515): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593554.397:11546515): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593554.397:11546515): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e24645f7c0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2860483 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593554.397:11546514): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593554.397:11546514): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593554.397:11546514): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593554.397:11546514): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e24645f7c0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2860483 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593554.397:11546513): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593554.397:11546513): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593554.397:11546513): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593554.397:11546513): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e24645f7c0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2860483 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593554.396:11546512): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593554.396:11546512): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593554.396:11546512): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593554.396:11546512): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e24645f7c0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2860483 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593554.396:11546511): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593554.396:11546511): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593554.396:11546511): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593554.396:11546511): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e24645f7c0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2860483 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593554.393:11546510): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593554.393:11546510): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=9987007 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593554.393:11546510): item=0 name=\"/usr/bin/cat\" inode=9986333 dev=00:b4 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593554.393:11546510): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593554.393:11546510): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593554.393:11546510): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593554.393:11546510): arch=c000003e syscall=59 success=yes exit=0 a0=75e2ac12cd60 a1=75e24645fec0 a2=6265ad214650 a3=8 items=2 ppid=5407 pid=2860481 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593554.393:11546509): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593554.393:11546509): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593554.393:11546509): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593554.393:11546509): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e24645fec0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2860481 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593554.393:11546508): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593554.393:11546508): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593554.393:11546508): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593554.393:11546508): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e24645fec0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2860481 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593554.393:11546507): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593554.393:11546507): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593554.393:11546507): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593554.393:11546507): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e24645fec0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2860481 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593554.393:11546506): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593554.393:11546506): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593554.393:11546506): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593554.393:11546506): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e24645fec0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2860481 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593554.393:11546505): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593554.393:11546505): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593554.393:11546505): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593554.393:11546505): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e24645fec0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2860481 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593554.393:11546504): proctitle=\"windmill\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593554.393:11546504): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593554.393:11546504): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593554.393:11546504): arch=c000003e syscall=59 success=no exit=-2 a0=75e2ac12cd60 a1=75e24645fec0 a2=6265ad214650 a3=8 items=1 ppid=5407 pid=2860481 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593553.984:11546503): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593553.984:11546503): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593553.984:11546503): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593553.984:11546503): cwd=\"/var/lib/docker/rootfs/overlayfs/b6eef535505c5b5978589dbba58145ab00c51591158662921782e671fddde370\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593553.984:11546503): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593553.984:11546503): arch=c000003e syscall=59 success=yes exit=0 a0=c0001c5870 a1=c0001c9350 a2=c0001cbc80 a3=0 items=2 ppid=2860461 pid=2860471 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593553.970:11546502): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F62366565663533353530356335623539373835383964626261"}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593553.970:11546502): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593553.970:11546502): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593553.970:11546502): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/b6eef535505c5b5978589dbba58145ab00c51591158662921782e671fddde370\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593553.970:11546502): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/b6eef535505c5b5978589dbba58145ab00c51591158662921782e671fddde370/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1442837722\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/b6eef535505c5b5978589dbba58145ab00c51591158662921782e671fddde370/33b0dd7781109ca2d6d9cdbe6db61d8b4535d85feb1786e6158d2712d8f2a93b.pid\" a14=\"b6eef535505c5b5978589dbba58145ab00c51591158662921782e671fddde370\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593553.970:11546502): arch=c000003e syscall=59 success=yes exit=0 a0=c000227680 a1=c000270100 a2=c000270180 a3=0 items=2 ppid=3802 pid=2860461 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593553.874:11546501): proctitle=77676574002D2D7175696574002D2D6E6F2D636865636B2D6365727469666963617465002D2D74726965733D31002D2D73706964657200687474703A2F2F6C6F63616C686F73743A393039312F6170692F6865616C7468"}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593553.874:11546501): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=3678029 dev=00:3c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593553.874:11546501): item=0 name=\"/usr/bin/wget\" inode=3677985 dev=00:3c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593553.874:11546501): cwd=\"/app\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593553.874:11546501): argc=6 a0=\"wget\" a1=\"--quiet\" a2=\"--no-check-certificate\" a3=\"--tries=1\" a4=\"--spider\" a5=\"http://localhost:9091/api/health\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593553.874:11546501): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593553.874:11546501): arch=c000003e syscall=59 success=yes exit=0 a0=56d698223cb0 a1=56d698223c28 a2=56d698223c60 a3=7007c5e09b38 items=2 ppid=2860453 pid=2860460 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/usr/bin/wget\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593553.868:11546500): proctitle=2F62696E2F7368002F6170702F6865616C7468636865636B2E7368"}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593553.868:11546500): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=3678029 dev=00:3c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593553.868:11546500): item=1 name=\"/bin/sh\" inode=3675124 dev=00:3c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593553.868:11546500): item=0 name=\"/app/healthcheck.sh\" inode=3682079 dev=00:3c mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593553.868:11546500): cwd=\"/app\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593553.868:11546500): argc=2 a0=\"/bin/sh\" a1=\"/app/healthcheck.sh\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593553.868:11546500): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593553.868:11546500): arch=c000003e syscall=59 success=yes exit=0 a0=c0000274b8 a1=c00002ae00 a2=c0000db1c0 a3=0 items=3 ppid=2860426 pid=2860453 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"healthcheck.sh\" exe=\"/bin/sh\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593553.869:11546499): proctitle=77676574002D2D6E6F2D766572626F7365002D2D74726965733D31002D2D73706964657200687474703A2F2F6C6F63616C686F73743A393039312F6170692F6865616C7468"}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593553.869:11546499): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=3678029 dev=00:3b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593553.869:11546499): item=0 name=\"/usr/bin/wget\" inode=3677985 dev=00:3b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593553.869:11546499): cwd=\"/app\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593553.869:11546499): argc=5 a0=\"wget\" a1=\"--no-verbose\" a2=\"--tries=1\" a3=\"--spider\" a4=\"http://localhost:9091/api/health\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593553.869:11546499): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593553.869:11546499): arch=c000003e syscall=59 success=yes exit=0 a0=64da821e55c0 a1=64da821e5540 a2=64da821e5570 a3=7a66edf2eb38 items=2 ppid=2860443 pid=2860459 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"wget\" exe=\"/usr/bin/wget\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593553.865:11546498): proctitle=2F62696E2F7368002D630077676574202D2D6E6F2D766572626F7365202D2D74726965733D31202D2D73706964657220687474703A2F2F6C6F63616C686F73743A393039312F6170692F6865616C7468207C7C20657869742031"}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593553.865:11546498): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=3678029 dev=00:3b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593553.865:11546498): item=0 name=\"/bin/sh\" inode=3675124 dev=00:3b mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593553.865:11546498): cwd=\"/app\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593553.865:11546498): argc=3 a0=\"/bin/sh\" a1=\"-c\" a2=77676574202D2D6E6F2D766572626F7365202D2D74726965733D31202D2D73706964657220687474703A2F2F6C6F63616C686F73743A393039312F6170692F6865616C7468207C7C20657869742031"}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593553.865:11546498): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593553.865:11546498): arch=c000003e syscall=59 success=yes exit=0 a0=c0000fee78 a1=c000022aa0 a2=c0000d9200 a3=0 items=2 ppid=2860423 pid=2860443 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"sh\" exe=\"/bin/sh\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593553.828:11546497): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593553.828:11546497): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593553.828:11546497): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:173 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593553.828:11546497): cwd=\"/var/lib/docker/rootfs/overlayfs/ab66ea4fa101df5daa4db29a135e222c8752757eb5ed52c6491a93f0b73700af\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593553.828:11546497): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593553.828:11546497): arch=c000003e syscall=59 success=yes exit=0 a0=c0001eb850 a1=c0001ef338 a2=c0001f1c00 a3=0 items=2 ppid=2860426 pid=2860445 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593553.823:11546496): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593553.823:11546496): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593553.823:11546496): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593553.823:11546496): cwd=\"/var/lib/docker/rootfs/overlayfs/dded6b49287cffb7eb9d3e0e8fcca16ac4bcfe7f6ea4331cbfc92babc5585263\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593553.823:11546496): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593553.823:11546496): arch=c000003e syscall=59 success=yes exit=0 a0=c0001eb850 a1=c0001ef338 a2=c0001f1c40 a3=0 items=2 ppid=2860423 pid=2860438 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593553.813:11546495): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F61623636656134666131303164663564616134646232396131"}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593553.813:11546495): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593553.813:11546495): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593553.813:11546495): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/ab66ea4fa101df5daa4db29a135e222c8752757eb5ed52c6491a93f0b73700af\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593553.813:11546495): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/ab66ea4fa101df5daa4db29a135e222c8752757eb5ed52c6491a93f0b73700af/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process3727057747\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/ab66ea4fa101df5daa4db29a135e222c8752757eb5ed52c6491a93f0b73700af/3f23bebdfd413c5076fd4885448e0343b3598e5637b992187af8f5155c6f0a8d.pid\" a14=\"ab66ea4fa101df5daa4db29a135e222c8752757eb5ed52c6491a93f0b73700af\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593553.813:11546495): arch=c000003e syscall=59 success=yes exit=0 a0=c000097210 a1=c00030b180 a2=c00030b200 a3=0 items=2 ppid=9325 pid=2860426 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593553.806:11546494): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F64646564366234393238376366666237656239643365306538"}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593553.806:11546494): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593553.806:11546494): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593553.806:11546494): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/dded6b49287cffb7eb9d3e0e8fcca16ac4bcfe7f6ea4331cbfc92babc5585263\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593553.806:11546494): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/dded6b49287cffb7eb9d3e0e8fcca16ac4bcfe7f6ea4331cbfc92babc5585263/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process2034606138\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/dded6b49287cffb7eb9d3e0e8fcca16ac4bcfe7f6ea4331cbfc92babc5585263/e815ab347b26fd4000d60ff637b9466e9cb243d8600c60bd196fc44029b810c1.pid\" a14=\"dded6b49287cffb7eb9d3e0e8fcca16ac4bcfe7f6ea4331cbfc92babc5585263\""}
{"ts": "2026-04-30T23:59:14Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593553.806:11546494): arch=c000003e syscall=59 success=yes exit=0 a0=c000156b50 a1=c00037cd00 a2=c00037cd80 a3=0 items=2 ppid=2481 pid=2860423 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593553.719:11546493): proctitle=6D617269616462002D2D64656661756C74732D65787472612D66696C653D2F7661722F6C69622F6D7973716C2F2E6D792D6865616C7468636865636B2E636E66002D2D70726F746F636F6C00736F636B6574002D42002D2D736B69702D636F6C756D6E2D6E616D6573002D650073656C65637420312066726F6D20696E666F72"}
{"ts": "2026-04-30T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593553.719:11546493): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593553.719:11546493): item=0 name=\"/usr/bin/mariadb\" inode=7117817 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593553.719:11546493): cwd=\"/\""}
{"ts": "2026-04-30T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593553.719:11546493): argc=8 a0=\"mariadb\" a1=\"--defaults-extra-file=/var/lib/mysql/.my-healthcheck.cnf\" a2=\"--protocol\" a3=\"socket\" a4=\"-B\" a5=\"--skip-column-names\" a6=\"-e\" a7=73656C65637420312066726F6D20696E666F726D6174696F6E5F736368656D612E454E47494E455320574845524520656E67696E653D27696E6E6F64622720414E4420737570706F727420696E202827594553272C202744454641554C54272C2027454E41424C45442729"}
{"ts": "2026-04-30T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593553.719:11546493): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593553.719:11546493): arch=c000003e syscall=59 success=yes exit=0 a0=5b13cb035990 a1=5b13cb0579c0 a2=5b13cb036860 a3=8 items=2 ppid=2860414 pid=2860422 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"mariadb\" exe=\"/usr/bin/mariadb\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593553.701:11546492): proctitle=6D617269616462002D2D64656661756C74732D65787472612D66696C653D2F7661722F6C69622F6D7973716C2F2E6D792D6865616C7468636865636B2E636E66002D2D70726F746F636F6C00736F636B6574002D42002D2D736B69702D636F6C756D6E2D6E616D6573002D650073656C656374204040736B69705F6E6574776F"}
{"ts": "2026-04-30T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593553.701:11546492): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593553.701:11546492): item=0 name=\"/usr/bin/mariadb\" inode=7117817 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593553.701:11546492): cwd=\"/\""}
{"ts": "2026-04-30T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593553.701:11546492): argc=8 a0=\"mariadb\" a1=\"--defaults-extra-file=/var/lib/mysql/.my-healthcheck.cnf\" a2=\"--protocol\" a3=\"socket\" a4=\"-B\" a5=\"--skip-column-names\" a6=\"-e\" a7=73656C656374204040736B69705F6E6574776F726B696E67"}
{"ts": "2026-04-30T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593553.701:11546492): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593553.701:11546492): arch=c000003e syscall=59 success=yes exit=0 a0=5b13cb035fe0 a1=5b13cb057810 a2=5b13cb0364a0 a3=8 items=2 ppid=2860414 pid=2860421 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"mariadb\" exe=\"/usr/bin/mariadb\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593553.691:11546491): proctitle=2F62696E2F62617368002F7573722F6C6F63616C2F62696E2F6865616C7468636865636B2E7368002D2D636F6E6E656374002D2D696E6E6F64625F696E697469616C697A6564"}
{"ts": "2026-04-30T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593553.691:11546491): item=2 name=\"/lib64/ld-linux-x86-64.so.2\" inode=7089648 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593553.691:11546491): item=1 name=\"/bin/bash\" inode=6963796 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593553.691:11546491): item=0 name=\"/usr/local/bin/healthcheck.sh\" inode=7348502 dev=00:89 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593553.691:11546491): cwd=\"/\""}
{"ts": "2026-04-30T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593553.691:11546491): argc=4 a0=\"/bin/bash\" a1=\"/usr/local/bin/healthcheck.sh\" a2=\"--connect\" a3=\"--innodb_initialized\""}
{"ts": "2026-04-30T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593553.691:11546491): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593553.691:11546491): arch=c000003e syscall=59 success=yes exit=0 a0=c0000289a0 a1=c000022aa0 a2=c000144320 a3=0 items=3 ppid=2860399 pid=2860414 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"healthcheck.sh\" exe=\"/usr/bin/bash\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593553.635:11546490): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593553.635:11546490): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593553.635:11546490): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593553.635:11546490): cwd=\"/var/lib/docker/rootfs/overlayfs/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-04-30T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593553.635:11546490): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593553.635:11546490): arch=c000003e syscall=59 success=yes exit=0 a0=c0001f3840 a1=c0001f7338 a2=c0001f9c40 a3=0 items=2 ppid=2860399 pid=2860408 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593553.617:11546489): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F37656465303139653363623065383839303138636162386266"}
{"ts": "2026-04-30T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593553.617:11546489): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593553.617:11546489): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593553.617:11546489): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-04-30T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593553.617:11546489): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1988506153\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7/d2d1bd428d3832763a3212e5cff38e2a5109921d547616a9c67505f6690e711b.pid\" a14=\"7ede019e3cb0e889018cab8bf0c09e5e0f9742f2ec242b172ed023e182cb56d7\""}
{"ts": "2026-04-30T23:59:13Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593553.617:11546489): arch=c000003e syscall=59 success=yes exit=0 a0=c0002b31f0 a1=c0002e7500 a2=c0002e7e00 a3=0 items=2 ppid=4475 pid=2860399 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593552.720:11546488): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593552.720:11546488): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593552.720:11546488): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593552.720:11546488): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593552.720:11546488): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.stat\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593552.720:11546488): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593552.720:11546488): arch=c000003e syscall=59 success=yes exit=0 a0=7faf8d900d60 a1=7faeb7a10d00 a2=634a8a009a40 a3=8 items=2 ppid=5417 pid=2860396 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593552.720:11546487): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593552.720:11546487): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593552.720:11546487): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593552.720:11546487): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeb7a10d00 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2860396 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593552.720:11546486): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593552.720:11546486): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593552.720:11546486): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593552.720:11546486): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeb7a10d00 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2860396 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593552.720:11546485): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593552.720:11546485): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593552.720:11546485): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593552.720:11546485): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeb7a10d00 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2860396 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593552.720:11546484): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593552.720:11546484): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593552.720:11546484): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593552.720:11546484): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeb7a10d00 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2860396 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593552.720:11546483): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593552.720:11546483): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593552.720:11546483): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593552.720:11546483): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeb7a10d00 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2860396 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593552.720:11546482): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593552.720:11546482): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593552.720:11546482): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593552.720:11546482): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeb7a10d00 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2860396 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593552.718:11546481): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593552.718:11546481): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593552.718:11546481): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593552.718:11546481): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593552.718:11546481): argc=2 a0=\"cat\" a1=\"/sys/fs/cgroup//memory.current\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593552.718:11546481): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593552.718:11546481): arch=c000003e syscall=59 success=yes exit=0 a0=7faf8d900d60 a1=7faeb7a1e2c0 a2=634a8a009a40 a3=8 items=2 ppid=5417 pid=2860395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593552.718:11546480): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593552.718:11546480): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593552.718:11546480): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593552.718:11546480): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeb7a1e2c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2860395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593552.717:11546479): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593552.717:11546479): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593552.717:11546479): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593552.717:11546479): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeb7a1e2c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2860395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593552.717:11546478): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593552.717:11546478): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593552.717:11546478): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593552.717:11546478): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeb7a1e2c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2860395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593552.717:11546477): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593552.717:11546477): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593552.717:11546477): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593552.717:11546477): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeb7a1e2c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2860395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593552.717:11546476): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593552.717:11546476): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593552.717:11546476): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593552.717:11546476): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeb7a1e2c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2860395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593552.717:11546475): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593552.717:11546475): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593552.717:11546475): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593552.717:11546475): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeb7a1e2c0 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2860395 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593552.714:11546474): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593552.714:11546474): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=8525517 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593552.714:11546474): item=0 name=\"/usr/bin/cat\" inode=8524565 dev=00:aa mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593552.714:11546474): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593552.714:11546474): argc=2 a0=\"cat\" a1=\"/proc/self/cgroup\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=BPRM_FCAPS msg=audit(1777593552.714:11546474): fver=0 fp=0 fi=0 fe=0 old_pp=00000000a80425fb old_pi=0 old_pe=00000000a80425fb old_pa=0 pp=00000000a80425fb pi=0 pe=00000000a80425fb pa=0 frootid=0"}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593552.714:11546474): arch=c000003e syscall=59 success=yes exit=0 a0=7faf8d900d60 a1=7faeb7a1e280 a2=634a8a009a40 a3=8 items=2 ppid=5417 pid=2860394 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"cat\" exe=\"/usr/bin/cat\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593552.714:11546473): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593552.714:11546473): item=0 name=\"/usr/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593552.714:11546473): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593552.714:11546473): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeb7a1e280 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2860394 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593552.714:11546472): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593552.714:11546472): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593552.714:11546472): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593552.714:11546472): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeb7a1e280 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2860394 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593552.714:11546471): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593552.714:11546471): item=0 name=\"/usr/local/sbin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593552.714:11546471): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593552.714:11546471): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeb7a1e280 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2860394 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593552.714:11546470): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593552.714:11546470): item=0 name=\"/tmp/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593552.714:11546470): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593552.714:11546470): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeb7a1e280 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2860394 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593552.714:11546469): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593552.714:11546469): item=0 name=\"/root/.local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593552.714:11546469): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593552.714:11546469): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeb7a1e280 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2860394 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593552.714:11546468): proctitle=77696E646D696C6C00776F726B6572"}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593552.714:11546468): item=0 name=\"/usr/local/bin/cat\" nametype=UNKNOWN cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0"}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593552.714:11546468): cwd=\"/usr/src/app\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593552.714:11546468): arch=c000003e syscall=59 success=no exit=-2 a0=7faf8d900d60 a1=7faeb7a1e280 a2=634a8a009a40 a3=8 items=1 ppid=5417 pid=2860394 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"tokio-runtime-w\" exe=\"/usr/src/app/windmill\" subj=docker-default key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593552.543:11546467): proctitle=72756E6300696E6974"}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593552.543:11546467): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593552.543:11546467): item=0 name=\"/proc/self/fd/6\" inode=4092559 dev=00:cb mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593552.543:11546467): cwd=\"/var/lib/docker/rootfs/overlayfs/531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593552.543:11546467): argc=2 a0=\"runc\" a1=\"init\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593552.543:11546467): arch=c000003e syscall=59 success=yes exit=0 a0=c0001eb860 a1=c0001ef338 a2=c0001f1c40 a3=0 items=2 ppid=2860376 pid=2860386 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"6\" exe=\"/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PROCTITLE msg=audit(1777593552.526:11546466): proctitle=72756E63002D2D726F6F74002F7661722F72756E2F646F636B65722F72756E74696D652D72756E632F6D6F6279002D2D6C6F67002F72756E2F636F6E7461696E6572642F696F2E636F6E7461696E6572642E72756E74696D652E76322E7461736B2F6D6F62792F35333161623839363863653834346231386230623365626166"}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593552.526:11546466): item=1 name=\"/lib64/ld-linux-x86-64.so.2\" inode=4108210 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=PATH msg=audit(1777593552.526:11546466): item=0 name=\"/usr/bin/runc\" inode=4092559 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL cap_fp=0 cap_fi=0 cap_fe=0 cap_fver=0 cap_frootid=0\u001dOUID=\"root\" OGID=\"root\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=CWD msg=audit(1777593552.526:11546466): cwd=\"/run/containerd/io.containerd.runtime.v2.task/moby/531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=EXECVE msg=audit(1777593552.526:11546466): argc=15 a0=\"runc\" a1=\"--root\" a2=\"/var/run/docker/runtime-runc/moby\" a3=\"--log\" a4=\"/run/containerd/io.containerd.runtime.v2.task/moby/531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50/log.json\" a5=\"--log-format\" a6=\"json\" a7=\"--systemd-cgroup\" a8=\"exec\" a9=\"--process\" a10=\"/tmp/runc-process1419662971\" a11=\"--detach\" a12=\"--pid-file\" a13=\"/run/containerd/io.containerd.runtime.v2.task/moby/531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50/37c4646da7967c327d6111c2e1a6e0f9884ffd8b66a7ff60bf6dc2ea1130ec32.pid\" a14=\"531ab8968ce844b18b0b3ebaf9e6e80c7b8f7cc1974293e5f9eb3ac90eba0e50\""}
{"ts": "2026-04-30T23:59:12Z", "labels": {"cluster": "docker-compose", "detected_level": "unknown", "filename": "/var/log/audit/audit.log", "job": "auditd", "service_name": "auditd", "source": "host"}, "msg": "type=SYSCALL msg=audit(1777593552.526:11546466): arch=c000003e syscall=59 success=yes exit=0 a0=c000343a60 a1=c0001a7b00 a2=c0001a7b80 a3=0 items=2 ppid=4374 pid=2860376 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=\"runc\" exe=\"/usr/bin/runc\" subj=unconfined key=\"root_commands\"\u001dARCH=x86_64 SYSCALL=execve AUID=\"unset\" UID=\"root\" GID=\"root\" EUID=\"root\" SUID=\"root\" FSUID=\"root\" EGID=\"root\" SGID=\"root\" FSGID=\"root\""}